modoboa 2.5.1__py3-none-any.whl → 2.6.1__py3-none-any.whl

modoboa/admin/api/v2/serializers.py

@@ -244,6 +244,11 @@ class AdminGlobalParametersSerializer(serializers.Serializer):
     auto_create_domain_and_mailbox = serializers.BooleanField(default=True)
     create_alias_on_mbox_rename = serializers.BooleanField(default=False)
 
+    # Aliases settings
+    alias_can_target_any_domain = serializers.BooleanField(default=True)
+    alias_target_block_list = serializers.CharField(required=False, allow_null=True)
+    alias_target_allow_list = serializers.CharField(required=False, allow_null=True)
+
     def validate_default_domain_quota(self, value):
         """Ensure quota is a positive integer."""
         if value < 0:
@@ -745,7 +750,7 @@ class CSVImportSerializer(serializers.Serializer):
 class CSVIdentityImportSerializer(CSVImportSerializer):
     """Custom serializer for identity import."""
 
-    crypt_passwords = serializers.BooleanField()
+    crypt_passwords = serializers.BooleanField(default=False)
 
 
 class AlarmSerializer(serializers.ModelSerializer):

modoboa/admin/api/v2/tests.py

@@ -653,6 +653,22 @@ dlist; dlist@test.com; True; user1@test.com; user@extdomain.com
         received_content[0] = ",".join(admin_row)
         self.assertCountEqual(expected_response.strip().split("\r\n"), received_content)
 
+    def test_export_accounts(self):
+        response = self.client.get(f"{reverse('v2:identities-export')}?type=account")
+        expected_response = "account,admin,,,,True,SuperAdmins,,\r\naccount,admin@test.com,{PLAIN}toto,,,True,DomainAdmins,admin@test.com,10,test.com\r\naccount,admin@test2.com,{PLAIN}toto,,,True,DomainAdmins,admin@test2.com,10,test2.com\r\naccount,user@test.com,{PLAIN}toto,,,True,SimpleUsers,user@test.com,10\r\naccount,user@test2.com,{PLAIN}toto,,,True,SimpleUsers,user@test2.com,10\r\n"  # NOQA:E501
+        received_content = force_str(response.content.strip()).split("\r\n")
+        # Empty admin password because it is hashed using SHA512-CRYPT
+        admin_row = received_content[0].split(",")
+        admin_row[2] = ""
+        received_content[0] = ",".join(admin_row)
+        self.assertCountEqual(expected_response.strip().split("\r\n"), received_content)
+
+    def test_export_aliases(self):
+        response = self.client.get(f"{reverse('v2:identities-export')}?type=alias")
+        expected_response = "alias,alias@test.com,True,user@test.com\r\nalias,forward@test.com,True,user@external.com\r\nalias,postmaster@test.com,True,test@truc.fr,toto@titi.com\r\n"  # NOQA:E501
+        received_content = force_str(response.content.strip()).split("\r\n")
+        self.assertCountEqual(expected_response.strip().split("\r\n"), received_content)
+
 
 class AliasViewSetTestCase(ModoAPITestCase):
     @classmethod

modoboa/admin/api/v2/viewsets.py

@@ -58,10 +58,19 @@ class DomainViewSet(
 ):
     """V2 viewset."""
 
+    filter_backends = (
+        filters.OrderingFilter,
+        filters.SearchFilter,
+        dj_filters.DjangoFilterBackend,
+    )
+    pagination_class = pagination.CustomPageNumberPagination
     permission_classes = (
         permissions.IsAuthenticated,
         permissions.DjangoModelPermissions,
     )
+    search_fields = [
+        "^name",
+    ]
 
     def get_queryset(self):
         """Filter queryset based on current user."""
@@ -240,7 +249,8 @@ class IdentityViewSet(GetThrottleViewsetMixin, viewsets.ViewSet):
     def export(self, request, **kwargs):
         """Export accounts and aliases to CSV."""
         result = []
-        for idt in lib.get_identities(request.user):
+        idtfilter = request.GET.get("type")
+        for idt in lib.get_identities(request.user, idtfilter=idtfilter):
             result.append(idt.to_csv_row())
         return response.Response(result)
 

