RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/notification/smtp_notifier.go

142 lines
4.1 KiB
Go
Raw Normal View History

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
package notification
import (
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"crypto/tls"
"errors"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
"fmt"
"net/smtp"
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"strings"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml
2019-12-24 02:14:52 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"github.com/authelia/authelia/internal/utils"
log "github.com/sirupsen/logrus"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
)
// SMTPNotifier a notifier to send emails to SMTP servers.
type SMTPNotifier struct {
username string
password string
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
sender string
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
host string
port int
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
secure bool
address string
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
// NewSMTPNotifier create an SMTPNotifier targeting a given address.
func NewSMTPNotifier(configuration schema.SMTPNotifierConfiguration) *SMTPNotifier {
return &SMTPNotifier{
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
username: configuration.Username,
password: configuration.Password,
sender: configuration.Sender,
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
host: configuration.Host,
port: configuration.Port,
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
secure: configuration.Secure,
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
address: fmt.Sprintf("%s:%d", configuration.Host, configuration.Port),
}
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
// Send send a identity verification link to a user.
func (n *SMTPNotifier) Send(recipient string, subject string, body string) error {
msg := "From: " + n.sender + "\n" +
"To: " + recipient + "\n" +
"Subject: " + subject + "\n" +
"MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n" +
body
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
c, err := smtp.Dial(n.address)
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own.
2019-11-02 14:32:58 +00:00
if err != nil {
return err
}
Fix spelling errors
2020-01-05 23:03:16 +00:00
// Do StartTLS if available (some servers only provide the auth extnesion after, and encryption is preferred)
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
starttls, _ := c.Extension("STARTTLS")
if starttls {
tlsconfig := &tls.Config{
InsecureSkipVerify: !n.secure,
ServerName: n.host,
}
log.Debugf("SMTP server supports STARTTLS (InsecureSkipVerify: %t, ServerName: %s), attempting", tlsconfig.InsecureSkipVerify, tlsconfig.ServerName)
err := c.StartTLS(tlsconfig)
if err != nil {
return err
} else {
log.Debug("SMTP STARTTLS completed without error")
}
} else {
log.Debug("SMTP server does not support STARTTLS, skipping")
}
// Attempt AUTH if password is specified only
if n.password != "" {
Added sec warn, more debug logging detail - Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text) - Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 02:49:29 +00:00
if !starttls {
log.Warn("Authentication is being attempted over an insecure connection. Using a SMTP server that supports STARTTLS is recommended, especially if the server is not on your local network (username and pasword are being transmitted in plain-text).")
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
// Check the server supports AUTH, and get the mechanisms
authExtension, m := c.Extension("AUTH")
if authExtension {
log.Debugf("Config has SMTP password and server supports AUTH with the following mechanisms: %s.", m)
mechanisms := strings.Split(m, " ")
var auth smtp.Auth
// Adaptively select the AUTH mechanism to use based on what the server advertised
if utils.IsStringInSlice("PLAIN", mechanisms) {
auth = smtp.PlainAuth("", n.username, n.password, n.host)
log.Debug("SMTP server supports AUTH PLAIN, attempting...")
} else if utils.IsStringInSlice("LOGIN", mechanisms) {
auth = LoginAuth(n.username, n.password)
log.Debug("SMTP server supports AUTH LOGIN, attempting...")
}
// Throw error since AUTH extension is not supported
if auth == nil {
Added sec warn, more debug logging detail - Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text) - Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 02:49:29 +00:00
return fmt.Errorf("SMTP server does not advertise a AUTH mechanism that Authelia supports (PLAIN or LOGIN). Advertised mechanisms: %s.", m)
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
// Authenticate
err := c.Auth(auth)
if err != nil {
return err
} else {
log.Debug("SMTP AUTH completed successfully.")
}
} else {
return errors.New("SMTP server does not advertise the AUTH extension but a password was specified. Either disable auth (don't specify a password/comment the password), or specify an SMTP host and port that supports AUTH PLAIN or AUTH LOGIN.")
}
} else {
log.Debug("SMTP config has no password specified for use with AUTH, skipping.")
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
// Set the sender and recipient first
if err := c.Mail(n.sender); err != nil {
return err
}
if err := c.Rcpt(recipient); err != nil {
return err
}
// Send the email body.
wc, err := c.Data()
if err != nil {
return err
}
_, err = fmt.Fprintf(wc, msg)
if err != nil {
return err
}
err = wc.Close()
if err != nil {
return err
}
// Send the QUIT command and close the connection.
err = c.Quit()
if err != nil {
return err
}
return nil
}