Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#15750 closed Bug (fixed)

smtp.EmailBackend won't use empty username/password

Reported by: thialfihar Owned by: bedmondmark
Component: Core (Mail) Version: 1.3-beta
Severity: Normal Keywords:
Cc: thialfihar, mbertheau@…, alexandrul Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Assuming settings.EMAIL_HOST_USER and/or settings.EMAIL_HOST_PASSWORD is non-empty, then something like this won't work:

connection = get_connection(host='mail.host.com', port=1234, username='', password='')
send_mail(..., connection=connection)

Because EmailBackend.__init__ does this:

    self.username = username or settings.EMAIL_HOST_USER
    self.password = password or settings.EMAIL_HOST_PASSWORD

and therefore will default to settings.EMAIL_HOST_USER and settings.EMAIL_HOST_PASSWORD.

And then EmailBackend.open() will attempt SMTP authentication:

    if self.username and self.password:
        self.connection.login(self.username, self.password)

A workaround to prevent the login then would be:

connection = get_connection(host='mail.host.com', port=1234)
connection.username = '' # or None
connection.password = '' # or None
send_mail(..., connection=connection)

A possible fix might be in EmailBackend.__init__:

    if username is None:
        self.username = settings.EMAIL_HOST_USER
    else:
        self.username = username
    if password is None:
        self.password = settings.EMAIL_HOST_PASSWORD
    else:
        self.password = password

I'm not sure whether an empty string as username and password in order to prevent SMTP authentication is frowned upon and only None should be used. If that's the case, then perhaps EmailBackend shouldn't use any defaults if, for instance, a different host is passed.

Attachments (2)

15750.diff (898 bytes) - added by LeandroSouza 4 years ago.
Allow for empty username and/or password.
previous_patch_and_tests.diff (2.3 KB) - added by bedmondmark 4 years ago.
Updated the previous patch to include passing tests.

Download all attachments as: .zip

Change History (11)

comment:1 Changed 4 years ago by thialfihar

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Summary changed from smtp.EmailBackend won't use non-empty username/password to smtp.EmailBackend won't use empty username/password

comment:2 Changed 4 years ago by thialfihar

  • Cc thialfihar added

comment:3 Changed 4 years ago by mbertheau

  • Cc mbertheau@… added

comment:4 Changed 4 years ago by jacob

  • Easy pickings unset
  • milestone set to 1.4
  • Triage Stage changed from Unreviewed to Accepted

Changed 4 years ago by LeandroSouza

Allow for empty username and/or password.

comment:5 Changed 4 years ago by LeandroSouza

  • Easy pickings set
  • Has patch set
  • UI/UX unset

Only updating the ticket status.

comment:6 Changed 4 years ago by bedmondmark

  • Owner changed from nobody to bedmondmark

Changed 4 years ago by bedmondmark

Updated the previous patch to include passing tests.

comment:7 Changed 4 years ago by alexandrul

  • Cc alexandrul added
  • Triage Stage changed from Accepted to Ready for checkin

comment:8 Changed 4 years ago by jezdez

  • Resolution set to fixed
  • Status changed from new to closed

In [16494]:

Fixed #15750 -- Handle empty mail server credentials gracefully. Thanks, LeandroSouza and bedmondmark.

comment:9 Changed 4 years ago by jacob

  • milestone 1.4 deleted

Milestone 1.4 deleted

Note: See TracTickets for help on using tickets.
Back to Top