modoboa/admin/app_settings.py

@@ -239,6 +239,45 @@ GLOBAL_PARAMETERS_STRUCT = collections.OrderedDict(
                 ),
             },
         ),
+        (
+            "aliases",
+            {
+                "label": gettext_lazy("Aliases"),
+                "params": collections.OrderedDict(
+                    [
+                        (
+                            "alias_can_target_any_domain",
+                            {
+                                "label": gettext_lazy("Alias can target any domain"),
+                                "help_text": gettext_lazy(
+                                    "Allow aliases to target any domain, not just the local domains."
+                                ),
+                            },
+                        ),
+                        (
+                            "alias_target_block_list",
+                            {
+                                "label": gettext_lazy("Alias target block list"),
+                                "help_text": gettext_lazy(
+                                    "A list of domains that aliases cannot target (comma separated)."
+                                ),
+                                "display": "alias_can_target_any_domain=true",
+                            },
+                        ),
+                        (
+                            "alias_target_allow_list",
+                            {
+                                "label": gettext_lazy("Alias target allow list"),
+                                "help_text": gettext_lazy(
+                                    "A list of domains that aliases can target (comma separated)."
+                                ),
+                                "display": "alias_can_target_any_domain=false",
+                            },
+                        ),
+                    ]
+                ),
+            },
+        ),
     ]
 )
 

modoboa/admin/lib.py

@@ -31,7 +31,12 @@ from . import signals
 from .models import Alias, Domain, DomainAlias
 
 
-def get_identities(user, searchquery=None, idtfilter=None, grpfilter=None):
+def get_identities(
+    user: User,
+    searchquery: str | None = None,
+    idtfilter: str | None = None,
+    grpfilter: str | None = None,
+) -> chain:
     """Return all the identities owned by a user.
 
     :param user: the desired user
@@ -213,7 +218,7 @@ def get_authoritative_resolver(domain, resolver=None):
 
 def get_dns_records(name, typ, resolver=None):
     """Retrieve DNS records for given name and type."""
-    logger = logging.getLogger("modoboa.admin")
+    logger = logging.getLogger("modoboa.dns")
 
     try:
         resolver = get_authoritative_resolver(name, resolver=resolver)
@@ -242,7 +247,7 @@ def get_dns_records(name, typ, resolver=None):
 def get_domain_mx_list(domain):
     """Return a list of MX IP address for domain."""
     result = []
-    logger = logging.getLogger("modoboa.admin")
+    logger = logging.getLogger("modoboa.dns")
     resolver = get_dns_resolver()
     dns_answers = get_dns_records(domain, "MX", resolver)
     if dns_answers is None:

modoboa/admin/models/alias.py

@@ -21,6 +21,7 @@ from modoboa.lib.exceptions import (
     ModoboaException,
     AliasExists,
 )
+from modoboa.parameters import tools as param_tools
 from .. import signals
 from .base import AdminObject
 from .domain import Domain
@@ -90,6 +91,25 @@ class AliasManager(models.Manager):
         )
 
 
+def convert_to_list(raw_value: str) -> list[str]:
+    """Convert input string to list of string."""
+    return [item.strip() for item in raw_value.split(",")]
+
+
+def is_alias_target_allowed(domain: str) -> bool:
+    """Check if alias target is allowed or not."""
+    params = dict(param_tools.get_global_parameters(app="admin"))
+    if params.get("alias_can_target_any_domain"):
+        blocked_domains = params.get("alias_target_block_list")
+        if blocked_domains and domain in convert_to_list(blocked_domains):
+            return False
+    else:
+        allowed_domains = params.get("alias_target_allow_list")
+        if allowed_domains and domain not in convert_to_list(allowed_domains):
+            return False
+    return True
+
+
 class Alias(AdminObject):
     """Mailbox alias."""
 
@@ -182,6 +202,8 @@ class Alias(AdminObject):
             if domname is None:
                 raise BadRequest("{} {}".format(_("Invalid address"), address))
             domain = Domain.objects.filter(name=domname).first()
+            if not domain and not is_alias_target_allowed(domname):
+                raise BadRequest(f"{_('Target domain not allowed')}: {domname}")
             kwargs = {"address": address, "alias": self}
             if (domain is not None) and (
                 any(

modoboa/admin/models/domain.py

@@ -202,7 +202,7 @@ class Domain(mixins.MessageLimitMixin, AdminObject):
         return self.dnsrecord_set.filter(type="autodiscover").first()
 
     @cached_property
-    def allocated_quota(self):
+    def allocated_quota(self) -> int:
         """Return current quota allocation."""
         if not self.quota:
             return 0

modoboa/admin/models/mixins.py

@@ -1,5 +1,7 @@
 """Admin model mixins."""
 
