A SMTP server for use as a pytest fixture that implements encryption and authentication.

Last update: Sep 03, 2022

Overview

SMTPDFix: Test email, locally

A simple SMTP server based on aiosmtpd for use as a fixture with pytest that supports encryption and authentication. All this does is receives messages and appends them to a list as an email.Message.

⚠ Not intended for use with production systems. ⚠

This fixture is intended to address cases where to test an application that sends an email, it needs to be intercepted for subsequent processing. For example, sending an email with a code for password reset or two-factor authentication. This fixture allows a test to trigger the email being sent, ensure that it's sent, and read the email.

Installing

To install using pip, first upgrade pip to the latest version to avoid any issues installing cryptography:

$ python -m pip install --upgrade pip
$ pip install smtpdfix

Or, if you're using setuptools, it can be included in the extras_require argument of a setup.py file:

setup(
    ...
    extras_require={
        "test": [
            "pytest",
            "smtpdfix",
        ],
    },
)

and then installed with pip (-e assumes that you want your project to be editable):

$ python -m pip install --upgrade pip
$ pip install -e .[test]

Using

The SMTPDFix plugin, smtpd, automatically registers for use with pytest when you install smtpdfix. To use it simply add to you test method.

from smtplib import SMTP


def test_sendmail(smtpd):
    from_addr = "[email protected]"
    to_addrs = "[email protected]"
    msg = (f"From: {from_addr}\r\n"
           f"To: {to_addrs}\r\n"
           f"Subject: Foo\r\n\r\n"
           f"Foo bar")

    with SMTP(smtpd.hostname, smtpd.port) as client:
        client.sendmail(from_addr, to_addrs, msg)

    assert len(smtpd.messages) == 1

To use STARTTLS:

from smtplib import SMTP


def test_sendmail(smtpd):
    smptd.config.use_starttls = True
    from_ = "[email protected]"
    to_ = "[email protected]"
    msg = (f"From: {from_}\r\n"
           f"To: {to_}\r\n"
           f"Subject: Foo\r\n\r\n"
           f"Foo bar")

    with SMTP(smtpd.hostname, smtpd.port) as client:
        client.starttls()  # Note that you need to call starttls first.
        client.sendmail(from_addr, to_addrs, msg)

    assert len(smtpd.messages) == 1

As of version 0.2.7 the plugin automatically registers and it is not necessary to include it manually by adding pytest_plugins = "smtpdfix" to the module or conftest.py.

The certificates included with the fixture will work for addresses localhost, localhost.localdomain, 127.0.0.1, 0.0.0.1, ::1. If using other addresses the key (key.pem) and certificate (cert.pem) must be in a location specified under SMTP_SSL_CERTS_PATH.

Not as a fixture

In some situations it may be desirable to not use the fixture which is initialized before entering the test. This can be accomplished by using the SMTPDFix class.

from smtplib import SMTP

from smtpdfix import SMTPDFix


def test_smtpdfix(msg):
    hostname, port = "127.0.0.1", 8025

    with SMTPDFix(hostname, port) as smtpd:
        with SMTP(hostname, port) as client:
            from_addr = "[email protected]"
            to_addrs = "[email protected]"
            msg = (f"From: {from_addr}\r\n"
                   f"To: {to_addrs}\r\n"
                   f"Subject: Foo\r\n\r\n"
                   f"Foo bar")

            client.sendmail(from_addr, to_addrs, msg)

        assert len(smtpd.messages) == 1

Configuration

Configuration is handled through properties in the config of the fixture and are initially set from environment variables:

Property	Variable	Default	Description
`host`	`SMTPD_HOST`	`127.0.0.1` or `::1`	The hostname that the fixture will listen on.
`port`	`SMTPD_PORT`	`8025`	The port that the fixture will listen on.
`ready_timeout`	`SMTPD_READY_TIMEOUT`	`5.0`	The seconds the server will wait to start before raising a `TimeoutError`.
`login_username`	`SMTPD_LOGIN_NAME`	`user`
`login_password`	`SMTPD_LOGIN_PASSWORD`	`password`
`use_ssl`	`SMTPD_USE_SSL`	`False`	Whether the fixture should use fixed TLS/SSL for transactions. If using smtplib requires that `SMTP_SSL` be used instead of `SMTP`.
`use_starttls`	`SMTPD_USE_STARTTLS`	`False`	Whether the fixture should use StartTLS to encrypt the connections. If using `smtplib` requires that `SMTP.starttls()` is called before other commands are issued. Overrides `use_tls` as the preferred method for securing communications with the client.
`enforce_auth`	`SMTPD_ENFORCE_AUTH`	`False`	If set to true then the fixture refuses MAIL, RCPT, DATA commands until authentication is completed.
`ssl_cert_path`	`SMTPD_SSL_CERTS_PATH`	`./certs/`	The path to the key and certificate in PEM format for encryption with SSL/TLS or StartTLS.
`ssl_cert_files`	`SMTPD_SSL_CERT_FILE` and `SMTPD_SSL_KEY_FILE`	`("cert.pem", None)`	A tuple of the path for the certificate file and key file in PEM format. See Resolving certificate and key paths for more details.

If environment variables are included in a .env file they'll be loaded automatically.

