Opened 13 years ago

Closed 13 years ago

Last modified 12 years ago

#15750 closed Bug (fixed)

smtp.EmailBackend won't use empty username/password

Reported by: thialfihar Owned by: bedmondmark
Component: Core (Mail) Version: 1.3-beta
Severity: Normal Keywords:
Cc: thialfihar, mbertheau@…, alexandrul Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Assuming settings.EMAIL_HOST_USER and/or settings.EMAIL_HOST_PASSWORD is non-empty, then something like this won't work:

connection = get_connection(host='mail.host.com', port=1234, username='', password='')
send_mail(..., connection=connection)

Because EmailBackend.__init__ does this:

    self.username = username or settings.EMAIL_HOST_USER
    self.password = password or settings.EMAIL_HOST_PASSWORD

and therefore will default to settings.EMAIL_HOST_USER and settings.EMAIL_HOST_PASSWORD.

And then EmailBackend.open() will attempt SMTP authentication:

    if self.username and self.password:
        self.connection.login(self.username, self.password)

A workaround to prevent the login then would be:

connection = get_connection(host='mail.host.com', port=1234)
connection.username = '' # or None
connection.password = '' # or None
send_mail(..., connection=connection)

A possible fix might be in EmailBackend.__init__:

    if username is None:
        self.username = settings.EMAIL_HOST_USER
    else:
        self.username = username
    if password is None:
        self.password = settings.EMAIL_HOST_PASSWORD
    else:
        self.password = password

I'm not sure whether an empty string as username and password in order to prevent SMTP authentication is frowned upon and only None should be used. If that's the case, then perhaps EmailBackend shouldn't use any defaults if, for instance, a different host is passed.

Attachments (2)

15750.diff (898 bytes ) - added by LeandroSouza 13 years ago.
Allow for empty username and/or password.
previous_patch_and_tests.diff (2.3 KB ) - added by bedmondmark 13 years ago.
Updated the previous patch to include passing tests.

Download all attachments as: .zip

Change History (11)

comment:1 by thialfihar, 13 years ago

Summary: smtp.EmailBackend won't use non-empty username/passwordsmtp.EmailBackend won't use empty username/password

comment:2 by thialfihar, 13 years ago

Cc: thialfihar added

comment:3 by Markus Bertheau, 13 years ago

Cc: mbertheau@… added

comment:4 by Jacob, 13 years ago

Easy pickings: unset
milestone: 1.4
Triage Stage: UnreviewedAccepted

by LeandroSouza, 13 years ago

Attachment: 15750.diff added

Allow for empty username and/or password.

comment:5 by LeandroSouza, 13 years ago

Easy pickings: set
Has patch: set
UI/UX: unset

Only updating the ticket status.

comment:6 by bedmondmark, 13 years ago

Owner: changed from nobody to bedmondmark

by bedmondmark, 13 years ago

Updated the previous patch to include passing tests.

comment:7 by alexandrul, 13 years ago

Cc: alexandrul added
Triage Stage: AcceptedReady for checkin

comment:8 by Jannis Leidel, 13 years ago

Resolution: fixed
Status: newclosed

In [16494]:

Fixed #15750 -- Handle empty mail server credentials gracefully. Thanks, LeandroSouza and bedmondmark.

comment:9 by Jacob, 12 years ago

milestone: 1.4

Milestone 1.4 deleted

Note: See TracTickets for help on using tickets.
Back to Top