+from typing import Optional
+
 from modoboa.policyd.utils import get_message_counter
 
 
@@ -18,7 +20,7 @@ class MessageLimitMixin:
         return self.message_limit - get_message_counter(self.message_counter_key)
 
     @property
-    def sent_messages_in_percent(self):
+    def sent_messages_in_percent(self) -> Optional[int]:  # noqa
         """Return number of sent messages as a percentage."""
         if not self.message_limit:
             return None

modoboa/admin/tests/test_alias_targets.py

@@ -0,0 +1,68 @@
+"""Tests for alias target allow/block settings."""
+
+from django.urls import reverse
+
+from modoboa.admin import factories, models
+from modoboa.lib.tests import ModoAPITestCase
+
+
+class AliasTargetSettingsTestCase(ModoAPITestCase):
+
+    @classmethod
+    def setUpTestData(cls):  # NOQA:N802
+        super().setUpTestData()
+        factories.populate_database()
+
+    def test_block_external_domain_when_any_allowed_with_block_list(self):
+        # alias_can_target_any_domain = True and block external domain
+        self.set_global_parameter("alias_can_target_any_domain", True, app="admin")
+        self.set_global_parameter("alias_target_block_list", "bad.com", app="admin")
+
+        values = {
+            "address": "list@test.com",
+            "recipients": ["user@bad.com"],
+            "enabled": True,
+        }
+        resp = self.client.post(reverse("v2:alias-list"), values, format="json")
+        # Creation should fail
+        self.assertEqual(resp.status_code, 400)
+        self.assertEqual(resp.json()["error"], "Target domain not allowed: bad.com")
+
+    def test_allow_only_list_when_any_disallowed(self):
+        # alias_can_target_any_domain = False and allow list contains domain
+        self.set_global_parameter("alias_can_target_any_domain", False, app="admin")
+        self.set_global_parameter("alias_target_allow_list", "ok.com", app="admin")
+
+        # Check if local domain is still allowed
+        values = {
+            "address": "list2@test.com",
+            "recipients": ["user@test.com"],
+            "enabled": True,
+        }
+        resp = self.client.post(reverse("v2:alias-list"), values, format="json")
+        self.assertEqual(resp.status_code, 201)
+
+        values = {
+            "address": "list3@test.com",
+            "recipients": ["user@ok.com"],
+            "enabled": True,
+        }
+        resp = self.client.post(reverse("v2:alias-list"), values, format="json")
+        self.assertEqual(resp.status_code, 201)
+        alias = models.Alias.objects.get(address="list3@test.com", internal=False)
+        # Allowed external domain should remain external
+        self.assertTrue(
+            alias.aliasrecipient_set.filter(
+                address="user@ok.com", r_mailbox__isnull=True, r_alias__isnull=True
+            ).exists()
+        )
+
+        # Now try a domain not in allow list, should stay external as well
+        values = {
+            "address": "list4@test.com",
+            "recipients": ["user@bad.com"],
+            "enabled": True,
+        }
+        resp = self.client.post(reverse("v2:alias-list"), values, format="json")
+        self.assertEqual(resp.status_code, 400)
+        self.assertEqual(resp.json()["error"], "Target domain not allowed: bad.com")

