Add new support for disabling From address spoofing.

Review Request #10416 — Created Feb. 18, 2019 and submitted

Information

Djblets
release-1.0.x

Reviewers

When "smart" (DMARC-aware) spoofing of From addresses was added, there
wasn't a mechanism to fully turn off the spoofing behavior. The only
options available were to enable the smart spoofing or to go back to
always spoofing. In commit 62f218d, Brian LeBlanc made an attempt at
fixing this, but it introduced some regressions in behavior, largely due
to the fact that my original design just wasn't built for a "fully
disable" option.

This change corrects that design by deprecating the old
enable_smart_spoofing option and introducing a new from_spoofing
option. This option can be in one of three modes: smart, always, or
never. The first two are equivalent to the original behavior of
enable_smart_spoofing=True/False, and the third fully disables
spoofing entirely, building a noreply address instead.

The old enable_smart_spoofing option still remains, and will take
effect if from_spoofing isn't explicitly set by the caller. It retains
the same default, always spoofing, for backwards-compatibility.
Consumers are encouraged to set a better default through the new
from_spoofing argument or the Django setting,
DJBLETS_EMAIL_FROM_SPOOFING.

At this time, the old argument will not be emitting a deprecation
notice, given how late we are into the 1.0.x series. Future releases
will begin to emit deprecation notices, and eventually remove the old
setting.

Unit tests pass.

Summary ID
Add new support for disabling From address spoofing.
When "smart" (DMARC-aware) spoofing of From addresses was added, there wasn't a mechanism to fully turn off the spoofing behavior. The only options available were to enable the smart spoofing or to go back to always spoofing. In commit 62f218d, Brian LeBlanc made an attempt at fixing this, but it introduced some regressions in behavior, largely due to the fact that my original design just wasn't built for a "fully disable" option. This change corrects that design by deprecating the old `enable_smart_spoofing` option and introducing a new `from_spoofing` option. This option can be in one of three modes: `smart`, `always`, or `never`. The first two are equivalent to the original behavior of `enable_smart_spoofing=True/False`, and the third fully disables spoofing entirely, building a `noreply` address instead. The old `enable_smart_spoofing` option still remains, and will take effect if `from_spoofing` isn't explicitly set by the caller. It retains the same default, always spoofing, for backwards-compatibility. Consumers are encouraged to set a better default through the new `from_spoofing` argument or the Django setting, `DJBLETS_EMAIL_FROM_SPOOFING`. At this time, the old argument will not be emitting a deprecation notice, given how late we are into the 1.0.x series. Future releases will begin to emit deprecation notices, and eventually remove the old setting.
5d483d57ee70e7f906caf4538f99861a021bc411
Description From Last Updated

E303 too many blank lines (2)

reviewbotreviewbot
Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.

flake8

chipx86
david
  1. Once Review Bot is happy, I am too.

  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-1.0.x (cf6dfe1)