Resolving certificate and key paths

In order to resolve the certificate and key paths for the SSL/TLS context SMTPDFix does the following:

On initialization of a smtpdfix.Config the ssl_cert_path is set by the SMTPD_SSL_CERTS_PATH environment variable and the ssl_cert_files is set to a tuple of (SMTPD_SSL_CERT_FILE and SMTPD_SSL_KEY_FILE). If the environment variables are not set the deafults are used.
If an SSL Context is needed, when the smptdfix.AuthController is initialized it will attempt to find the files in the following sequence for both the certificate file and the key file:
1. If the value in ssl_cert_files is None then None is returned. Setting the key file to be none assumes that it has been included in the certificate file.
2. If the value in ssl_cert_files is a valid path to a file then this is returned.
3. ssl_cert_path and the value from ssl_cert_files are joined and returned if it a valid path to a file.
4. A FileNotFoundError is raised.

An example, assuming that the certificate and key are written in a single PEM file located at ./certificates/localhost.cert.pem would be:

from smtplib import STMP_SSL


def test_custom_certificate(smtpd):
    smtpd.config.ssl_cert_files = "./certificates/localhost.cert.pem"
    smtpd.config.use_ssl = True

    from_ = "[email protected]"
    to_ = "[email protected]"
    msg = (f"From: {from_}\r\n"
           f"To: {to_}\r\n"
           f"Subject: Foo\r\n\r\n"
           f"Foo bar")

    with SMTP_SSL(smtpd.hostname, smtpd.port) as client:
        client.sendmail(from_addr, to_addrs, msg)

    assert len(smtpd.messages) == 1

Alternatives

Many libraries for sending email have built-in methods for testing and using these methods should generally be prefered over SMTPDFix. Some known solutions:

fastapi-mail: has a record_messsages() method to intercept the mail. Instructions on how to suppress the sending of mail and implement it can be seen at https://sabuhish.github.io/fastapi-mail/example/#unittests-using-fastapimail
flask-mail: has a method to suppress sending and capture the email for testing purposes. Instructions

Developing

To develop and test smtpdfix you will need to install pytest-asyncio to run asynchronous tests, isort to sort imports and flake8 to lint. To install in a virtual environment for development:

$ python -m venv venv
$ ./venv/scripts/activate
$ pip install -e .[dev]

Code is tested using tox:

$ tox

Quick tests can be handled by running pytest directly:

$ pytest -p no:smtpd --cov

Before submitting a pull request with your changes you should ensure that all imports are sorted and that the code passes linting with flake8.

$ isort .
$ flake8 .

If you have upgraded or added any requirements you should add them to setup.py along with the minimal constraints needed for the functionality. The requirements.txt file can then be updated by running:

$ bash ./scripts/fix-requirements.sh .

Known Issues

Firewalls may interfere with the operation of the smtp server.
Authenticating with LOGIN and PLAIN mechanisms fails over TLS/SSL, but works with STARTTLS. Issue #10
Currently no support for termination through signals. Issue #4
If the fixture start exceeds the ready_timeout and aborts the host and port are not consistently released and subsequent uses may result in an error. Issue #80

Comments

Bump isort from 5.6.4 to 5.7.0
Bumps isort from 5.6.4 to 5.7.0.

Release notes

Sourced from isort's releases.

5.7.0 December 30th 2020

Fixed #1612: In rare circumstances an extra comma is added after import and before comment.

Fixed #1593: isort encounters bug in Python 3.6.0.

Implemented #1596: Provide ways for extension formatting and file paths to be specified when using streaming input from CLI.

Implemented #1583: Ability to output and diff within a single API call to isort.file.

Implemented #1562, #1592 & #1593: Better more useful fatal error messages.

Implemented #1575: Support for automatically fixing mixed indentation of import sections.

Implemented #1582: Added a CLI option for skipping symlinks.

Implemented #1603: Support for disabling float_to_top from the command line.

Implemented #1604: Allow toggling section comments on and off for indented import sections.

Changelog

Sourced from isort's changelog.

5.7.0 December 30th 2020

Fixed #1612: In rare circumstances an extra comma is added after import and before comment.

Fixed #1593: isort encounters bug in Python 3.6.0.

Implemented #1596: Provide ways for extension formatting and file paths to be specified when using streaming input from CLI.

Implemented #1583: Ability to output and diff within a single API call to isort.file.

Implemented #1562, #1592 & #1593: Better more useful fatal error messages.

Implemented #1575: Support for automatically fixing mixed indentation of import sections.

Implemented #1582: Added a CLI option for skipping symlinks.

Implemented #1603: Support for disabling float_to_top from the command line.

Implemented #1604: Allow toggling section comments on and off for indented import sections.

Commits

473d150 Merge in lastest from develop for 5.7.0

a8f4ff3 Regenerate config option docs

681b26c Add @dwanderson-intel, Quentin Santos (@qsantos), and @gofr to acknowledgements

8372d71 Bump to version 5.7.0

3eb14eb 100% test coverage

8e70db8 100% test coverage for new identify module

0383c36 Fix indented identification isort

15502c8 Expose ImportKey from main isort import

69a89c0 Add additional identification test cases

8b83d56 Fix handling of yield and raise statements in import identification

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 5
Bump github/codeql-action from 2.1.35 to 2.1.37
Bumps github/codeql-action from 2.1.35 to 2.1.37.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.1.37 - 14 Dec 2022

Update default CodeQL bundle version to 2.11.6. #1433

2.1.36 - 08 Dec 2022

Update default CodeQL bundle version to 2.11.5. #1412

Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. #1393

Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify virtualenvs.in-project = true in their poetry.toml. #1419.

