Merge branch 'master' into feat-abstract-db

core/admin/mailu/internal/__init__.py

@@ -1,3 +1,5 @@
+from flask_limiter import RateLimitExceeded
+
 from mailu import limiter
 
 import socket
@@ -6,6 +8,14 @@ import flask
 
 internal = flask.Blueprint('internal', __name__)
 
+@internal.app_errorhandler(RateLimitExceeded)
+def rate_limit_handler(e):
+    response = flask.Response()
+    response.headers['Auth-Status'] = 'Authentication rate limit from one source exceeded'
+    response.headers['Auth-Error-Code'] = '451 4.3.2'
+    if int(flask.request.headers['Auth-Login-Attempt']) < 10:
+        response.headers['Auth-Wait'] = '3'
+    return response
 
 @limiter.request_filter
 def whitelist_webmail():

core/admin/mailu/ui/forms.py

@@ -6,6 +6,7 @@ import flask_login
 import flask_wtf
 import re
 
+LOCALPART_REGEX = "^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+$"
 
 class DestinationField(fields.SelectMultipleField):
     """ Allow for multiple emails selection from current user choices and
@@ -49,7 +50,7 @@ class DomainForm(flask_wtf.FlaskForm):
     max_quota_bytes = fields_.IntegerSliderField(_('Maximum user quota'), default=0)
     signup_enabled = fields.BooleanField(_('Enable sign-up'), default=False)
     comment = fields.StringField(_('Comment'))
-    submit = fields.SubmitField(_('Create'))
+    submit = fields.SubmitField(_('Save'))
 
 
 class DomainSignupForm(flask_wtf.FlaskForm):
@@ -63,18 +64,18 @@ class DomainSignupForm(flask_wtf.FlaskForm):
 
 class AlternativeForm(flask_wtf.FlaskForm):
     name = fields.StringField(_('Alternative name'), [validators.DataRequired()])
-    submit = fields.SubmitField(_('Create'))
+    submit = fields.SubmitField(_('Save'))
 
 
 class RelayForm(flask_wtf.FlaskForm):
     name = fields.StringField(_('Relayed domain name'), [validators.DataRequired()])
     smtp = fields.StringField(_('Remote host'))
     comment = fields.StringField(_('Comment'))
-    submit = fields.SubmitField(_('Create'))
+    submit = fields.SubmitField(_('Save'))
 
 
 class UserForm(flask_wtf.FlaskForm):
-    localpart = fields.StringField(_('E-mail'), [validators.DataRequired()])
+    localpart = fields.StringField(_('E-mail'), [validators.DataRequired(), validators.Regexp(LOCALPART_REGEX)])
     pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
     pw2 = fields.PasswordField(_('Confirm password'), [validators.EqualTo('pw')])
     quota_bytes = fields_.IntegerSliderField(_('Quota'), default=1000000000)
@@ -86,7 +87,7 @@ class UserForm(flask_wtf.FlaskForm):
 
 
 class UserSignupForm(flask_wtf.FlaskForm):
-    localpart = fields.StringField(_('Email address'), [validators.DataRequired(), validators.Regexp("^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+$")])
+    localpart = fields.StringField(_('Email address'), [validators.DataRequired(), validators.Regexp(LOCALPART_REGEX)])
     pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
     pw2 = fields.PasswordField(_('Confirm password'), [validators.EqualTo('pw')])
     captcha = flask_wtf.RecaptchaField()
@@ -129,7 +130,7 @@ class TokenForm(flask_wtf.FlaskForm):
     ip = fields.StringField(
         _('Authorized IP'), [validators.Optional(), validators.IPAddress()]
     )
-    submit = fields.SubmitField(_('Create'))
+    submit = fields.SubmitField(_('Save'))
 
 
 class AliasForm(flask_wtf.FlaskForm):
@@ -138,7 +139,7 @@ class AliasForm(flask_wtf.FlaskForm):
         _('Use SQL LIKE Syntax (e.g. for catch-all aliases)'))
     destination = DestinationField(_('Destination'))
     comment = fields.StringField(_('Comment'))
-    submit = fields.SubmitField(_('Create'))
+    submit = fields.SubmitField(_('Save'))
 
 
 class AdminForm(flask_wtf.FlaskForm):

core/admin/mailu/ui/templates/sidebar.html

@@ -32,7 +32,9 @@
       </a>
     </li>
 
+    {% if current_user.manager_of or current_user.global_admin %}
     <li class="header">{% trans %}Administration{% endtrans %}</li>
+    {% endif %}
     {% if current_user.global_admin %}
     <li>
       <a href="{{ url_for('.announcement') }}">