modoboa/admin/tests/test_mx.py

@@ -138,7 +138,7 @@ class MXTestCase(ModoTestCase):
         """Test to get error loggins from specific DNS server."""
         mock_query.side_effect = utils.mock_dns_query_result
         mock_ip_address.side_effect = utils.mock_ip_address_result
-        with LogCapture("modoboa.admin") as log:
+        with LogCapture("modoboa.dns") as log:
             get_domain_mx_list("does-not-exist.example.com")
             get_domain_mx_list("no-mx.example.com")
             get_domain_mx_list("no-ns-servers.example.com")
@@ -148,36 +148,36 @@ class MXTestCase(ModoTestCase):
             get_domain_mx_list("bad-response.example.com")
         log.check(
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "ERROR",
                 _("No DNS record found for %s") % "does-not-exist.example.com",
             ),
-            ("modoboa.admin", "ERROR", _("No MX record for %s") % "no-mx.example.com"),
-            ("modoboa.admin", "ERROR", _("No working name servers found")),
+            ("modoboa.dns", "ERROR", _("No MX record for %s") % "no-mx.example.com"),
+            ("modoboa.dns", "ERROR", _("No working name servers found")),
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "WARNING",
                 _("DNS resolution timeout, unable to query %s at the moment")
                 % "timeout.example.com",
             ),
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "ERROR",
                 _("No DNS record found for %s") % "does-not-exist.example.com",
             ),
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "ERROR",
                 _("No DNS record found for %s") % "does-not-exist.example.com",
             ),
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "WARNING",
                 _("Invalid IP address format for %(domain)s; %(addr)s")
                 % {"domain": "bad-response.example.com", "addr": "000.0.0.0"},
             ),
             (
-                "modoboa.admin",
+                "modoboa.dns",
                 "WARNING",
                 _("Invalid IP address format for %(domain)s; %(addr)s")
                 % {"domain": "bad-response.example.com", "addr": "000.0.0.0"},
@@ -193,15 +193,15 @@ class MXTestCase(ModoTestCase):
         localconfig = core_models.LocalConfig.objects.first()
         localconfig.parameters.set_value("enable_ipv6_mx_checks", True, "admin")
         localconfig.save()
-        with LogCapture("modoboa.admin") as log:
+        with LogCapture("modoboa.dns") as log:
             get_domain_mx_list("test3.com")
         log.check(
-            ("modoboa.admin", "ERROR", _("No AAAA record for %s") % "mx3.example.com")
+            ("modoboa.dns", "ERROR", _("No AAAA record for %s") % "mx3.example.com")
         )
         localconfig = core_models.LocalConfig.objects.first()
         localconfig.parameters.set_value("enable_ipv6_mx_checks", False, "admin")
         localconfig.save()
-        with LogCapture("modoboa.admin") as log2:
+        with LogCapture("modoboa.dns") as log2:
             get_domain_mx_list("test3.com")
         log2.check()
 

modoboa/autoconfig/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AutoconfigConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "modoboa.autoconfig"

modoboa/autoconfig/templates/autoconfig/autoconfig.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<clientConfig version="1.1">
+  <emailProvider id="{{ domain }}">
+    <domain>{{ domain }}</domain>
+    <displayName>Modoboa</displayName>
+    <displayShortName>Mail</displayShortName>
+
+    <incomingServer type="imap">
+      <hostname>{{ connection_settings.imap.HOSTNAME }}</hostname>
+      <port>{{ connection_settings.imap.PORT }}</port>
+      <socketType>{{ connection_settings.imap.SOCKET_TYPE }}</socketType>
+      <authentication>plain</authentication>
+      <username>{{ emailaddress }}</username>
+    </incomingServer>
+
+    <outgoingServer type="smtp">
+      <hostname>{{ connection_settings.smtp.HOSTNAME }}</hostname>
+      <port>{{ connection_settings.smtp.PORT }}</port>
+      <socketType>{{ connection_settings.smtp.SOCKET_TYPE }}</socketType>
+      <authentication>plain</authentication>
+      <username>{{ emailaddress }}</username>
+    </outgoingServer>
+  </emailProvider>
+</clientConfig>

modoboa/autoconfig/templates/autoconfig/autodiscover.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
+  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+    <Account>
+      <AccountType>email</AccountType>
+      <Action>settings</Action>
+
+      <Protocol>
+        <Type>IMAP</Type>
+        <Server>{{ connection_settings.imap.HOSTNAME }}</Server>
+        <Port>{{ connection_settings.imap.PORT }}</Port>
+        <SSL>true</SSL>
+        <LoginName>{{ emailaddress }}</LoginName>
+      </Protocol>
+
+      <Protocol>
+        <Type>SMTP</Type>
+        <Server>{{ connection_settings.smtp.HOSTNAME }}</Server>
+        <Port>{{ connection_settings.smtp.PORT }}</Port>
+        <SSL>false</SSL>
+        <TLS>true</TLS>
+        <LoginName>{{ emailaddress }}</LoginName>
+      </Protocol>
+
+    </Account>
+  </Response>
+</Autodiscover>