2.1.35 - 01 Dec 2022

No user facing changes.

2.1.34 - 25 Nov 2022

Update default CodeQL bundle version to 2.11.4. #1391

Fixed a bug where some the init action and the analyze action would have different sets of experimental feature flags enabled. #1384

2.1.33 - 16 Nov 2022

Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in CodeQL Action version 2.1.27. #1322

Bump the minimum CodeQL bundle version to 2.6.3. #1358

2.1.32 - 14 Nov 2022

Update default CodeQL bundle version to 2.11.3. #1348

Update the ML-powered additional query pack for JavaScript to version 0.4.0. #1351

2.1.31 - 04 Nov 2022

The rb/weak-cryptographic-algorithm Ruby query has been updated to no longer report uses of hash functions such as MD5 and SHA1 even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the github/codeql repository. #1344

2.1.30 - 02 Nov 2022

Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as ubuntu-22.04 that uses glibc version 2.34 and later. #1334

2.1.29 - 26 Oct 2022

Update default CodeQL bundle version to 2.11.2. #1320

2.1.28 - 18 Oct 2022

Update default CodeQL bundle version to 2.11.1. #1294

... (truncated)

Commits

959cbb7 Merge pull request #1436 from github/update-v2.1.37-d58039a1

10ca836 Update changelog for v2.1.37

d58039a Merge pull request #1435 from github/orhantoy/add-CODE_SCANNING_REF-tests

37a4496 Merge pull request #1433 from github/henrymercer/use-codeql-2.11.6

b7028af Make sure env is reset between tests

f629dad Merge branch 'main' into henrymercer/use-codeql-2.11.6

ccee4c6 Add tests for CODE_SCANNING_REF

899bf9c Merge pull request #1432 from github/henrymercer/init-post-telemetry

dd7c3ef Remove debugging log statements

b7b875e Reuse existing fields in post-init status report

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @bebleo.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 4
Bump actions/setup-python from 2.3.1 to 2.3.2
Bumps actions/setup-python from 2.3.1 to 2.3.2.

Release notes

Sourced from actions/setup-python's releases.

Update primary and restore keys for pip

In scope of this release we include a version of python in restore and primary cache keys for pip. Besides, we add temporary fix for Windows caching issue, that the pip cache dir command returns non zero exit code or writes to stderr. Moreover we updated node-fetch dependency.

Commits

7f80679 Add fix for Windows caching of pip (#332)

dc9de69 Update node-fetch from 2.6.6 to 2.6.7 (#327)

ba33a69 Include Python version in pip cache key (#303)

156361d Fix ci for pipenv and reduce test matrix (#323)

9a11568 README.md: Bring Python versions up to date (#256)

3a40ba0 Fix small typo in README (comma missing) (#277)

fa17801 Fix typo in README.md (#224)

6277dd1 Fix build command (#306)

2b732b8 Removing a non-existent command from the documentation (#293)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 4
Bump actions/checkout from 1f9a0c22da41e6ebfa534300ef656657ea2c6707 to bf085276cecdb0cc76fbbe0687a5a0e786646936
Bumps actions/checkout from 1f9a0c22da41e6ebfa534300ef656657ea2c6707 to bf085276cecdb0cc76fbbe0687a5a0e786646936.

Changelog

Sourced from actions/checkout's changelog.

Changelog

v3.1.0

Use @actions/core saveState and getState

Add github-server-url input

v3.0.2

Add input set-safe-directory

v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

Bumped various npm package versions

v3.0.0

Update to node 16

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line

Add input persist-credentials

Fallback to REST API to download repo

... (truncated)

Commits

bf08527 wrap pipeline commands for submoduleForeach in quotes (#964)

5c3ccc2 Replace datadog/squid with ubuntu/squid Docker image (#1002)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 3
socket.gaierror: [Errno 8] nodename nor servname provided, or not known
Dear James,

first things first: Thanks a stack for conceiving and maintaining this excellent package. It is tremendously helpful for conducting full system tests.

We are currently in the process of giving some love to an abandoned Python project over at [1,2], where we would like to use smtpdfix to verify email delivery within the test harness.

When starting with smtpdfix, we quickly ran into #89. However, we were happy to find #95, which already removed that feature. Other than the potential hiccup for some users where socket.gethostbyname() croaks, we believe it will be a great enhancement because the service will be available for consumption instantly, without going through key material and certificate generation, right?

So, we already recognized you were preparing version 0.4.0, at #144. May we humbly ask if you could publish version 0.4.0 to PyPI to make it available for pulling it into downstream projects? We think it would be a great benefit for the community. Please let us know if there are some blockers where we may be able to help out.

With kind regards, Andreas.

[1] https://github.com/isarengineering/SecPi [2] https://github.com/SecPi/SecPi/issues/120

Describe the bug When the library is initializing, it croaks like:

# Generate public certificate hostname = socket.gethostname() > ip = socket.gethostbyname(hostname) E socket.gaierror: [Errno 8] nodename nor servname provided, or not known .venv/lib/python3.10/site-packages/smtpdfix/certs.py:35: gaierror

To Reproduce It happens on slightly misconfigured systems where the designated hostname does not resolve to an IP address.

