fix: prevent confusion with no-reply and disabled aliases on front-end

app/controllers/web/my-account/generate-alias-password.js

@@ -1,5 +1,10 @@
+const Boom = require('@hapi/boom');
+const noReplyList = require('reserved-email-addresses-list/no-reply-list.json');
+
 const Aliases = require('#models/aliases');
 
+const NO_REPLY_USERNAMES = new Set(noReplyList);
+
 async function generateAliasPassword(ctx) {
   // if domain has not yet been setup yet then alert user
   if (
@@ -30,6 +35,15 @@ async function generateAliasPassword(ctx) {
   );
   try {
     const alias = await Aliases.findById(ctx.state.alias._id);
+    // prevent for disabled usernames
+    if (!alias.is_enabled)
+      throw Boom.badRequest(ctx.translateError('ALIAS_IS_NOT_ENABLED'));
+
+    // prevent for no-reply usernames
+    const string = alias.name.replace(/[^\da-z]/g, '');
+    if (NO_REPLY_USERNAMES.has(string))
+      throw Boom.badRequest(ctx.translateError('NO_REPLY_USERNAME_NO_SMTP'));
+
     // set locale for translation in `createToken`
     alias.locale = ctx.locale;
     // TODO: support more than one generated password

app/views/layout.pug

@@ -227,12 +227,12 @@ html.h-100.no-js(
   body.d-flex.flex-column.min-h-100.app(
     role="document",
     onload=isBot(ctx.get("User-Agent")) ? "if (typeof lazyload === 'function') { lazyload(); }" : false,
-    id=!isPDF && (ctx.pathWithoutLocale === "/" || ctx.pathWithoutLocale === '/private-business-email') && !isBot(ctx.get("User-Agent")) ? "freddy" : "",
+    id=!isPDF && (ctx.pathWithoutLocale === "/" || ctx.pathWithoutLocale === "/private-business-email") && !isBot(ctx.get("User-Agent")) ? "freddy" : "",
     data-ignore-hash-change=ctx.pathWithoutLocale === "/" ? true : false
   )
     //- Safari has performance issues (but we want iPhone/iPad to look good too)
     //- <https://stackoverflow.com/a/40463096>
-    - const isSafari = /^((?!chrome|android|crios|fxios).)*safari/i.test(ctx.get("User-Agent")) && ctx.get('User-Agent') && (!ctx.get('User-Agent').includes('iPad') && !ctx.get('User-Agent').includes('iPhone'))
+    - const isSafari = /^((?!chrome|android|crios|fxios).)*safari/i.test(ctx.get("User-Agent")) && ctx.get("User-Agent") && !ctx.get("User-Agent").includes("iPad") && !ctx.get("User-Agent").includes("iPhone");
     if (!isPDF && !isSafari && (ctx.pathWithoutLocale === '/' || ctx.pathWithoutLocale === '/private-business-email') && !isBot(ctx.get('User-Agent')))
       #stars.user-select-none
       #rocket.user-select-none

app/views/my-account/domains/aliases/_table.pug

@@ -137,7 +137,7 @@ include ../../../_pagination
                         = t("Delete Alias")
                   //- generate password for alias
                   //- TODO: support more than one generated password
-                  if !domain.is_global && alias.name !== '*' && !alias.name.startsWith('/') && !_.isDate(domain.smtp_suspended_sent_at) && domain.plan !== 'free'
+                  if !domain.is_global && alias.name !== '*' && alias.is_enabled && !alias.name.startsWith('/') && !_.isDate(domain.smtp_suspended_sent_at) && domain.plan !== 'free'
                     form.ajax-form.confirm-prompt.d-inline-block(
                       action=l(`/my-account/domains/${domain.name}/aliases/${alias.id}/generate-password`),
                       data-confirm-prompt-title=t("Generate new password?"),

app/views/pricing.pug

@@ -423,7 +423,7 @@ block body
             alt=t("Professional Private Business Email")
           )
 
-  .bg-dark.py-3.py-md-5.d-block.text-white#frequently-asked-questions
+  #frequently-asked-questions.bg-dark.py-3.py-md-5.d-block.text-white
     .container
       .row
         .col

config/phrases.js

@@ -67,6 +67,8 @@ module.exports = {
   EMAIL_DOES_NOT_EXIST: 'Email does not exist.',
   EMAIL_REMOVED: 'Email was removed from the queue by an admin.',
   INVALID_EMAIL_STATUS: 'Email status must be pending, queued, or deferred.',
+  NO_REPLY_USERNAME_NO_SMTP:
+    'You cannot use a "no-reply" username for outbound SMTP.',
   NO_REPLY_USERNAME_DISALLOWED:
     'You cannot use a "no-reply" username for an alias.',
   INVALID_DMARC_RESULT:

locales/ar.json

@@ -4813,5 +4813,6 @@
   "Signup": "اشتراك",
   "See Features": "انظر الميزات",
   "Read more questions and answers": "اقرأ المزيد من الأسئلة والأجوبة",
-  "Product Tour": "جولة المنتج"
+  "Product Tour": "جولة المنتج",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "لا يمكنك استخدام اسم مستخدم \"عدم الرد\" لـ SMTP الصادر."
 }

