Add SMTP notifier as an available option in configuration

One can now plug its own SMTP server to send notifications for identity validation and password reset requests. Filesystem has been removed from the template configuration file since even tests now use mail catcher (the fake webmail) to retrieve the email and the confirmation link.
2017-09-24 14:49:03 +02:00 · 2017-09-24 14:49:03 +02:00 · 4cd78f3f83
parent 7a2b45a66f
commit 4cd78f3f83
22 changed files with 195 additions and 57 deletions
--- a/.gitignore
+++ b/.gitignore
@ -29,3 +29,5 @@ dist/

 # Specific files
 /config.yml
+
+example/ldap/private.ldif
--- a/README.md
+++ b/README.md
@ -39,14 +39,15 @@ as 2nd factor.
 address.
 * Access restriction after too many authentication attempts.
 * Session management using Redis key/value store.
+* User-defined access control per subdomain and resource.

 ## Deployment

 If you don't have any LDAP and/or nginx setup yet, I advise you to follow the 
 [Getting Started](#Getting-started) section. That way, you can test it right away 
-without even configure anything.
+without even configuring anything.

-Otherwise here are the available steps to deploy **Authelia** on your machine given 
+Otherwise, here are the available steps to deploy **Authelia** on your machine given 
 your configuration file is **/path/to/your/config.yml**. Note that you can create your 
 own the configuration file from [config.template.yml] at the root of the repo.

@ -85,7 +86,7 @@ gave *Docker version 17.03.1-ce, build c6d412e*.
 gave *docker-compose version 1.14.0, build c7bdf9e*.

 #### Available port
-Make sure you don't have anything listening on port 8080.
+Make sure you don't have anything listening on port 8080 (webserver) and 8085 (webmail).

 #### Subdomain aliases

@ -141,10 +142,16 @@ You can find an example of the configuration of the LDAP backend in [config.temp
 ### Second factor with TOTP
 In **Authelia**, you can register a per user TOTP (Time-Based One Time Password) secret before 
 authenticating. To do that, you need to click on the register button. It will 
+<<<<<<< 7a2b45a66fba8ad1862f25cfa727df03d218ba83
 send a link to the user email address defined in the LDAP. 
 Since this is an example, no email will be sent, the link is rather delivered in the file 
 **/tmp/notifications/notification.txt**. Paste the link in your browser and you'll get 
 your secret in QRCode and Base32 format. You can use 
+=======
+send a link to the user email address stored in LDAP. Since this is an example, the email is sent 
+to a fake email address you can access from the webmail at [http://localhost:8085](http://localhost:8085). 
+Click on **Continue** and you'll get your secret in QRCode and Base32 formats. You can use 
+>>>>>>> Add SMTP notifier as an available option in configuration
 [Google Authenticator] 
 to store them and get the generated tokens with the app.

@ -155,11 +162,19 @@ to store them and get the generated tokens with the app.
 USB security keys. U2F is one of the most secure authentication protocol and is 
 already available for Google, Facebook, Github accounts and more.

+<<<<<<< 7a2b45a66fba8ad1862f25cfa727df03d218ba83
 Like TOTP, U2F requires you register a security key before authenticating. 
 To do so, click on the register link. This will send a link to the 
 user email address. Since this is an example, no email will be sent, the 
 link is rather delivered in the file **/tmp/notifications/notification.txt**. Paste 
 the link in your browser and you'll be asking to touch the token of your device 
+=======
+Like TOTP, U2F requires you register your security key before authenticating. 
+To do so, click on the register button. This will send a link to the 
+user email address. Since this is an example, the email is sent 
+to a fake email address you can access from the webmail at [http://localhost:8085](http://localhost:8085).
+Click on **Continue** and you'll be asking to touch the token of your device 
+>>>>>>> Add SMTP notifier as an available option in configuration
 to register. Upon successful registration, you can authenticate using your U2F 
 device by simply touching the token. Easy, right?!

