RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/notification/smtp_notifier.go

313 lines
8.7 KiB
Go
Raw Normal View History

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
package notification
import (
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"crypto/tls"
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
"crypto/x509"
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"errors"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
"fmt"
"net/smtp"
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"strings"
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
"time"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml
2019-12-24 02:14:52 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
[MISC] Consistently utilise correct logging interface (#1487) This change aims to utilise the correct logging interface consistently. The only instances where stdlib log is utilised is for tests and when commands that Authelia supports; for example certificate generation, password hashing and config validation.
2020-11-24 22:54:36 +00:00
"github.com/authelia/authelia/internal/logging"
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
"github.com/authelia/authelia/internal/utils"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
)
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// SMTPNotifier a notifier to send emails to SMTP servers.
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
type SMTPNotifier struct {
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
username string
password string
sender string
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
identifier string
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
host string
port int
disableRequireTLS bool
address string
subject string
startupCheckAddress string
client *smtp.Client
tlsConfig *tls.Config
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// NewSMTPNotifier creates a SMTPNotifier using the notifier configuration.
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
func NewSMTPNotifier(configuration schema.SMTPNotifierConfiguration, certPool *x509.CertPool) *SMTPNotifier {
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
notifier := &SMTPNotifier{
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
username: configuration.Username,
password: configuration.Password,
sender: configuration.Sender,
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
identifier: configuration.Identifier,
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
host: configuration.Host,
port: configuration.Port,
disableRequireTLS: configuration.DisableRequireTLS,
address: fmt.Sprintf("%s:%d", configuration.Host, configuration.Port),
subject: configuration.Subject,
startupCheckAddress: configuration.StartupCheckAddress,
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
tlsConfig: utils.NewTLSConfig(configuration.TLS, tls.VersionTLS12, certPool),
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return notifier
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
func (n *SMTPNotifier) startTLS() error {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
[Buildkite] Introduce CI linting with golangci-lint and reviewdog (#832) * [Buildkite] Introduce CI linting with golangci-lint and reviewdog * Initial pass of golangci-lint * Add gosimple (megacheck) recommendations * Add golint recommendations * [BUGFIX] Migrate authentication traces from v3 mongodb * Add deadcode recommendations * [BUGFIX] Fix ShortTimeouts suite when run in dev workflow * Add unused recommendations * Add unparam recommendations * Disable linting on unfixable errors instead of skipping files * Adjust nolint notation for unparam * Fix ineffectual assignment to err raised by linter. * Export environment variable in agent hook * Add ineffassign recommendations * Add staticcheck recommendations * Add gocyclo recommendations * Adjust ineffassign recommendations Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 01:05:17 +00:00
// Only start if not already encrypted
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
if _, ok := n.client.TLSConnectionState(); ok {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
return nil
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
}
[CI] Add gocritic linter (#977) * [CI] Add gocritic linter * Implement gocritic recommendations The outstanding recommendations are due to be addressed in #959 and #971 respectively. * Fix implementation tests * Fix remaining linting issues. * Fix tests. Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 00:52:06 +00:00
switch ok, _ := n.client.Extension("STARTTLS"); ok {
case true:
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP server supports STARTTLS (disableVerifyCert: %t, ServerName: %s), attempting", n.tlsConfig.InsecureSkipVerify, n.tlsConfig.ServerName)
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.client.StartTLS(n.tlsConfig); err != nil {
return err
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP STARTTLS completed without error")
[CI] Add gocritic linter (#977) * [CI] Add gocritic linter * Implement gocritic recommendations The outstanding recommendations are due to be addressed in #959 and #971 respectively. * Fix implementation tests * Fix remaining linting issues. * Fix tests. Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 00:52:06 +00:00
default:
switch n.disableRequireTLS {
case true:
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Warn("Notifier SMTP server does not support STARTTLS and SMTP configuration is set to disable the TLS requirement (only useful for unauthenticated emails over plain text)")
[CI] Add gocritic linter (#977) * [CI] Add gocritic linter * Implement gocritic recommendations The outstanding recommendations are due to be addressed in #959 and #971 respectively. * Fix implementation tests * Fix remaining linting issues. * Fix tests. Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 00:52:06 +00:00
default:
return errors.New("Notifier SMTP server does not support TLS and it is required by default (see documentation if you want to disable this highly recommended requirement)")
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
return nil
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Attempt Authentication.
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
func (n *SMTPNotifier) auth() error {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Attempt AUTH if password is specified only.
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
if n.password != "" {
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
_, ok := n.client.TLSConnectionState()
if !ok {
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
return errors.New("Notifier SMTP client does not support authentication over plain text and the connection is currently plain text")
Added sec warn, more debug logging detail - Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text) - Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 02:49:29 +00:00
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Check the server supports AUTH, and get the mechanisms.