>>> import socket >>> socket.gethostbyname(socket.gethostname()) Traceback (most recent call last): File "<stdin>", line 1, in <module> socket.gaierror: [Errno 8] nodename nor servname provided, or not known

Expected behavior The library should work instantly by starting an SMTP server on port 8025.

Environment (please complete the following information):

macOS 10.15.7

Python 3.10

smtpdfix 0.3.3

bug
opened by amotl 3
Bump actions/checkout from b0e28b5ac45a892f91e7d036f8200cf5ed489415 to 3.0.2
Bumps actions/checkout from b0e28b5ac45a892f91e7d036f8200cf5ed489415 to 3.0.2. This release includes the previously tagged commit.

Release notes

Sourced from actions/checkout's releases.

v3.0.2

What's Changed

Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770

Prepare changelog for v3.0.2. by @TingluoHuang in actions/checkout#777

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v3.0.2

Add input set-safe-directory

v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

Bumped various npm package versions

v3.0.0

Update to node 16

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line

Add input persist-credentials

Fallback to REST API to download repo

v2 (beta)

Improved fetch performance

... (truncated)

Commits

2541b12 Prepare changelog for v3.0.2. (#777)

0ffe6f9 Add set-safe-directory input to allow customers to take control. (#770)

dcd71f6 Enforce safe directory (#762)

add3486 Patch to fix the dependbot alert. (#744)

5126516 Bump minimist from 1.2.5 to 1.2.6 (#741)

d50f8ea Add v3.0 release information to changelog (#740)

2d1c119 update test workflows to checkout v3 (#709)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 3
Bump actions/setup-python from 3.1.2 to 4
Bumps actions/setup-python from 3.1.2 to 4.

Release notes

Sourced from actions/setup-python's releases.

v4.0.0

What's Changed

Support for python-version-file input: #336

Example of usage:

- uses: actions/[email protected] with: python-version-file: '.python-version' # Read python version from a file - run: python my_script.py

There is no default python version for this setup-python major version, the action requires to specify either python-version input or python-version-file input. If the python-version input is not specified the action will try to read required version from file from python-version-file input.

Use pypyX.Y for PyPy python-version input: #349

Example of usage:

- uses: actions/[email protected] with: python-version: 'pypy3.9' # pypy-X.Y kept for backward compatibility - run: python my_script.py

RUNNER_TOOL_CACHE environment variable is equal AGENT_TOOLSDIRECTORY: #338

Bugfix: create missing pypyX.Y symlinks: #347

PKG_CONFIG_PATH environment variable: #400

Added python-path output: #405 python-path output contains Python executable path.

Updated zeit/ncc to vercel/ncc package: #393

Bugfix: fixed output for prerelease version of poetry: #409

Made pythonLocation environment variable consistent for Python and PyPy: #418

Bugfix for 3.x-dev syntax: #417

Other improvements: #318 #396 #384 #387 #388

Commits

d09bd5e fix: 3.x-dev can install a 3.y version (#417)

f72db17 Made env.var pythonLocation consistent for Python and PyPy (#418)

53e1529 add support for python-version-file (#336)

3f82819 Fix output for prerelease version of poetry (#409)

397252c Update zeit/ncc to vercel/ncc (#393)

de977ad Merge pull request #412 from vsafonkin/v-vsafonkin/fix-poetry-cache-test

22c6af9 Change PyPy version to rebuild cache

081a3cf Merge pull request #405 from mayeut/interpreter-path

ff70656 feature: add a python-path output

fff15a2 Use pypyX.Y for PyPy python-version input (#349)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 3
Bump ossf/scorecard-action from 2.0.6 to 2.1.2
Bumps ossf/scorecard-action from 2.0.6 to 2.1.2.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.1.2

What's Changed

Fixes

🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by @spencerschrock in ossf/scorecard-action#1054

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2

v2.1.1

Scorecard version

This release use Scorecard's v4.10.1

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1

v2.1.0

What's Changed

Scorecard version

This release uses scorecard v4.10.0.

Improvements

Docker build workflow by @naveensrinivasan in ossf/scorecard-action#981

Use root user in distroless to support GitHub Actions by @spencerschrock in ossf/scorecard-action#994

Disable pull_request_target by @laurentsimon in ossf/scorecard-action#1031

Documentation

Add PAT section explaining risks by @olivekl in ossf/scorecard-action#1024

Make the badge text easier to copy by @rajbos in ossf/scorecard-action#1026

New Contributors

@joycebrum made their first contribution in ossf/scorecard-action#984

@rajbos made their first contribution in ossf/scorecard-action#1026

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0

Commits

e38b190 Bump docker tag for release. (#1055)

7da02bf Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (#1054)

013c0f8 :seedling: Bump actions/dependency-review-action from 3.0.1 to 3.0.2

f93c094 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.37

ce8978e :seedling: Bump actions/upload-artifact from 3.1.0 to 3.1.1

5ce49db :seedling: Bump actions/setup-go from 3.4.0 to 3.5.0

15c10fc Update tag to v2.1.1 (#1047)

f96da1a :seedling: Update scorecard for the panic (#1045)

813a825 Complete the list of required actions (#1044)

be62ea8 Update RELEASE.md (#1042)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @bebleo.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 2
Bump github/codeql-action from 1.1.6 to 2.1.22
⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps github/codeql-action from 1.1.6 to 2.1.22.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.1.22 - 01 Sep 2022

Downloading CodeQL packs has been moved to the init step. Previously, CodeQL packs were downloaded during the analyze step. #1218

Update default CodeQL bundle version to 2.10.4. #1224

The newly released Poetry 1.2 is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.