@ -169,8 +184,8 @@ device by simply touching the token. Easy, right?!
 With **Authelia**, you can also reset your password in no time. Click on the 
 **Forgot password?** link in the login page, provide the username of the user requiring 
 a password reset and **Authelia** will send an email with an link to the user 
-email address. For the sake of the example, the email is delivered in the file 
-**/tmp/notifications/notification.txt**.
+email address. For the sake of the example, the email is delivered in a fake webmail deployed
+for you and accessible at [http://localhost:8085](http://localhost:8085).
 Paste the link in your browser and you should be able to reset the password.

 <img src="https://raw.githubusercontent.com/clems4ever/authelia/master/images/reset_password.png" width="400">
--- a/config.template.yml
+++ b/config.template.yml
@ -182,12 +182,15 @@ storage:
 # registration or a TOTP registration.
 # Use only an available configuration: filesystem, gmail
 notifier:
-  # For testing purpose, notifications can be sent in a file
-  filesystem:
-    filename: /var/lib/authelia/notifications/notification.txt
-
  # Use your gmail account to send the notifications. You can use an app password.
  # gmail:
  #   username: user@example.com
  #   password: yourpassword
  
+  # Use a SMTP server for sending notifications
+  smtp:
+    username: test
+    password: test
+    secure: false
+    host: 'smtp'
+    port: 1025
--- a/config.test.yml
+++ b/config.test.yml
@ -162,12 +162,16 @@ storage:
 # registration or a TOTP registration.
 # Use only an available configuration: filesystem, gmail
 notifier:
-  # For testing purpose, notifications can be sent in a file
-  filesystem:
-    filename: /var/lib/authelia/notifications/notification.txt
-
  # Use your gmail account to send the notifications. You can use an app password.
  # gmail:
  #   username: user@example.com
  #   password: yourpassword
  
+  # Use a SMTP server for sending notifications
+  smtp:
+    username: test
+    password: test
+    secure: false
+    host: 'smtp'
+    port: 1025
+  
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,7 +5,6 @@ services:
    restart: always
    volumes:
      - ./config.template.yml:/etc/authelia/config.yml:ro
-      - /tmp/notifications:/var/lib/authelia/notifications
    depends_on: 
      - redis
    networks:
--- a/example/ldap/base.ldif
+++ b/example/ldap/base.ldif
@ -25,7 +25,7 @@ dn: cn=john,ou=users,dc=example,dc=com
 cn: john
 objectclass: inetOrgPerson
 objectclass: top
-mail: john.doe@example.com
+mail: john.doe@authelia.com
 sn: John Doe
 userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

@ -33,7 +33,7 @@ dn: cn=harry,ou=users,dc=example,dc=com
 cn: harry
 objectclass: inetOrgPerson
 objectclass: top
-mail: harry.potter@example.com
+mail: harry.potter@authelia.com
 sn: Harry Potter
 userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

@ -41,7 +41,7 @@ dn: cn=bob,ou=users,dc=example,dc=com
 cn: bob
 objectclass: inetOrgPerson
 objectclass: top
-mail: bob.dylan@example.com
+mail: bob.dylan@authelia.com
 sn: Bob Dylan
 userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

@ -49,7 +49,7 @@ dn: cn=james,ou=users,dc=example,dc=com
 cn: james
 objectclass: inetOrgPerson
 objectclass: top
-mail: james.dean@example.com
+mail: james.dean@authelia.com
 sn: James Dean
 userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