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
ok, m := n.client.Extension("AUTH")
if ok {
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
var auth smtp.Auth
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP server supports authentication with the following mechanisms: %s", m)
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
mechanisms := strings.Split(m, " ")
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Adaptively select the AUTH mechanism to use based on what the server advertised.
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
if utils.IsStringInSlice("PLAIN", mechanisms) {
auth = smtp.PlainAuth("", n.username, n.password, n.host)
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP client attempting AUTH PLAIN with server")
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
} else if utils.IsStringInSlice("LOGIN", mechanisms) {
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
auth = newLoginAuth(n.username, n.password, n.host)
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP client attempting AUTH LOGIN with server")
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Throw error since AUTH extension is not supported.
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
if auth == nil {
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
return fmt.Errorf("notifier SMTP server does not advertise a AUTH mechanism that are supported by Authelia (PLAIN or LOGIN are supported, but server advertised %s mechanisms)", m)
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Authenticate.
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.client.Auth(auth); err != nil {
return err
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP client authenticated successfully with the server")
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
return nil
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
return errors.New("Notifier SMTP server does not advertise the AUTH extension but config requires AUTH (password specified), either disable AUTH, or use an SMTP host that supports AUTH PLAIN or AUTH LOGIN")
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP config has no password specified so authentication is being skipped")
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
return nil
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
}
Implement SMTP StartTLS and Adaptive Auth - If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending - Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs) - Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism - Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported - Changed secure key to use boolean values instead of strings - Arranged SMTP notifier properties/vars to be in the same order - Log the steps for STARTTLS (debug only) - Log the steps for AUTH (debug only)
2019-12-20 18:40:01 +00:00
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
func (n *SMTPNotifier) compose(recipient, subject, body, htmlBody string) error {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
logger.Debugf("Notifier SMTP client attempting to send email body to %s", recipient)
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
if !n.disableRequireTLS {
_, ok := n.client.TLSConnectionState()
if !ok {
return errors.New("Notifier SMTP client can't send an email over plain text connection")
}
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
wc, err := n.client.Data()
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP client error while obtaining WriteCloser: %s", err)
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return err
}
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
boundary := utils.RandomString(30, utils.AlphaNumericCharacters)
now := time.Now()
msg := "Date:" + now.Format(rfc5322DateTimeLayout) + "\n" +
"From: " + n.sender + "\n" +
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
"To: " + recipient + "\n" +
"Subject: " + subject + "\n" +
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
"MIME-version: 1.0\n" +
"Content-Type: multipart/alternative; boundary=" + boundary + "\n\n" +
"--" + boundary + "\n" +
"Content-Type: text/plain; charset=\"UTF-8\"\n" +
"Content-Transfer-Encoding: quoted-printable\n" +
"Content-Disposition: inline\n\n" +
body + "\n"
if htmlBody != "" {
msg += "--" + boundary + "\n" +
"Content-Type: text/html; charset=\"UTF-8\"\n\n" +
htmlBody + "\n"
}
msg += "--" + boundary + "--"
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
[Buildkite] Introduce CI linting with golangci-lint and reviewdog (#832) * [Buildkite] Introduce CI linting with golangci-lint and reviewdog * Initial pass of golangci-lint * Add gosimple (megacheck) recommendations * Add golint recommendations * [BUGFIX] Migrate authentication traces from v3 mongodb * Add deadcode recommendations * [BUGFIX] Fix ShortTimeouts suite when run in dev workflow * Add unused recommendations * Add unparam recommendations * Disable linting on unfixable errors instead of skipping files * Adjust nolint notation for unparam * Fix ineffectual assignment to err raised by linter. * Export environment variable in agent hook * Add ineffassign recommendations * Add staticcheck recommendations * Add gocyclo recommendations * Adjust ineffassign recommendations Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 01:05:17 +00:00
_, err = fmt.Fprint(wc, msg)
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP client error while sending email body over WriteCloser: %s", err)
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
return err
}
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
err = wc.Close()
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP client error while closing the WriteCloser: %s", err)
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return nil
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Dial the SMTP server with the SMTPNotifier config.
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
func (n *SMTPNotifier) dial() error {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
logger.Debugf("Notifier SMTP client attempting connection to %s", n.address)
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FEATURE] SMTPS support (#643) * [FEATURE] SMTPS Support - Added port_tls option to enable SMTPS, off by default. * Remove configuration variable for SMTPS Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable. * Add SMTPS warning and updated docs * Adjust SMTPS warning
2020-02-20 01:09:46 +00:00
if n.port == 465 {
fix(notifier): remove SMTPS warning (#2200) Removes a warning about SMTPS when using port 465 and replaces it with info about SUBMISSIONS.
2021-07-30 03:15:12 +00:00
logger.Infof("Notifier SMTP client using submissions port 465. Make sure the mail server you are connecting to is configured for submissions and not SMTPS.")
