Send mail from user's Gmail address ?

[Alex Nemoy]

Hello,

Can an application send mail From: the logged in user's Gmail account?

The documentation at
http://code.google.com/appengine/docs/python/mail/sendingmail.html
has this to say

"The sender address can be either the email address of a registered
administrator for the application, or the email address of the current
signed-in user (the user making the request that is sending the
message)"

The current signed-in user has a Gmail account used to sign in, is
that a valid sender address?

Just below that paragraph there's a code snippet that has
@login_required before a POST request, which does not work, so maybe
the paragraph I cited is incomplete or not valid either anymore?

thank you
N.

[Danny Tuppeny]

What do you mean by "does not work"? Do you get an error? I so, can
you post it here?

On Jan 23, 8:32 pm, Alex Nemoy <nemo1...@gmail.com> wrote:
> Hello,
>
> Can an application send mail From: the logged in user's Gmail account?
>

> The documentation athttp://code.google.com/appengine/docs/python/mail/sendingmail.html

[nemo nemo]

thanks for the quick answer.

I get something like below in the logs.

The mail API call is made from a task queue, if it makes a difference.

I assume the queued task has the same privileges as the request that queued it and which only works when logged in.

I can send mail  using the app creator's gmail address (admin) but not with another gmail logon.

Unauthorized sender

Traceback (most recent call last):

  File "/base/python_lib/versions/1/google/appengine/ext/webapp/__init__.py", line 509, in __call__

    handler.post(*groups)

  File "/base/data/home/apps/appname/1.339355239729544957/main.py", line 60, in post

    mail_body,

  File "/base/python_lib/versions/1/google/appengine/api/mail.py", line 260, in send_mail

    message.send(make_sync_call)

  File "/base/python_lib/versions/1/google/appengine/api/mail.py", line 735, in send

    raise ERROR_MAP[e.application_error](e.error_detail)

InvalidSenderError: Unauthorized sender

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

[Danny Tuppeny]

> I assume the queued task has the same privileges as the request that queued it and which only works when logged in.

I don't know for sure, but I'd guess that's not the case. You can use "login: admin" to stop users calling the task URLs, so I suspect they run in the same way as cron jobs, which are considered to be admins.

If this is the case, I think it's worth posting in the issue tracker. I think it's valid functionality to be able to offload your emails to tasks, however there would probably need to be something to stop abuse of this (eg. a task that keeps queuing itself and can be used to send spam from a users address).

2010/1/24 nemo nemo <nemo...@gmail.com>

[Alex Nemoy]

On Sun, Jan 24, 2010 at 8:58 PM, Danny Tuppeny <da...@tuppeny.com> wrote:

> I assume the queued task has the same privileges as the request that queued it and which only works when logged in.

I don't know for sure, but I'd guess that's not the case. You can use "login: admin" to stop users calling the task URLs, so I suspect they run in the same way as cron jobs, which are considered to be admins.

I think you're right, thanks. Re-reading the task queue documentation I see:

' Note: While task queues can use URL paths restricted with login: admin, they cannot use URL paths restricted with login: required.'

there's even an issue filed, not sure if it is considered a bug or a feature by the developers

http://code.google.com/p/googleappengine/issues/detail?id=1909