From 67b65bf67d002c8dfe135a18d0547ad613428112 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Wed, 19 Mar 2025 10:25:19 +0100
Subject: [PATCH] SMTP config: Do not accept non-ASCII passwords (Z#23186129)
 (#4922)

* SMTP config: Do not accept non-ASCII passwords

Python's SMTP implementation can't seem to handle non-ascii passwords,
so let's not let people enter them.

* Update src/pretix/control/forms/mailsetup.py

Co-authored-by: Mira <weller@rami.io>

---------

Co-authored-by: Mira <weller@rami.io>
---
 src/pretix/control/forms/mailsetup.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/pretix/control/forms/mailsetup.py b/src/pretix/control/forms/mailsetup.py
index d3c0e91c17..bece8832fb 100644
--- a/src/pretix/control/forms/mailsetup.py
+++ b/src/pretix/control/forms/mailsetup.py
@@ -25,6 +25,8 @@ import socket
 from django import forms
 from django.conf import settings
 from django.core.exceptions import ValidationError
+from django.core.validators import RegexValidator
+from django.utils.text import format_lazy
 from django.utils.translation import gettext_lazy as _
 
 from pretix.base.forms import SecretKeySettingsField, SettingsForm
@@ -54,6 +56,15 @@ class SMTPMailForm(SettingsForm):
     smtp_password = SecretKeySettingsField(
         label=_("Password"),
         required=False,
+        validators=[RegexValidator(
+            r"^[A-Za-z0-9!\"#$%&'()*+,./:;<=>?@\^_`{}|~-]+$",
+            message=format_lazy(
+                _("The password contains characters not supported by our email system. Please only use characters "
+                  "A-Z, a-z, 0-9, and common special characters ({characters})."),
+
+                characters=r'!"#$%%&\'()*+,-./:;<=>?@\^_`{}|~'
+            )
+        )]
     )
     smtp_use_tls = forms.BooleanField(
         label=_("Use STARTTLS"),