2.1.21 - 25 Aug 2022

Improve error messages when the code scanning configuration file includes an invalid queries block or an invalid query-filters block. #1208

Fix a bug where Go build tracing could fail on Windows. #1209

2.1.20 - 22 Aug 2022

No user facing changes.

2.1.19 - 17 Aug 2022

Add the ability to filter queries from a code scanning run by using the query-filters option in the code scanning configuration file. #1098

In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. #1159

Update default CodeQL bundle version to 2.10.3. #1178

The combination of python2 and Pipenv is no longer supported. #1181

2.1.18 - 03 Aug 2022

Update default CodeQL bundle version to 2.10.2. #1156

2.1.17 - 28 Jul 2022

Update default CodeQL bundle version to 2.10.1. #1143

2.1.16 - 13 Jul 2022

You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. #1132

You can now see diagnostic messages produced by the analysis in the logs of the analyze Action by enabling debug mode. To enable debug mode, pass debug: true to the init Action, or enable step debug logging. This feature is available for CodeQL CLI version 2.10.0 and later. #1133

2.1.15 - 28 Jun 2022

CodeQL query packs listed in the packs configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. #1116

The combination of python2 and poetry is no longer supported. See actions/setup-python#374 for more details. #1124

Update default CodeQL bundle version to 2.10.0. #1123

2.1.14 - 22 Jun 2022

No user facing changes.

... (truncated)

Commits

b398f52 Merge pull request #1225 from github/update-v2.1.22-a5966ad4

b0f41e0 Update changelog for v2.1.22

a5966ad Merge pull request #1224 from github/edoardo/2.10.4-bump

8c692b3 Pin poetry to 1.1

693b97b Bump CodeQL version to 2.10.4

d92a91c Merge pull request #1218 from github/aeisenberg/move-pack-download-to-init

7294b40 Fix call to endGroup

354bc9f Add Changelog entry

0a2b0d2 Moves calls to pack download to the init action

a59fbe2 Merge pull request #1215 from github/dependabot/npm_and_yarn/octokit/types-7.1.1

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 2
Bump actions/setup-python from 2.3.2 to 3
Bumps actions/setup-python from 2.3.2 to 3.

Release notes

Sourced from actions/setup-python's releases.

v3.0.0

What's Changed

Update default runtime to node16 (actions/setup-python#340)

Update package-lock.json file version to 2, @types/node to 16.11.25 and typescript to 4.2.3 (actions/setup-python#341)

Remove legacy pypy2 and pypy3 keywords (actions/setup-python#342)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

This new major release removes support of legacy pypy2 and pypy3 keywords. Please use more specific and flexible syntax to specify a PyPy version:

jobs: build: runs-on: ubuntu-latest strategy: matrix: python-version: - 'pypy-2.7' # the latest available version of PyPy that supports Python 2.7 - 'pypy-3.8' # the latest available version of PyPy that supports Python 3.8 - 'pypy-3.8-v7.3.8' # Python 3.8 and PyPy 7.3.8 steps: - uses: actions/[email protected] - uses: actions/[email protected] with: python-version: ${{ matrix.python-version }}

See more usage examples in the documentation

Commits

0ebf233 Remove legacy PyPy input (#342)

665cd78 Update lockfileversion (#341)

93cb78f Update to node16 (#340)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 2
Bump ossf/scorecard-action from 1.0.3 to 1.0.4
Bumps ossf/scorecard-action from 1.0.3 to 1.0.4.

Release notes

Sourced from ossf/scorecard-action's releases.

v1.0.4

Summary

This release fixes null repository and branch issues: see ossf/scorecard-action#106, ossf/scorecard-action#84 and ossf/scorecard-action#73

What's Changed

Update codeql-analysis.yml by @jauderho in ossf/scorecard-action#76

use GITHUB_REPOSITORY in shell script by @laurentsimon in ossf/scorecard-action#83

Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in ossf/scorecard-action#81

✨ Add warning for empty repo token by @laurentsimon in ossf/scorecard-action#71

🐛 Fix default parameter requirement by @laurentsimon in ossf/scorecard-action#89

:sparkles: Initial porting the shellscript to go by @naveensrinivasan in ossf/scorecard-action#87

:seedling: Golang CI for clean code. by @naveensrinivasan in ossf/scorecard-action#90

Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in ossf/scorecard-action#93

:seedling: Porting shell script to Go by @naveensrinivasan in ossf/scorecard-action#94

🌱 More tests by @naveensrinivasan in ossf/scorecard-action#95

🐛 Fix null is fork in script by @laurentsimon in ossf/scorecard-action#98

:seedling: Porting of shell script to go by @naveensrinivasan in ossf/scorecard-action#99

Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in ossf/scorecard-action#102

Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in ossf/scorecard-action#101

:seedling: Final bits of porting the shell to go by @naveensrinivasan in ossf/scorecard-action#103

:seedling: Dependabot for go by @naveensrinivasan in ossf/scorecard-action#104

:seedling: Verify clean env in build by @naveensrinivasan in ossf/scorecard-action#105

New Contributors

@dependabot made their first contribution in ossf/scorecard-action#81

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.0.3...v1.0.4

Commits

c1aec4a :seedling: Verify clean env in build

750f598 :seedling: Dependabot for go

322c6e0 :seedling: Final bits of porting the shell to go

5b4ee38 Bump actions/setup-go from 2.1.5 to 2.2.0

0550e75 Bump github/codeql-action from 1.0.32 to 1.1.0

9e79f66 :seedling: Porting of shell script to go

60701bb ./entrypoints.sh: updated SCORECARD_IS_FORK (#98)

869bc60 :seedling: More unit tests for porting to Go

57f3e8a :seedling: Porting shell script to Go

682b53e :seedling: Porting shell script to Go

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 2

Bump cryptography from 38.0.4 to 39.0.0 in /requirements/latest

Bumps cryptography from 38.0.4 to 39.0.0.

