From 5d6446ae75291f69bb39c6f4ab6bc6a31ecc008e Mon Sep 17 00:00:00 2001 From: Konrad du Plessis Date: Wed, 22 Apr 2026 04:33:15 +0200 Subject: [PATCH] Fix empty DEFAULT_FROM_EMAIL causing 'Invalid address' on outbound mail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When DEFAULT_FROM_EMAIL env var isn't set, it defaulted to an empty string, causing every outbound email (receipts, payslips) to fail with: Invalid address "". Phase 1 removed the hardcoded Gmail fallback for security. The cleanest restore — without reintroducing a secret default — is to fall back to EMAIL_HOST_USER, which is already the authenticated Gmail address we send AS. That address is always valid when SMTP auth works, and it's already set on the VM (otherwise sending would fail with an auth error instead). Now: DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "") or EMAIL_HOST_USER Verified locally: when DEFAULT_FROM_EMAIL is unset and EMAIL_HOST_USER is 'test@example.com', DEFAULT_FROM_EMAIL resolves to the same address. Co-Authored-By: Claude Opus 4.7 (1M context) --- config/settings.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/settings.py b/config/settings.py index b531b34..cad53bd 100644 --- a/config/settings.py +++ b/config/settings.py @@ -226,7 +226,13 @@ EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER", "") # set on deploy platform EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD", "") # set on deploy platform EMAIL_USE_TLS = os.getenv("EMAIL_USE_TLS", "true").lower() == "true" EMAIL_USE_SSL = os.getenv("EMAIL_USE_SSL", "false").lower() == "true" -DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "") +# === FROM-ADDRESS === +# Where outgoing emails appear to come from. If DEFAULT_FROM_EMAIL isn't +# explicitly set, fall back to the Gmail address we authenticate as — +# that's always a valid sender since it's the same account sending the email. +# Without this fallback, emails fail with "Invalid address ''" if the +# env var is missing, even though auth + SMTP are otherwise fine. +DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "") or EMAIL_HOST_USER CONTACT_EMAIL_TO = [ item.strip() for item in os.getenv("CONTACT_EMAIL_TO", DEFAULT_FROM_EMAIL).split(",")