modified: web/blueprints/group_admin.py

modified: web/blueprints/site_admin.py modified: web/mailer.py
2026-04-13 19:10:21 +02:00
parent ee66a04cb2
commit 8f614a08cc
3 changed files with 18 additions and 8 deletions
--- a/web/blueprints/group_admin.py
+++ b/web/blueprints/group_admin.py
@@ -7,7 +7,7 @@ from datetime import datetime, timedelta
 from functools import wraps
 from flask import Blueprint, render_template, request, redirect, url_for, session, flash
 from config import Config
-from mailer import send_mail, build_invite_email
+from mailer import send_mail, build_invite_email, force_https_url
 import panel_db as db
 from roles import GROUP_MANAGEMENT_ROLES, GROUP_ROLE_OPTIONS, GROUP_ROLE_SET, OWNER_ONLY_ROLES, role_label

@@ -145,7 +145,7 @@ def member_invite():

    token = db.create_group_invite(group_id, username, email, role, session["user_id"])
    invite = db.get_invite_by_token(token)
-    invite_url = url_for("auth.accept_invite", token=token, _external=True)
+    invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
    mail_settings = db.get_site_mail_settings()

    if mail_settings:
@@ -192,7 +192,7 @@ def resend_invite(invite_id):
        flash("No SMTP settings configured by Site Admin.", "danger")
        return redirect(url_for("group_admin.members"))

-    invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True)
+    invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True))
    subject = f"Invitation to join {session.get('group_name', 'your group')}"
    text_body, html_body = build_invite_email(
        username=invite["invited_username"],
--- a/web/blueprints/site_admin.py
+++ b/web/blueprints/site_admin.py
@@ -6,7 +6,7 @@ from functools import wraps
 from datetime import datetime, timedelta
 from flask import Blueprint, render_template, request, redirect, url_for, session, flash
 from config import Config
-from mailer import send_mail, build_invite_email
+from mailer import send_mail, build_invite_email, force_https_url
 import panel_db as db
 from roles import GROUP_MANAGEMENT_ROLES, GROUP_ROLE_OPTIONS, GROUP_ROLE_SET, role_label

@@ -278,7 +278,7 @@ def group_member_invite(group_id):

    token      = db.create_group_invite(group_id, username, email, role, session["user_id"])
    invite     = db.get_invite_by_token(token)
-    invite_url = url_for("auth.accept_invite", token=token, _external=True)
+    invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
    mail_settings = db.get_site_mail_settings()

    if mail_settings:
@@ -329,7 +329,7 @@ def group_invite_resend(group_id, invite_id):
    if not mail_settings:
        flash("No SMTP settings configured.", "danger")
        return redirect(url_for("site_admin.group_members", group_id=group_id))
-    invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True)
+    invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True))
    subject    = f"Invitation to join {group['name']}"
    text_body, html_body = build_invite_email(
        username=invite["invited_username"],
@@ -394,7 +394,7 @@ def user_new():
        effective_role = role if group_id else "member"
        token      = db.create_group_invite(group_id, username, email, effective_role,
                                            session["user_id"], is_site_admin=is_site_admin)
-        invite_url = url_for("auth.accept_invite", token=token, _external=True)
+        invite_url = force_https_url(url_for("auth.accept_invite", token=token, _external=True))
        mail_settings = db.get_site_mail_settings()

        if mail_settings:
@@ -460,7 +460,7 @@ def user_invite_resend(invite_id):
    if not mail_settings:
        flash("No SMTP settings configured.", "danger")
        return redirect(url_for("site_admin.users"))
-    invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True)
+    invite_url = force_https_url(url_for("auth.accept_invite", token=invite["token"], _external=True))
    if invite["group_id"]:
        group   = db.get_group_by_id(invite["group_id"])
        subject = f"Invitation to join {group['name']}"
--- a/web/mailer.py
+++ b/web/mailer.py
@@ -1,6 +1,7 @@
 import smtplib
 from html import escape
 from email.message import EmailMessage
+from email.utils import formatdate, make_msgid

 from config import Config

@@ -11,6 +12,12 @@ def build_from_header(from_email: str, from_name: str | None = None) -> str:
    return from_email


+def force_https_url(url: str) -> str:
+    if url.startswith("http://"):
+        return "https://" + url[len("http://"):]
+    return url
+
+
 def build_invite_email(
    username: str,
    invite_url: str,
@@ -85,6 +92,9 @@ def send_mail(settings: dict, recipient: str, subject: str, text_body: str, html
    msg["Subject"] = subject
    msg["From"] = build_from_header(settings["from_email"], settings.get("from_name"))
    msg["To"] = recipient
+    msg["Date"] = formatdate(localtime=True)
+    sender_domain = (settings.get("from_email", "noreply@example.com").split("@")[-1] or "example.com")
+    msg["Message-ID"] = make_msgid(domain=sender_domain)
    msg.set_content(text_body)
    if html_body:
        msg.add_alternative(html_body, subtype="html")