From 306c850264c41495118a38436f573c7532f63066 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Wed, 16 Feb 2022 12:10:11 +0100
Subject: [PATCH] Use numeric id in mail alias routes

---
 tests/test_mail.py                 |  6 +++---
 uffd/mail/templates/mail/list.html |  4 ++--
 uffd/mail/templates/mail/show.html |  8 ++++----
 uffd/mail/views.py                 | 27 ++++++++++++++-------------
 4 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/tests/test_mail.py b/tests/test_mail.py
index 0ea10982..ab8abe5b 100644
--- a/tests/test_mail.py
+++ b/tests/test_mail.py
@@ -31,7 +31,7 @@ class TestMailViews(UffdTestCase):
 		self.assertEqual(r.status_code, 200)
 
 	def test_show(self):
-		r = self.client.get(path=url_for('mail.show', uid=self.get_mail().uid), follow_redirects=True)
+		r = self.client.get(path=url_for('mail.show', mai_id=self.get_mail().id), follow_redirects=True)
 		dump('mail_show', r)
 		self.assertEqual(r.status_code, 200)
 
@@ -46,7 +46,7 @@ class TestMailViews(UffdTestCase):
 		self.assertEqual(m.uid, 'test')
 		self.assertEqual(sorted(m.receivers), ['test1@example.com', 'test2@example.com'])
 		self.assertEqual(sorted(m.destinations), ['testuser@mail.example.com'])
-		r = self.client.post(path=url_for('mail.update', uid=m.uid),
+		r = self.client.post(path=url_for('mail.update', mail_id=m.id),
 			data={'mail-uid': 'test1', 'mail-receivers': 'foo@bar.com\ntest@bar.com',
 			'mail-destinations': 'testuser@mail.example.com\ntestadmin@mail.example.com'}, follow_redirects=True)
 		dump('mail_update', r)
@@ -83,7 +83,7 @@ class TestMailViews(UffdTestCase):
 
 	def test_delete(self):
 		self.assertIsNotNone(self.get_mail())
-		r = self.client.get(path=url_for('mail.delete', uid=self.get_mail().uid), follow_redirects=True)
+		r = self.client.get(path=url_for('mail.delete', mail_id=self.get_mail().id), follow_redirects=True)
 		dump('mail_delete', r)
 		self.assertEqual(r.status_code, 200)
 		self.assertIsNone(self.get_mail())
diff --git a/uffd/mail/templates/mail/list.html b/uffd/mail/templates/mail/list.html
index c61bfda6..c2e4e8a7 100644
--- a/uffd/mail/templates/mail/list.html
+++ b/uffd/mail/templates/mail/list.html
@@ -18,9 +18,9 @@
 			</thead>
 			<tbody>
 				{% for mail in mails|sort(attribute="uid") %}
-				<tr id="mail-{{ mail.uid }}">
+				<tr id="mail-{{ mail.id }}">
 					<th scope="row">
-						<a href="{{ url_for("mail.show", uid=mail.uid) }}">
+						<a href="{{ url_for("mail.show", mail_id=mail.id) }}">
 						{{ mail.uid }}
 						</a>
 					</th>
diff --git a/uffd/mail/templates/mail/show.html b/uffd/mail/templates/mail/show.html
index 44b0db5c..0f11fa9c 100644
--- a/uffd/mail/templates/mail/show.html
+++ b/uffd/mail/templates/mail/show.html
@@ -1,11 +1,11 @@
 {% extends 'base.html' %}
 
 {% block body %}
-<form action="{{ url_for("mail.update", uid=mail.uid) }}" method="POST">
+<form action="{{ url_for("mail.update", mail_id=mail.id) }}" method="POST">
 <div class="align-self-center">
 	<div class="form-group col">
 		<label for="mail-name">{{_('Name')}}</label>
-		<input type="text" class="form-control" id="mail-name" name="mail-uid" {% if mail.uid %} value="{{ mail.uid }}" readonly {% else %} value=""{% endif %}>
+		<input type="text" class="form-control" id="mail-name" name="mail-uid" {% if mail.id %} value="{{ mail.uid }}" readonly {% else %} value=""{% endif %}>
 		<small class="form-text text-muted">
 		</small>
 	</div>
@@ -26,8 +26,8 @@
 	<div class="form-group col">
 		<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{_('Save')}}</button>
 		<a href="{{ url_for("mail.index") }}" class="btn btn-secondary">{{_('Cancel')}}</a>
-		{% if mail.uid %}
-			<a href="{{ url_for("mail.delete", uid=mail.uid) }}" class="btn btn-danger"><i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}</a>
+		{% if mail.id %}
+			<a href="{{ url_for("mail.delete", mail_id=mail.id) }}" class="btn btn-danger"><i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}</a>
 		{% else %}
 			<a href="#" class="btn btn-danger disabled"><i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}</a>
 		{% endif %}
diff --git a/uffd/mail/views.py b/uffd/mail/views.py
index 6f3f0c97..30981efa 100644
--- a/uffd/mail/views.py
+++ b/uffd/mail/views.py
@@ -23,20 +23,21 @@ def mail_acl():
 def index():
 	return render_template('mail/list.html', mails=Mail.query.all())
 
-@bp.route("/<uid>")
+@bp.route("/<int:mail_id>")
 @bp.route("/new")
-def show(uid=None):
-	mail = Mail()
-	if uid is not None:
-		mail = Mail.query.filter_by(uid=uid).first_or_404()
+def show(mail_id=None):
+	if mail_id is not None:
+		mail = Mail.query.get_or_404(mail_id)
+	else:
+		mail = Mail()
 	return render_template('mail/show.html', mail=mail)
 
-@bp.route("/<uid>/update", methods=['POST'])
+@bp.route("/<int:mail_id>/update", methods=['POST'])
 @bp.route("/new", methods=['POST'])
 @csrf_protect(blueprint=bp)
-def update(uid=None):
-	if uid is not None:
-		mail = Mail.query.filter_by(uid=uid).first_or_404()
+def update(mail_id=None):
+	if mail_id is not None:
+		mail = Mail.query.get_or_404(mail_id)
 	else:
 		mail = Mail(uid=request.form.get('mail-uid'))
 	mail.receivers = request.form.get('mail-receivers', '').splitlines()
@@ -48,12 +49,12 @@ def update(uid=None):
 	db.session.add(mail)
 	db.session.commit()
 	flash(_('Mail mapping updated.'))
-	return redirect(url_for('mail.show', uid=mail.uid))
+	return redirect(url_for('mail.show', mail_id=mail.id))
 
-@bp.route("/<uid>/del")
+@bp.route("/<int:mail_id>/del")
 @csrf_protect(blueprint=bp)
-def delete(uid):
-	mail = Mail.query.filter_by(uid=uid).first_or_404()
+def delete(mail_id):
+	mail = Mail.query.get_or_404(mail_id)
 	db.session.delete(mail)
 	db.session.commit()
 	flash(_('Deleted mail mapping.'))
-- 
GitLab