modoboa/autoconfig/tests.py

@@ -0,0 +1,38 @@
+from django.test import TestCase
+from django.urls import reverse
+
+
+class ViewsTestCase(TestCase):
+
+    databases = "__all__"
+
+    def test_autoconfig(self):
+        url = reverse("autoconfig:autoconfig")
+
+        resp = self.client.get(url)
+        self.assertEqual(resp.status_code, 404)
+
+        resp = self.client.get(f"{url}?emailaddress=test@test.com")
+        self.assertEqual(resp.status_code, 200)
+
+        self.assertIn(b'<emailProvider id="test.com">', resp.content)
+
+    def test_autodiscover(self):
+        url = reverse("autoconfig:autodiscover")
+
+        resp = self.client.post(url)
+        self.assertEqual(resp.status_code, 404)
+
+        resp = self.client.post(url, {"EmailAddress": "test@test.com"})
+        self.assertEqual(resp.status_code, 200)
+
+        self.assertIn(b"<LoginName>test@test.com", resp.content)
+
+    def test_mobileconfig(self):
+        url = reverse("autoconfig:mobileconfig")
+
+        resp = self.client.get(url)
+        self.assertEqual(resp.status_code, 404)
+
+        resp = self.client.get(f"{url}?emailaddress=test@test.com")
+        self.assertEqual(resp.status_code, 200)

modoboa/autoconfig/urls.py

@@ -0,0 +1,21 @@
+"""Autoconfig urls."""
+
+from django.urls import path
+
+from modoboa.autoconfig import views
+
+app_name = "autoconfig"
+
+urlpatterns = [
+    path(
+        "mail/config-v1.1.xml",
+        views.AutoConfigView.as_view(),
+        name="autoconfig",
+    ),
+    path(
+        "autodiscover/autodiscover.xml",
+        views.AutoDiscoverView.as_view(),
+        name="autodiscover",
+    ),
+    path("mobileconfig", views.MobileConfigView.as_view(), name="mobileconfig"),
+]

modoboa/autoconfig/views.py

@@ -0,0 +1,109 @@
+import plistlib
+import uuid
+
+from django.conf import settings
+from django.http import Http404, HttpResponse
+from django.utils.decorators import method_decorator
+from django.views import generic
+from django.views.decorators.csrf import csrf_exempt
+
+from modoboa.lib.email_utils import split_address
+
+
+class ConfigBaseMixin:
+
+    content_type = "application/xml"
+
+    def get_common_context(self, emailaddress: str) -> dict:
+        local_part, domain = split_address(emailaddress)
+        return {
+            "emailaddress": emailaddress,
+            "domain": domain,
+            "connection_settings": settings.EMAIL_CLIENT_CONNECTION_SETTINGS,
+        }
+
+
+class AutoConfigView(ConfigBaseMixin, generic.TemplateView):
+
+    http_method_names = ["get"]
+    template_name = "autoconfig/autoconfig.xml"
+
+    def get_context_data(self, **kwargs):
+        emailaddress = self.request.GET.get("emailaddress")
+        if not emailaddress:
+            raise Http404
+        context = super().get_context_data(**kwargs)
+        context.update(self.get_common_context(emailaddress))
+        return context
+
+
+@method_decorator(csrf_exempt, name="dispatch")
+class AutoDiscoverView(ConfigBaseMixin, generic.TemplateView):
+
+    http_method_names = ["post"]
+    template_name = "autoconfig/autodiscover.xml"
+
+    def get_context_data(self, **kwargs):
+        emailaddress = self.request.POST.get("EmailAddress")
+        if not emailaddress:
+            raise Http404
+        context = super().get_context_data(**kwargs)
+        context.update(self.get_common_context(emailaddress))
+        return context
+
+    def post(self, request, *args, **kwargs):
+        context = self.get_context_data(**kwargs)
+        return self.render_to_response(context)
+
+
+class MobileConfigView(generic.View):
+
+    http_method_names = ["get"]
+
+    def get(self, request, *args, **kwargs):
+        emailaddress = self.request.GET.get("emailaddress")
+        if not emailaddress:
+            raise Http404
+        local_part, domain = split_address(emailaddress)
+        parts = domain.split(".")
+        parts.reverse()
+        reverse_domain = ".".join(parts)
+        imap_settings = settings.EMAIL_CLIENT_CONNECTION_SETTINGS["imap"]
+        smtp_settings = settings.EMAIL_CLIENT_CONNECTION_SETTINGS["smtp"]
+        profile = {
+            "PayloadType": "Configuration",
+            "PayloadVersion": 1,
+            "PayloadIdentifier": f"{reverse_domain}.mailprofile",
+            "PayloadUUID": str(uuid.uuid4()),
+            "PayloadDisplayName": f"{domain} Mail Configuration",
+            "PayloadOrganization": domain,
+            "PayloadContent": [
+                {
+                    "PayloadType": "com.apple.mail.managed",
+                    "PayloadVersion": 1,
+                    "PayloadIdentifier": f"{reverse_domain}.mailprofile.mail",
+                    "PayloadUUID": str(uuid.uuid4()),
+                    "PayloadDisplayName": "Mail",
+                    "EmailAccountDescription": f"{domain} Mail",
+                    "EmailAccountType": "EmailTypeIMAP",
+                    "EmailAddress": emailaddress,
+                    # incoming
+                    "IncomingMailServerHostName": imap_settings["HOSTNAME"],
+                    "IncomingMailServerPortNumber": imap_settings["PORT"],
+                    "IncomingMailServerUseSSL": True,
+                    "IncomingMailServerUsername": emailaddress,
+                    # outgoing
+                    "OutgoingMailServerHostName": smtp_settings["HOSTNAME"],
+                    "OutgoingMailServerPortNumber": smtp_settings["PORT"],
+                    "OutgoingMailServerUseSSL": True,
+                    "OutgoingMailServerUsername": emailaddress,
+                    "OutgoingPasswordSameAsIncomingPassword": True,
+                }
+            ],
+        }
+        plist_bytes = plistlib.dumps(profile, fmt=plistlib.FMT_XML)
+        resp = HttpResponse(
+            plist_bytes, content_type="application/x-apple-aspen-config"
+        )
+        resp["Content-Disposition"] = 'attachment; filename="mail.mobileconfig"'
+        return resp

