Reset Password Email Improperly Encoded

The emails set for resetting the user's password are specified as "Content-Transfer-Encoding: quoted-printable" but the body of the email is plain text and so the '=' in the encoded password caused email clients such as Thunderbird to get confused and not fully display the message.

Steps to reproduce

  1. Logout of MoinMoin.

  2. Go To UserPreferences

  3. Send yourself an email
  4. Look at the raw source of the received message and compare with the displayed message.

Example

Here is an example message. The first is the raw text of the message body and the second is how it is displayed in the mail client.

Somebody has requested to submit your account data to this email address.

If you lost your password, please use the data below and just enter the
password AS SHOWN into the wiki's password form field (use copy and paste
for that).

After successfully logging in, it is of course a good idea to set a new and known password.

Login Name: JoeUser

Login Password: {SHA}CaiyvfsfOoKeRTLk9Fd/msKGA5o=

Login URL: http://wiki.alldunn2.com/index.cgi/UserPreferences

Somebody has requested to submit your account data to this email address.

If you lost your password, please use the data below and just enter the
password AS SHOWN into the wiki's password form field (use copy and paste
for that).

After successfully logging in, it is of course a good idea to set a new and known password.

Login Name: JoeUser

Login Password: {SHA}CaiyvfsfOoKeRTLk9Fd/msKGA5o
Login URL: http://wiki.alldunn2.com/index.cgi/UserPreferences

Notice the missing characters on the end of the password and also the missing empty line.

Details

MoinMoin Version

1.5.3

OS and Version

Linux with 2.4 kernel

Python Version

2.4.3

Server Setup

CGI

Server Details

Workaround

The fix is simple. In MoinMoin/utils/mail.py in the sendmail function change

    msg.set_payload(text)

to

    msg.set_payload(charset.body_encode(text))

BTW, I also think that the login URL put into the email should have "?action=login" appended to it so the user can easily get back to the right page to do the login.

--RobinDunn

The problem was caused by a bug in python 2.4.3 and above, which doesn't QP-encode the message as previous versions do it.

Workaround:

    msg.set_payload('=')
    if msg.as_string().endswith('='):
        text = charset.body_encode(text)

This way the content doesn't get QP encoded twice, wether your python has the bug or not.

I reported this bug at http://sourceforge.net/tracker/index.php?func=detail&aid=1525919&group_id=5470&atid=105470.

-- ThomasArendsenHein

Discussion

Although I didn't have problems like that (using mutt and Mozilla Mail), I applied your changes. Thanks for the suggestions.

Fix didnt work here, still didnt get the right password:

without fix:

Login Name: Oliver
 
Login Password: {SHA}pIn5cAvpJFlmLg4OKIfwnRxcjzM

with fix:

Login Name: Oliver
 
Login Password: {SHA}pIn5cAvpJFlmLg4OKIfwnRxcjzM=3D

(Opera 9 + python 2.3)


I believe this is still broken in 1.5.4. It now double-encodes the body. In the sendmail function referenced above, there's a line

 text = text.encode(config.charset)

which encodes the text in quoted-printable (i.e. "=" turns into "=3D").

Then below it does this:

 msg.set_payload(charset.body_encode(text))

which encodes the body *again*.

If I just replace that with

 msg.set_payload(text)

it works for me. I don't understand all the details, but my raw message with unmodified 1.5.4 looks like this:

After successfully logging in, it is of course a good idea to set a new and=
=3D
 known password.

Login Name: GaryOberbrunner

Login Password: {SHA}I/C5+/4qweqweqweqwe7Oz8tY/c=3D3D

Login URL: http://www.scons.org/cgi-sys/cgiwrap/scons/moin.cgi/UserPreferen=
=3D
ces?action=3D3Dlogin

Note the double-encoding of the line breaks as well.

-- GaryOberbrunner

General E-Mail Encoding-Problem

MoinMoin Version

1.5.4

OS and Version

Linux with 2.6 kernel

Python Version

2.3.5

Server Setup

LANG=de_DE@euro, MM_CHARSET=ISO-8859-15

Server Details

With the standard v1.54 setting

    msg.set_payload(charset.body_encode(text))

MoinMoin produces =3DC3=3D84nderungen with

   msg.set_payload(text)

MoinMoin produces =C3=84nderungen and the Mail-Client prints the right: Ă„nderungen. The E-Mail Header shows in both cases

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

-- RalfMoll 2006-07-13 15:00:59

Plan

More fixes by (thanks to ThomasAH):


CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/ResetPasswordEmailImproperlyEncoded (last edited 2007-10-29 19:17:16 by localhost)