stages/email: fix sanitization of email addresses

authentik/stages/email/tests/test_templates.py

@@ -96,7 +96,7 @@
         """Test addresses are correctly parsed"""
         message = TemplateEmailMessage(to=[("[email protected]", "[email protected]")])
         [sanitize_address(addr, "utf-8") for addr in message.recipients()]
-        self.assertEqual(message.recipients(), ["[email protected]"])
+        self.assertEqual(message.recipients(), ['"[email protected]" <[email protected]>'])
         message = TemplateEmailMessage(to=[("some-name", "[email protected]")])
         [sanitize_address(addr, "utf-8") for addr in message.recipients()]
         self.assertEqual(message.recipients(), ["some-name <[email protected]>"])

authentik/stages/email/utils.py

@@ -5,6 +5,7 @@
 from pathlib import Path
 
 from django.core.mail import EmailMultiAlternatives
+from django.core.mail.message import sanitize_address
 from django.template.exceptions import TemplateDoesNotExist
 from django.template.loader import render_to_string
 from django.utils import translation
@@ -31,10 +32,7 @@ def __init__(
         sanitized_to = []
         # Ensure that all recipients are valid
         for recipient_name, recipient_email in to:
-            if recipient_name == recipient_email:
-                sanitized_to.append(recipient_email)
-            else:
-                sanitized_to.append(f"{recipient_name} <{recipient_email}>")
+            sanitized_to.append(sanitize_address((recipient_name, recipient_email), "utf-8"))
         super().__init__(to=sanitized_to, **kwargs)
         if not template_name:
             return