@ -57,6 +57,6 @@ dn: cn=blackhat,ou=users,dc=example,dc=com
 cn: blackhat
 objectclass: inetOrgPerson
 objectclass: top
-mail: billy.blackhat@example.com
+mail: billy.blackhat@authelia.com
 sn: Billy BlackHat
 userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
--- a/example/ldap/docker-compose.yml
+++ b/example/ldap/docker-compose.yml
@ -12,6 +12,7 @@ services:
      - SLAPD_FORCE_RECONFIGURE=true
    volumes:
      - ./example/ldap/base.ldif:/etc/ldap.dist/prepopulate/base.ldif
+      - ./example/ldap/private.ldif:/etc/ldap.dist/prepopulate/private.ldif
      - ./example/ldap/access.rules:/etc/ldap.dist/prepopulate/access.rules
    networks:
      - example-network
--- a/example/smtp/docker-compose.yml
+++ b/example/smtp/docker-compose.yml
@ -0,0 +1,8 @@
+version: '2'
+services:
+  smtp:
+    image: schickling/mailcatcher
+    ports:
+      - "8085:1080"
+    networks:
+      - example-network
--- a/package.json
+++ b/package.json
@ -66,6 +66,7 @@
    "@types/randomstring": "^1.1.5",
    "@types/redis": "^2.6.0",
    "@types/request": "0.0.46",
+    "@types/request-promise": "^4.1.37",
    "@types/selenium-webdriver": "^3.0.4",
    "@types/sinon": "^2.2.1",
    "@types/speakeasy": "^2.0.1",
@ -94,6 +95,7 @@
    "proxyquire": "^1.8.0",
    "query-string": "^4.3.4",
    "request": "^2.81.0",
+    "request-promise": "^4.2.2",
    "selenium-webdriver": "^3.5.0",
    "should": "^11.1.1",
    "sinon": "^2.3.8",
--- a/scripts/dc-dev.sh
+++ b/scripts/dc-dev.sh
@ -9,5 +9,6 @@ docker-compose \
  -f example/mongo/docker-compose.yml \
  -f example/redis/docker-compose.yml \
  -f example/nginx/docker-compose.yml \
+  -f example/smtp/docker-compose.yml \
  -f example/ldap/docker-compose.admin.yml \
  -f example/ldap/docker-compose.yml $*
--- a/scripts/example-commit/dc-example.sh
+++ b/scripts/example-commit/dc-example.sh
@ -8,4 +8,5 @@ docker-compose \
  -f example/mongo/docker-compose.yml \
  -f example/redis/docker-compose.yml \
  -f example/nginx/docker-compose.yml \
+  -f example/smtp/docker-compose.yml \
  -f example/ldap/docker-compose.yml $*
--- a/scripts/example-commit/deploy-example.sh
+++ b/scripts/example-commit/deploy-example.sh
@ -3,4 +3,4 @@
 DC_SCRIPT=./scripts/example-commit/dc-example.sh

 $DC_SCRIPT build
-$DC_SCRIPT up -d mongo redis openldap authelia nginx
+$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
--- a/scripts/example-dockerhub/dc-example.sh
+++ b/scripts/example-dockerhub/dc-example.sh
@ -8,4 +8,5 @@ docker-compose \
  -f example/mongo/docker-compose.yml \
  -f example/redis/docker-compose.yml \
  -f example/nginx/docker-compose.yml \
+  -f example/smtp/docker-compose.yml \
  -f example/ldap/docker-compose.yml $*
--- a/scripts/example-dockerhub/deploy-example.sh
+++ b/scripts/example-dockerhub/deploy-example.sh
@ -3,4 +3,4 @@
 DC_SCRIPT=./scripts/example-dockerhub/dc-example.sh

 #$DC_SCRIPT build
-$DC_SCRIPT up -d mongo redis openldap authelia nginx
+$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
--- a/scripts/integration-tests.sh
+++ b/scripts/integration-tests.sh
@ -1,10 +1,10 @@
 #!/bin/bash

 DC_SCRIPT=./scripts/example-commit/dc-example.sh
-EXPECTED_SERVICES_COUNT=5
+EXPECTED_SERVICES_COUNT=6

 start_services() {
-    $DC_SCRIPT up -d mongo redis openldap authelia nginx
+    $DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
    sleep 3
 }

@ -29,7 +29,7 @@ expect_services_count() {
 run_integration_tests() {
  echo "Start services..."
  start_services
-  expect_services_count $EXPECTED_SERVICES_COUNT 
+  expect_services_count $EXPECTED_SERVICES_COUNT
  
  sleep 5
  ./node_modules/.bin/grunt run:integration-tests
@ -41,13 +41,13 @@ run_other_tests() {
  npm install --only=dev
  ./node_modules/.bin/grunt build-dist
  ./scripts/example-commit/deploy-example.sh
-  expect_services_count 5
+  expect_services_count $EXPECTED_SERVICES_COUNT
 }

 run_other_tests_docker() {
  echo "Test dev docker deployment (commands in README)"
  ./scripts/example-dockerhub/deploy-example.sh
-  expect_services_count 5
+  expect_services_count $EXPECTED_SERVICES_COUNT
 }


