From 8f614a08cc8970f3453c6c110ece68a8bb9b1b3b Mon Sep 17 00:00:00 2001 From: SimolZimol <70102430+SimolZimol@users.noreply.github.com> Date: Mon, 13 Apr 2026 19:10:21 +0200 Subject: [PATCH] modified: web/blueprints/group_admin.py modified: web/blueprints/site_admin.py modified: web/mailer.py --- web/blueprints/group_admin.py | 6 +++--- web/blueprints/site_admin.py | 10 +++++----- web/mailer.py | 10 ++++++++++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/web/blueprints/group_admin.py b/web/blueprints/group_admin.py index 40b7414..7915855 100644 --- a/web/blueprints/group_admin.py +++ b/web/blueprints/group_admin.py @@ -7,7 +7,7 @@ from datetime import datetime, timedelta from functools import wraps from flask import Blueprint, render_template, request, redirect, url_for, session, flash from config import Config -from mailer import send_mail, build_invite_email +from mailer import send_mail, build_invite_email, force_https_url import panel_db as db from roles import GROUP_MANAGEMENT_ROLES, GROUP_ROLE_OPTIONS, GROUP_ROLE_SET, OWNER_ONLY_ROLES, role_label @@ -145,7 +145,7 @@ def member_invite(): token = db.create_group_invite(group_id, username, email, role, session["user_id"]) invite = db.get_invite_by_token(token) - invite_url = url_for("auth.accept_invite", token=token, _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True)) mail_settings = db.get_site_mail_settings() if mail_settings: @@ -192,7 +192,7 @@ def resend_invite(invite_id): flash("No SMTP settings configured by Site Admin.", "danger") return redirect(url_for("group_admin.members")) - invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True)) subject = f"Invitation to join {session.get('group_name', 'your group')}" text_body, html_body = build_invite_email( username=invite["invited_username"], diff --git a/web/blueprints/site_admin.py b/web/blueprints/site_admin.py index 166ba76..0e1ef4d 100644 --- a/web/blueprints/site_admin.py +++ b/web/blueprints/site_admin.py @@ -6,7 +6,7 @@ from functools import wraps from datetime import datetime, timedelta from flask import Blueprint, render_template, request, redirect, url_for, session, flash from config import Config -from mailer import send_mail, build_invite_email +from mailer import send_mail, build_invite_email, force_https_url import panel_db as db from roles import GROUP_MANAGEMENT_ROLES, GROUP_ROLE_OPTIONS, GROUP_ROLE_SET, role_label @@ -278,7 +278,7 @@ def group_member_invite(group_id): token = db.create_group_invite(group_id, username, email, role, session["user_id"]) invite = db.get_invite_by_token(token) - invite_url = url_for("auth.accept_invite", token=token, _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True)) mail_settings = db.get_site_mail_settings() if mail_settings: @@ -329,7 +329,7 @@ def group_invite_resend(group_id, invite_id): if not mail_settings: flash("No SMTP settings configured.", "danger") return redirect(url_for("site_admin.group_members", group_id=group_id)) - invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True)) subject = f"Invitation to join {group['name']}" text_body, html_body = build_invite_email( username=invite["invited_username"], @@ -394,7 +394,7 @@ def user_new(): effective_role = role if group_id else "member" token = db.create_group_invite(group_id, username, email, effective_role, session["user_id"], is_site_admin=is_site_admin) - invite_url = url_for("auth.accept_invite", token=token, _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True)) mail_settings = db.get_site_mail_settings() if mail_settings: @@ -460,7 +460,7 @@ def user_invite_resend(invite_id): if not mail_settings: flash("No SMTP settings configured.", "danger") return redirect(url_for("site_admin.users")) - invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True) + invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True)) if invite["group_id"]: group = db.get_group_by_id(invite["group_id"]) subject = f"Invitation to join {group['name']}" diff --git a/web/mailer.py b/web/mailer.py index 8a91dcd..2942b98 100644 --- a/web/mailer.py +++ b/web/mailer.py @@ -1,6 +1,7 @@ import smtplib from html import escape from email.message import EmailMessage +from email.utils import formatdate, make_msgid from config import Config @@ -11,6 +12,12 @@ def build_from_header(from_email: str, from_name: str | None = None) -> str: return from_email +def force_https_url(url: str) -> str: + if url.startswith("http://"): + return "https://" + url[len("http://"):] + return url + + def build_invite_email( username: str, invite_url: str, @@ -85,6 +92,9 @@ def send_mail(settings: dict, recipient: str, subject: str, text_body: str, html msg["Subject"] = subject msg["From"] = build_from_header(settings["from_email"], settings.get("from_name")) msg["To"] = recipient + msg["Date"] = formatdate(localtime=True) + sender_domain = (settings.get("from_email", "noreply@example.com").split("@")[-1] or "example.com") + msg["Message-ID"] = make_msgid(domain=sender_domain) msg.set_content(text_body) if html_body: msg.add_alternative(html_body, subtype="html")