locales/cs.json

@@ -4813,5 +4813,6 @@
   "Signup": "Přihlásit se",
   "See Features": "Viz Funkce",
   "Read more questions and answers": "Přečtěte si další otázky a odpovědi",
-  "Product Tour": "Prohlídka produktu"
+  "Product Tour": "Prohlídka produktu",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Pro odchozí SMTP nemůžete použít uživatelské jméno \"bez odpovědi\"."
 }

locales/da.json

@@ -4549,5 +4549,6 @@
   "Signup": "Tilmelde",
   "See Features": "Se Funktioner",
   "Read more questions and answers": "Læs flere spørgsmål og svar",
-  "Product Tour": "Produktrundvisning"
+  "Product Tour": "Produktrundvisning",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Du kan ikke bruge et \"no-reply\"-brugernavn til udgående SMTP."
 }

locales/de.json

@@ -3841,5 +3841,6 @@
   "Signup": "Melden Sie sich an",
   "See Features": "Siehe Funktionen",
   "Read more questions and answers": "Lesen Sie weitere Fragen und Antworten",
-  "Product Tour": "Produkttour"
+  "Product Tour": "Produkttour",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Sie können für ausgehendes SMTP keinen „No-Reply“-Benutzernamen verwenden."
 }

locales/es.json

@@ -4811,5 +4811,6 @@
   "Signup": "Inscribirse",
   "See Features": "Ver características",
   "Read more questions and answers": "Leer más preguntas y respuestas",
-  "Product Tour": "Tour del producto"
+  "Product Tour": "Tour del producto",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "No puede utilizar un nombre de usuario \"sin respuesta\" para SMTP saliente."
 }

locales/fi.json

@@ -4658,5 +4658,6 @@
   "Signup": "Kirjaudu",
   "See Features": "Katso Ominaisuudet",
   "Read more questions and answers": "Lue lisää kysymyksiä ja vastauksia",
-  "Product Tour": "Tuotekierros"
+  "Product Tour": "Tuotekierros",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Et voi käyttää \"ei vastausta\" -käyttäjänimeä lähtevälle SMTP:lle."
 }

locales/fr.json

@@ -4813,5 +4813,6 @@
   "Signup": "S'inscrire",
   "See Features": "Voir les fonctionnalités",
   "Read more questions and answers": "Lire plus de questions et réponses",
-  "Product Tour": "Visite guidée du produit"
+  "Product Tour": "Visite guidée du produit",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Vous ne pouvez pas utiliser un nom d'utilisateur « sans réponse » pour le SMTP sortant."
 }

locales/he.json

@@ -4813,5 +4813,6 @@
   "Signup": "הירשם",
   "See Features": "ראה תכונות",
   "Read more questions and answers": "קרא עוד שאלות ותשובות",
-  "Product Tour": "סיור מוצרים"
+  "Product Tour": "סיור מוצרים",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "אינך יכול להשתמש בשם משתמש \"ללא תגובה\" עבור SMTP יוצא."
 }

locales/hu.json

@@ -4813,5 +4813,6 @@
   "Signup": "Regisztrálj",
   "See Features": "Lásd: Jellemzők",
   "Read more questions and answers": "Olvassa el a további kérdéseket és válaszokat",
-  "Product Tour": "Terméktúra"
+  "Product Tour": "Terméktúra",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Nem használhat „válasz nélküli” felhasználónevet a kimenő SMTP-hez."
 }

locales/id.json

@@ -4813,5 +4813,6 @@
   "Signup": "Mendaftar",
   "See Features": "Lihat Fitur",
   "Read more questions and answers": "Baca lebih lanjut pertanyaan dan jawaban",
-  "Product Tour": "Jelajahi Produk"
+  "Product Tour": "Jelajahi Produk",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Anda tidak dapat menggunakan nama pengguna \"tidak ada balasan\" untuk SMTP keluar."
 }

locales/it.json

@@ -4813,5 +4813,6 @@
   "Signup": "Iscrizione",
   "See Features": "Vedi Caratteristiche",
   "Read more questions and answers": "Leggi altre domande e risposte",
-  "Product Tour": "Tour del prodotto"
+  "Product Tour": "Tour del prodotto",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Non è possibile utilizzare un nome utente \"no-reply\" per SMTP in uscita."
 }

locales/ja.json

@@ -4813,5 +4813,6 @@
   "Signup": "サインアップ",
   "See Features": "機能を見る",
   "Read more questions and answers": "質問と回答をもっと読む",
-  "Product Tour": "製品ツアー"
+  "Product Tour": "製品ツアー",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "送信 SMTP に「応答なし」ユーザー名を使用することはできません。"
 }