Changelog

Sourced from cryptography's changelog.

39.0.0 - 2023-01-01

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes` and :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS users must upgrade to 10.12 or newer. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`. * Added support for disabling RSA key validation checks when loading RSA keys via :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, and :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`. This speeds up key loading but is :term:`unsafe` if you are loading potentially attacker supplied keys. * Significantly improved performance for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` when repeatedly calling ``encrypt`` or ``decrypt`` with the same key. * Added support for creating OCSP requests with precomputed hashes using :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`. * Added support for loading multiple PEM-encoded X.509 certificates from a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.

.. _v38-0-4:

Commits

338a65a 39.0.0 version bump (#7954)
84a3cd7 automatically download and upload circleci wheels (#7949)
525c0b3 Type annotate release.py (#7951)
46d2a94 Use the latest 3.10 release when wheel building (#7953)
f150dc1 fix CI to work with ubuntu 22.04 (#7950)
8867724 fix README for python3 (#7947)
4de6304 Bump BoringSSL and/or OpenSSL in CI (#7946)
0a02a7d Replace more deprecated abstractproperty (#7944)
c28bfb3 src/_cffi_src/openssl/evp.py: export EVP_PKEY_set_alias_type in FUNCTIONS (#7...
438f781 Typo fixes (#7942)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies python

opened by dependabot[bot] 0

Mail attachments

I just stumbled upon a test case on which I would need to check if a mail contains a given attachment or not, but I could not find documentation about this, and dir did not helped much neither.

I suggest to implement and document how to check the attachments on mails.
enhancement

opened by azmeuk 0
Performance issue when hostname does not resolve to IP

Dear James,

thank you very much for the prompt improvement and the subsequent release. We can confirm the library is working without errors now, even on a misconfigured system.

However, we observed that a test case usually taking 0.43s on a properly configured system now only completes in 20.50s. While it is running, several stalls occur, indicating that the lack of the resolvable host name has some further drawbacks down the line while running the SMTP conversation.

So, with this insight, correct local hostname -> IP address resolution should be mandatory before doing any SMTP communication at all, either with a real server, or with this library. It may make sense to mention that detail within the README or another FAQ/troubleshooting section of the documentation, and maybe even drop a word in the corresponding error log message about it.

In any case, we wanted to share our observations with you and the community.

Thank you again and with kind regards, Andreas.

Originally posted by @amotl in https://github.com/bebleo/smtpdfix/issues/195#issuecomment-1237373576
bug

opened by bebleo 1
Socket does not consistently close on ready timeout

If the start of the server is aborted because the ready_timeout is exceeded the socket is not consistently closed down. when this happens subsequent uses fail with a message that the host and port are in use.
bug

opened by bebleo 0
SMTP AUTH extension not supported by server.
On Python 3.9.2 on macOS 11.2.1, using pytest 6.2.2 and smtpdfix 0.2.9, the following test fails with smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by server.. Uncommenting the line that sets SMTPD_ENFORCE_AUTH does not make a difference. The test succeeds if the client.login() line is removed.

import smtplib def test_smtpdfix(monkeypatch, smtpd): #monkeypatch.setenv("SMTPD_ENFORCE_AUTH", "True") client = smtplib.SMTP() client.connect(smtpd.hostname, smtpd.port) client.login("user", "password") client.quit()
documentation
opened by jwodder 1

PLAIN and LOGIN mechanisms refuse SSL encrypted requests

When authenticating using the PLAIN and LOGIN authentication mechanisms over SSL/TLS authentication fails. It will succeed when running the server is using STARTTLS. The following test will fail:

def test_AUTH_LOGIN_success(mock_smtpd_use_starttls, smtpd, user):
    with SMTP(smtpd.hostname, smtpd.port) as client:
        client.starttls()
        code, resp = client.docmd('AUTH', f'LOGIN {encode(user.username)}')
        assert code == 334
        assert resp == bytes(encode('Password'), 'ascii')
        code, resp = client.docmd(f'{encode(user.password)}')
        assert code == 235

The following, however, fails:

def test_AUTH_LOGIN_failure(mock_smtpd_use_ssl, smtpd, user):
    with SMTP_SSL(smtpd.hostname, smtpd.port) as client:
        code, resp = client.docmd('AUTH', f'LOGIN {encode(user.username)}')
        assert code == 334
        assert resp == bytes(encode('Password'), 'ascii')
        code, resp = client.docmd(f'{encode(user.password)}')
        assert code == 235  # Fails here because the code is "538 Authentication required."

opened by bebleo 0

Releases(v0.4.1)

v0.4.1(Oct 29, 2022)
Adds support for python 3.11.

