Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#15750 closed Bug (fixed)

smtp.EmailBackend won't use empty username/password

Reported by: thialfihar Owned by: bedmondmark
Component: Core (Mail) Version: 1.3-beta
Severity: Normal Keywords:
Cc: thialfihar, mbertheau@…, alexandrul Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Assuming settings.EMAIL_HOST_USER and/or settings.EMAIL_HOST_PASSWORD is non-empty, then something like this won't work:

connection = get_connection(host='mail.host.com', port=1234, username='', password='')
send_mail(..., connection=connection)

Because EmailBackend.__init__ does this:

    self.username = username or settings.EMAIL_HOST_USER
    self.password = password or settings.EMAIL_HOST_PASSWORD

and therefore will default to settings.EMAIL_HOST_USER and settings.EMAIL_HOST_PASSWORD.

And then EmailBackend.open() will attempt SMTP authentication:

    if self.username and self.password:
        self.connection.login(self.username, self.password)

A workaround to prevent the login then would be:

connection = get_connection(host='mail.host.com', port=1234)
connection.username = '' # or None
connection.password = '' # or None
send_mail(..., connection=connection)

A possible fix might be in EmailBackend.__init__:

    if username is None:
        self.username = settings.EMAIL_HOST_USER
    else:
        self.username = username
    if password is None:
        self.password = settings.EMAIL_HOST_PASSWORD
    else:
        self.password = password

I'm not sure whether an empty string as username and password in order to prevent SMTP authentication is frowned upon and only None should be used. If that's the case, then perhaps EmailBackend shouldn't use any defaults if, for instance, a different host is passed.

Attachments (2)

15750.diff (898 bytes) - added by LeandroSouza 5 years ago.
Allow for empty username and/or password.
previous_patch_and_tests.diff (2.3 KB) - added by bedmondmark 5 years ago.
Updated the previous patch to include passing tests.

Download all attachments as: .zip

Change History (11)

comment:1 Changed 6 years ago by thialfihar

Summary: smtp.EmailBackend won't use non-empty username/passwordsmtp.EmailBackend won't use empty username/password

comment:2 Changed 6 years ago by thialfihar

Cc: thialfihar added

comment:3 Changed 6 years ago by Markus Bertheau

Cc: mbertheau@… added

comment:4 Changed 6 years ago by Jacob

Easy pickings: unset
milestone: 1.4
Triage Stage: UnreviewedAccepted

Changed 5 years ago by LeandroSouza

Attachment: 15750.diff added

Allow for empty username and/or password.

comment:5 Changed 5 years ago by LeandroSouza

Easy pickings: set
Has patch: set
UI/UX: unset

Only updating the ticket status.

comment:6 Changed 5 years ago by bedmondmark

Owner: changed from nobody to bedmondmark

Changed 5 years ago by bedmondmark

Updated the previous patch to include passing tests.

comment:7 Changed 5 years ago by alexandrul

Cc: alexandrul added
Triage Stage: AcceptedReady for checkin

comment:8 Changed 5 years ago by Jannis Leidel

Resolution: fixed
Status: newclosed

In [16494]:

Fixed #15750 -- Handle empty mail server credentials gracefully. Thanks, LeandroSouza and bedmondmark.

comment:9 Changed 5 years ago by Jacob

milestone: 1.4

Milestone 1.4 deleted

Note: See TracTickets for help on using tickets.
Back to Top