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FEATURE] SMTPS support (#643) * [FEATURE] SMTPS Support - Added port_tls option to enable SMTPS, off by default. * Remove configuration variable for SMTPS Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable. * Add SMTPS warning and updated docs * Adjust SMTPS warning
2020-02-20 01:09:46 +00:00
conn, err := tls.Dial("tcp", n.address, n.tlsConfig)
if err != nil {
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FEATURE] SMTPS support (#643) * [FEATURE] SMTPS Support - Added port_tls option to enable SMTPS, off by default. * Remove configuration variable for SMTPS Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable. * Add SMTPS warning and updated docs * Adjust SMTPS warning
2020-02-20 01:09:46 +00:00
client, err := smtp.NewClient(conn, n.host)
if err != nil {
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FEATURE] SMTPS support (#643) * [FEATURE] SMTPS Support - Added port_tls option to enable SMTPS, off by default. * Remove configuration variable for SMTPS Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable. * Add SMTPS warning and updated docs * Adjust SMTPS warning
2020-02-20 01:09:46 +00:00
n.client = client
} else {
client, err := smtp.Dial(n.address)
if err != nil {
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FEATURE] SMTPS support (#643) * [FEATURE] SMTPS Support - Added port_tls option to enable SMTPS, off by default. * Remove configuration variable for SMTPS Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable. * Add SMTPS warning and updated docs * Adjust SMTPS warning
2020-02-20 01:09:46 +00:00
n.client = client
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP client connected successfully")
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return nil
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Closes the connection properly.
[FIX] SMTP Notifier Unhandled Error Conditions (#585) - Only attempt to close the connection once it's established. - Defer the client Quit/Close so that it always executes at the end. - Fixes #585
2020-01-28 04:00:43 +00:00
func (n *SMTPNotifier) cleanup() {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
[FIX] SMTP Notifier Unhandled Error Conditions (#585) - Only attempt to close the connection once it's established. - Defer the client Quit/Close so that it always executes at the end. - Fixes #585
2020-01-28 04:00:43 +00:00
err := n.client.Quit()
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Warnf("Notifier SMTP client encountered error during cleanup: %s", err)
[FIX] SMTP Notifier Unhandled Error Conditions (#585) - Only attempt to close the connection once it's established. - Defer the client Quit/Close so that it always executes at the end. - Fixes #585
2020-01-28 04:00:43 +00:00
}
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// StartupCheck checks the server is functioning correctly and the configuration is correct.
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
func (n *SMTPNotifier) StartupCheck() (bool, error) {
if err := n.dial(); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
defer n.cleanup()
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
if err := n.client.Hello(n.identifier); err != nil {
return false, err
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.startTLS(); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.auth(); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.client.Mail(n.sender); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.client.Rcpt(n.startupCheckAddress); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
if err := n.client.Reset(); err != nil {
return false, err
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
[FIX] File Notifier Default Permissions (#902) * [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
2020-04-23 02:01:24 +00:00
return true, nil
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
}
// Send is used to send an email to a recipient.
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
func (n *SMTPNotifier) Send(recipient, title, body, htmlBody string) error {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger := logging.Logger()
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
subject := strings.ReplaceAll(n.subject, "{title}", title)
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[FIX] SMTP Notifier Unhandled Error Conditions (#585) - Only attempt to close the connection once it's established. - Defer the client Quit/Close so that it always executes at the end. - Fixes #585
2020-01-28 04:00:43 +00:00
if err := n.dial(); err != nil {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
return err
}
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Always execute QUIT at the end once we're connected.
[FIX] SMTP Notifier Unhandled Error Conditions (#585) - Only attempt to close the connection once it's established. - Defer the client Quit/Close so that it always executes at the end. - Fixes #585
2020-01-28 04:00:43 +00:00
defer n.cleanup()
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
if err := n.client.Hello(n.identifier); err != nil {
return err
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Start TLS and then Authenticate.
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
if err := n.startTLS(); err != nil {
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
[MISC] Linting unparam fixes (#892) * remove unused bools
2020-04-21 05:53:47 +00:00
if err := n.auth(); err != nil {
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return err
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Set the sender and recipient first.
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
if err := n.client.Mail(n.sender); err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP failed while sending MAIL FROM (using sender) with error: %s", err)
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return err
}
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
if err := n.client.Rcpt(recipient); err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debugf("Notifier SMTP failed while sending RCPT TO (using recipient) with error: %s", err)
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes
2019-12-30 02:03:51 +00:00
return err
}
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
// Compose and send the email body to the server.
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
if err := n.compose(recipient, subject, body, htmlBody); err != nil {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
return err
}
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Debug("Notifier SMTP client successfully sent email")
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 19:35:32 +00:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
return nil
}