modoboa/autoreply/api/v2/tests.py

@@ -62,7 +62,7 @@ class ARMessageViewSetTestCase(PatcherMixin, ModoAPITestCase):
     def test_retrieve_armessage_domadmin(self):
         admin = User.objects.get(username="admin@test.com")
         self.client.logout()
-        self.client.force_login(admin)
+        self.client.force_authenticate(admin)
         url = reverse("api:armessage-list")
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
@@ -74,7 +74,7 @@ class ARMessageViewSetTestCase(PatcherMixin, ModoAPITestCase):
 
     def test_retrieve_armessage_simpleuser(self):
         self.client.logout()
-        self.client.force_login(self.account)
+        self.client.force_authenticate(self.account)
         url = reverse("api:armessage-list")
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
@@ -156,7 +156,7 @@ class AccountARMessageViewSetTestCase(PatcherMixin, ModoAPITestCase):
         response = self.client.get(url)
         self.assertEqual(response.status_code, 403)
         self.client.logout()
-        self.client.force_login(self.account)
+        self.client.force_authenticate(self.account)
         self.assertFalse(
             models.ARmessage.objects.filter(mbox=self.account.mailbox).exists()
         )
@@ -168,7 +168,7 @@ class AccountARMessageViewSetTestCase(PatcherMixin, ModoAPITestCase):
 
     def test_set_armessage(self):
         self.client.logout()
-        self.client.force_login(self.account)
+        self.client.force_authenticate(self.account)
         url = reverse("api:account_armessage-armessage")
         fromdate = timezone.now()
         todate = fromdate + relativedelta(days=4)

modoboa/autoreply/models.py

@@ -58,9 +58,9 @@ class ARmessage(models.Model):
         name = "autoreply"
         action = [("vacation", ":subject", self.subject, ":days", days, content)]
         if not fset.getfilter(name):
-            fset.addfilter(name, condition, action)
+            fset.addfilter(name, condition, action, matchtype="allof")
         else:
-            fset.updatefilter(name, name, condition, action)
+            fset.updatefilter(name, name, condition, action, matchtype="allof")
         for filter in fset.filters:
             if filter["name"] == name:
                 filter["description"] = (