Corrects an error related to aiomsmtpd that prevented StartTLS commands from working correctly. Issue #227

Source code(tar.gz)
Source code(zip)
smtpdfix-0.4.1-py3-none-any.whl(22.21 KB)
smtpdfix-0.4.1.tar.gz(21.72 KB)
v0.4.0(Sep 5, 2022)
Includes Potentially Breaking Changes

Support has been dropped for python 3.6.

The certs.generate_certs method has been removed from the public API.

Full Changelog: CHANGELOG.md
Source code(tar.gz)
Source code(zip)
smtpdfix-0.4.0-py3-none-any.whl(21.15 KB)
smtpdfix-0.4.0.tar.gz(20.91 KB)
v0.3.3(Nov 18, 2021)

Fixes install issues caused by a newline in short description.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.3.3-py3-none-any.whl(19.52 KB)
smtpdfix-0.3.3.tar.gz(19.31 KB)
v0.3.2(Oct 24, 2021)
Updates SMTPDFix to support python 3.10

Overwrites _trigger_server to avoid issues with SSL context.

Source code(tar.gz)
Source code(zip)
smtpdfix-0.3.2-py3-none-any.whl(19.59 KB)
smtpdfix-0.3.2.tar.gz(19.34 KB)
v0.3.1(Aug 7, 2021)
Addresses timeout issues and updates project to a more recent standard.

Adds SSL handshake timeout with a default value of 5 seconds to shorten the timeout in cases where clients don't support opportunistic encryption, but the server is configured to require it. This works only with Python 3.7 and later.

Increase the default time the server will wait to be ready from one to five seconds (the aiosmtpd default at the time the change was implemented) to reduce situations where the server times out.

Source code(tar.gz)
Source code(zip)
smtpdfix-0.3.1-py3-none-any.whl(18.97 KB)
smtpdfix-0.3.1.tar.gz(19.03 KB)
v0.3.0(Mar 14, 2021)
Significant changes to the way that the fixture is configured and adds the ability to consistently make changes to that configuration at runtime.

Changes to the fixture should now be made by changing properties in smtpd.config which will cause the fixture to call the reset() method.

Certificate and Key as PEM formatted files can now be explicitly linked and arbitrarily named..

Source code(tar.gz)
Source code(zip)
smtpdfix-0.3.0-py3-none-any.whl(17.84 KB)
smtpdfix-0.3.0.tar.gz(17.19 KB)
v0.2.10(Mar 5, 2021)
Includes Potentially Breaking Changes:

As of version 0.2.10 smtpdfix uses the standard aiosmtpd VRFY handler that will always return "252 Cannot VRFY user, but will accept message and attempt delivery" if an address is provided or "502 Cannot VRFY {address provided}" if not. Version 0.2.9. and earlier of smptdfix would return a 252 coded response if the username provided was verified and in all other cases a 502 error response.

Updates requirements to aiosmtpd version 1.3.1 or above.

SMPTDFix can now be initialized without providing a hostname and port which defaults to localhost: 8025.

Better compatibility with AUTH in aiosmtpd by using AuthResult as return from AUTH mechanism handlers and the Authenticator for processing.

Uses default aiosmtpd VRFY handling and responses.

Adds unofficial support for PyPy3 in response to. Issue #51

Adds exception handling to prevent cases where unhandled exceptions cause the fixture to hang. Now returns a 421 error and closes the connection. Issue #51

Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.10-py3-none-any.whl(15.28 KB)
smtpdfix-0.2.10.tar.gz(14.57 KB)
v0.2.9(Feb 11, 2021)
Updates requirements for security and fixes the version of aiosmtpd for stability.

Now requires cryptography version 3.4.4 in response to security reports

Upgrades Aiosmtpd to version 1.3.0 or greater to take advantages of updated AUTH handling. Versions of aiosmtpd below 1.3.0 are no longer compatible.

Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.9-py3-none-any.whl(15.22 KB)
smtpdfix-0.2.9.tar.gz(14.00 KB)
v0.2.8(Feb 7, 2021)
Updates to use the latest release of aiosmtpd and to automatically load as a plugin with pytest.

Adds an SMTPDFix class for use in with blocks.

The fixture now automatically loads as a plugin with pytest.

Aiosmtpd version 1.2.4 or greater now required.

Command responses now standard with aiosmtpd with the exception of AUTH mechanisms.

Prefers StartTLS to TLS/SSL to avoid a case where if both where specified the SMTP server would report a fault.

Minor performance enhancements from removing the lazy object proxy and setting key size to 2048 bits instead of 4096.

Allows for late changes to StartTLS environment variables.

Version yanked from pypi because it allowed for insecure versions of cryptography to be used.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.8-py3-none-any.whl(15.17 KB)
smtpdfix-0.2.8.tar.gz(13.96 KB)
v0.2.7(Jan 29, 2021)
This release has been motivated by recent breaking changes to aiosmtpd version 1.2.3 and above.

Certificates are now dynamically generated per session rather than stored in the package.

Enforces aiosmtpd to version 1.2.2 or below.

Version yanked from pypi because it allowed for insecure versions of cryptography to be used.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.7-py3-none-any.whl(15.08 KB)
smtpdfix-0.2.7.tar.gz(13.29 KB)
v0.2.6(Jan 17, 2021)
Adds support for mocking environment variables in some cases and corrects errors

Corrects an error whereby running without a .env file setting true/false environment variables produced an error.