locales/ko.json

@@ -4813,5 +4813,6 @@
   "Signup": "가입하기",
   "See Features": "기능 보기",
   "Read more questions and answers": "더 많은 질문과 답변을 읽어보세요",
-  "Product Tour": "제품 투어"
+  "Product Tour": "제품 투어",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "아웃바운드 SMTP에는 \"응답 없음\" 사용자 이름을 사용할 수 없습니다."
 }

locales/nl.json

@@ -4813,5 +4813,6 @@
   "Signup": "Aanmelden",
   "See Features": "Zie Kenmerken",
   "Read more questions and answers": "Lees meer vragen en antwoorden",
-  "Product Tour": "Productrondleiding"
+  "Product Tour": "Productrondleiding",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "U kunt geen \"no-reply\"-gebruikersnaam gebruiken voor uitgaande SMTP."
 }

locales/no.json

@@ -4818,5 +4818,6 @@
   "Signup": "Melde deg på",
   "See Features": "Se funksjoner",
   "Read more questions and answers": "Les flere spørsmål og svar",
-  "Product Tour": "Produktomvisning"
+  "Product Tour": "Produktomvisning",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Du kan ikke bruke et \"ikke-svar\"-brukernavn for utgående SMTP."
 }

locales/pl.json

@@ -4813,5 +4813,6 @@
   "Signup": "Zapisać się",
   "See Features": "Zobacz Funkcje",
   "Read more questions and answers": "Przeczytaj więcej pytań i odpowiedzi",
-  "Product Tour": "Wycieczka po produkcie"
+  "Product Tour": "Wycieczka po produkcie",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Nie możesz używać nazwy użytkownika „no-repl” dla wychodzących SMTP."
 }

locales/pt.json

@@ -4813,5 +4813,6 @@
   "Signup": "Inscrever-se",
   "See Features": "Veja recursos",
   "Read more questions and answers": "Leia mais perguntas e respostas",
-  "Product Tour": "Tour do produto"
+  "Product Tour": "Tour do produto",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Você não pode usar um nome de usuário \"sem resposta\" para SMTP de saída."
 }

locales/ru.json

@@ -4813,5 +4813,6 @@
   "Signup": "Зарегистрироваться",
   "See Features": "См. возможности",
   "Read more questions and answers": "Читать больше вопросов и ответов",
-  "Product Tour": "Обзор продукта"
+  "Product Tour": "Обзор продукта",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Вы не можете использовать имя пользователя без ответа для исходящего SMTP."
 }

locales/sv.json

@@ -4813,5 +4813,6 @@
   "Signup": "Bli Medlem",
   "See Features": "Se Funktioner",
   "Read more questions and answers": "Läs fler frågor och svar",
-  "Product Tour": "Produktrundtur"
+  "Product Tour": "Produktrundtur",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Du kan inte använda ett \"no-reply\"-användarnamn för utgående SMTP."
 }

locales/th.json

@@ -4813,5 +4813,6 @@
   "Signup": "ลงชื่อ",
   "See Features": "ดูคุณสมบัติ",
   "Read more questions and answers": "อ่านคำถามและคำตอบเพิ่มเติม",
-  "Product Tour": "ทัวร์ชมผลิตภัณฑ์"
+  "Product Tour": "ทัวร์ชมผลิตภัณฑ์",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "คุณไม่สามารถใช้ชื่อผู้ใช้ \"ไม่ตอบกลับ\" สำหรับ SMTP ขาออก"
 }

locales/tr.json

@@ -4813,5 +4813,6 @@
   "Signup": "Üye olmak",
   "See Features": "Özellikleri Gör",
   "Read more questions and answers": "Daha fazla soru ve cevap okuyun",
-  "Product Tour": "Ürün Turu"
+  "Product Tour": "Ürün Turu",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Giden SMTP için \"yanıt yok\" kullanıcı adını kullanamazsınız."
 }

locales/uk.json

@@ -4813,5 +4813,6 @@
   "Signup": "Реєстрація",
   "See Features": "Дивіться функції",
   "Read more questions and answers": "Читайте більше питань і відповідей",
-  "Product Tour": "Екскурсія продуктом"
+  "Product Tour": "Екскурсія продуктом",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Ви не можете використовувати ім’я користувача без відповіді для вихідного SMTP."
 }

locales/vi.json

@@ -4813,5 +4813,6 @@
   "Signup": "Đăng ký",
   "See Features": "Xem tính năng",
   "Read more questions and answers": "Đọc thêm câu hỏi và câu trả lời",
-  "Product Tour": "Tham quan sản phẩm"
+  "Product Tour": "Tham quan sản phẩm",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "Bạn không thể sử dụng tên người dùng \"không trả lời\" cho SMTP gửi đi."
 }

locales/zh.json

@@ -4504,5 +4504,6 @@
   "Signup": "报名",
   "See Features": "查看功能",
   "Read more questions and answers": "阅读更多问题和答案",
-  "Product Tour": "产品展示"
+  "Product Tour": "产品展示",
+  "You cannot use a \"no-reply\" username for outbound SMTP.": "您不能对出站 SMTP 使用“无回复”用户名。"
 }