stages/email: fix sanitization of email addresses (#9999)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/stages/email/tests/test_templates.py

@@ -96,7 +96,7 @@ def test_template_address(self):
         """Test addresses are correctly parsed"""
         message = TemplateEmailMessage(to=[("foo@bar.baz", "foo@bar.baz")])
         [sanitize_address(addr, "utf-8") for addr in message.recipients()]
-        self.assertEqual(message.recipients(), ["foo@bar.baz"])
+        self.assertEqual(message.recipients(), ['"foo@bar.baz" <foo@bar.baz>'])
         message = TemplateEmailMessage(to=[("some-name", "foo@bar.baz")])
         [sanitize_address(addr, "utf-8") for addr in message.recipients()]
         self.assertEqual(message.recipients(), ["some-name <foo@bar.baz>"])

authentik/stages/email/utils.py

@@ -5,6 +5,7 @@
 from pathlib import Path
 
 from django.core.mail import EmailMultiAlternatives
+from django.core.mail.message import sanitize_address
 from django.template.exceptions import TemplateDoesNotExist
 from django.template.loader import render_to_string
 from django.utils import translation
@@ -31,10 +32,7 @@ def __init__(
         sanitized_to = []
         # Ensure that all recipients are valid
         for recipient_name, recipient_email in to:
-            if recipient_name == recipient_email:
-                sanitized_to.append(recipient_email)
-            else:
-                sanitized_to.append(f"{recipient_name} <{recipient_email}>")
+            sanitized_to.append(sanitize_address((recipient_name, recipient_email), "utf-8"))
         super().__init__(to=sanitized_to, **kwargs)
         if not template_name:
             return