Allows for some, but not all, environment variables to be set after test setup.

Version yanked from pypi because it allowed for insecure versions of cryptography to be used.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.6-py3-none-any.whl(17.96 KB)
smtpdfix-0.2.6.tar.gz(17.01 KB)
v0.2.5(Dec 28, 2020)
Adds support for python 3.9 and limits aiosmtpd to prevent future changes creating incompatibilities.

Add support for async tests and coverage.

Fixes support for .env files and makes treatment of environment variables more consistent.

Version yanked from pypi because it allowed for insecure versions of cryptography to be used.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.5-py3-none-any.whl(17.49 KB)
smtpdfix-0.2.5.tar.gz(16.64 KB)
v0.2.4(Aug 2, 2020)
Corrects errors to Version 0.2.3 which prevented it from running under smtpdfix.

Corrects path in setup.py so that certificates are included.

Updates the certificates so that they're good until at least August 2, 2030

Version yanked from pypi because it allowed for insecure versions of cryptography to be used.
Source code(tar.gz)
Source code(zip)
smtpdfix-0.2.4-py3-none-any.whl(13.91 KB)
smtpdfix-0.2.4.tar.gz(13.91 KB)
v0.2.3(Aug 2, 2020)
Final release as bebleo_smtpd_fixture before becoming smtpdfix.

Adds deprecation warning to the fixture letting developers know that if by chance they're using bebelo_smtpd_fixture they should move to smtpdfix

Source code(tar.gz)
Source code(zip)
bebleo-smtpd-fixture-0.2.3.tar.gz(14.00 KB)
bebleo_smtpd_fixture-0.2.3-py3-none-any.whl(14.41 KB)
v0.2.2(Aug 1, 2020)
Adds support for enforcing authentication. Specific changes include:

Adds a changelog.

Adds support for .env files with python-dotenv.

Enforces encryption on AUTH methods that require it.

Corrects bug that prevented cancelling authentication with the LOGIN mechanism by sending a * and updates error message to match RFC4954 - SMTP Service Extension for Authentication.

Corrects bug that caused the fixture hang on windows if certificates were not found in the path specified by the SMTPD_SSL_CERTS_PATH.

Ensures that the session is authenticated when the SMTPD_ENFORCE_AUTH environment flag is set to True before processing DATA, MAIL, RCPT commands.

Source code(tar.gz)
Source code(zip)
bebleo-smtpd-fixture-0.2.2.tar.gz(13.89 KB)
bebleo_smtpd_fixture-0.2.2-py3-none-any.whl(14.26 KB)
v0.2.1(Jul 3, 2020)
This version adds authentication and encryption to the fixture. Specifically:

SSL/TLS is now support and certificates are supplied out-of-the box if logging in using 127.0.0.1 or localhost as the address

Authentication now supports CRAM-MD5, PLAIN, and LOGIN mechanisms.

Source code(tar.gz)
Source code(zip)
bebleo-smtpd-fixture-0.2.1.tar.gz(9.50 KB)
bebleo_smtpd_fixture-0.2.1-py3-none-any.whl(10.12 KB)
v0.2.0-alpha(Jun 13, 2020)

Version 0.2.0 implements authentication for the fixture to simulate a more realistic environment for testing.
Source code(tar.gz)
Source code(zip)
v0.1.0(May 16, 2020)

Source code(tar.gz)
Source code(zip)

A SMTP server for use as a pytest fixture that implements encryption and authentication.

Related tags

Overview

SMTPDFix: Test email, locally

Installing

Using

Not as a fixture

Configuration

Resolving certificate and key paths

Alternatives

Developing

Known Issues

Comments

5.7.0 December 30th 2020

5.7.0 December 30th 2020

CodeQL Action Changelog

[UNRELEASED]

2.1.37 - 14 Dec 2022

2.1.36 - 08 Dec 2022

2.1.35 - 01 Dec 2022

2.1.34 - 25 Nov 2022

2.1.33 - 16 Nov 2022

2.1.32 - 14 Nov 2022

2.1.31 - 04 Nov 2022

2.1.30 - 02 Nov 2022

2.1.29 - 26 Oct 2022

2.1.28 - 18 Oct 2022

Update primary and restore keys for pip

Changelog

v3.1.0

v3.0.2

v3.0.1

v3.0.0

v2.3.1

v2.3.0

v2.2.0

v2.1.1

v2.1.0

v2.0.0

v3.0.2

What's Changed

Changelog

v3.0.2

v3.0.1

v3.0.0

v2.3.1

v2.3.0

v2.2.0

v2.1.1

v2.1.0

v2.0.0

v2 (beta)

v4.0.0

What's Changed

v2.1.2

What's Changed

Fixes

v2.1.1

Scorecard version

v2.1.0

What's Changed

Scorecard version

Improvements

Documentation

New Contributors

CodeQL Action Changelog

[UNRELEASED]

2.1.22 - 01 Sep 2022

2.1.21 - 25 Aug 2022

2.1.20 - 22 Aug 2022

2.1.19 - 17 Aug 2022

2.1.18 - 03 Aug 2022

2.1.17 - 28 Jul 2022

2.1.16 - 13 Jul 2022

2.1.15 - 28 Jun 2022

2.1.14 - 22 Jun 2022

v3.0.0

What's Changed

Breaking Changes

v1.0.4