--- a/src/server/lib/configuration/Configuration.d.ts
+++ b/src/server/lib/configuration/Configuration.d.ts
@ -71,12 +71,21 @@ export interface GmailNotifierConfiguration {
    password: string;
 }

+export interface SmtpNotifierConfiguration {
+    username: string;
+    password: string;
+    host: string;
+    port: number;
+    secure: boolean;
+}
+
 export interface FileSystemNotifierConfiguration {
    filename: string;
 }

 export interface NotifierConfiguration {
    gmail?: GmailNotifierConfiguration;
+    smtp?: SmtpNotifierConfiguration;
    filesystem?: FileSystemNotifierConfiguration;
 }

--- a/src/server/lib/notifiers/AbstractEmailNotifier.ts
+++ b/src/server/lib/notifiers/AbstractEmailNotifier.ts
@ -0,0 +1,24 @@
+
+import { INotifier } from "../notifiers/INotifier";
+import { Identity } from "../../../types/Identity";
+
+import Fs = require("fs");
+import Path = require("path");
+import Ejs = require("ejs");
+import BluebirdPromise = require("bluebird");
+
+const email_template = Fs.readFileSync(Path.join(__dirname, "../../resources/email-template.ejs"), "UTF-8");
+
+export abstract class AbstractEmailNotifier implements INotifier {
+
+  notify(identity: Identity, subject: string, link: string): BluebirdPromise<void> {
+    const d = {
+      url: link,
+      button_title: "Continue",
+      title: subject
+    };
+    return this.sendEmail(identity.email, subject, Ejs.render(email_template, d));
+  }
+
+  abstract sendEmail(email: string, subject: string, content: string): BluebirdPromise<void>;
+}
--- a/src/server/lib/notifiers/GMailNotifier.ts
+++ b/src/server/lib/notifiers/GMailNotifier.ts
@ -1,21 +1,16 @@

 import * as BluebirdPromise from "bluebird";
-import * as fs from "fs";
-import * as ejs from "ejs";
 import nodemailer = require("nodemailer");

 import { Nodemailer } from "../../../types/Dependencies";
-import { Identity } from "../../../types/Identity";
-import { INotifier } from "../notifiers/INotifier";
+import { AbstractEmailNotifier } from "../notifiers/AbstractEmailNotifier";
 import { GmailNotifierConfiguration } from "../configuration/Configuration";
-import path = require("path");

-const email_template = fs.readFileSync(path.join(__dirname, "../../resources/email-template.ejs"), "UTF-8");
-
-export class GMailNotifier implements INotifier {
+export class GMailNotifier extends AbstractEmailNotifier {
  private transporter: any;

  constructor(options: GmailNotifierConfiguration, nodemailer: Nodemailer) {
+    super();
    const transporter = nodemailer.createTransport({
      service: "gmail",
      auth: {
@ -26,18 +21,12 @@ export class GMailNotifier implements INotifier {
    this.transporter = BluebirdPromise.promisifyAll(transporter);
  }

-  notify(identity: Identity, subject: string, link: string): BluebirdPromise<void> {
-    const d = {
-      url: link,
-      button_title: "Continue",
-      title: subject
-    };
-
+  sendEmail(email: string, subject: string, content: string) {
    const mailOptions = {
      from: "authelia@authelia.com",
-      to: identity.email,
+      to: email,
      subject: subject,
-      html: ejs.render(email_template, d)
+      html: content
    };
    return this.transporter.sendMailAsync(mailOptions);
  }
--- a/src/server/lib/notifiers/NotifierFactory.ts
+++ b/src/server/lib/notifiers/NotifierFactory.ts
@ -4,6 +4,7 @@ import { Nodemailer } from "../../../types/Dependencies";
 import { INotifier } from "./INotifier";

 import { GMailNotifier } from "./GMailNotifier";
+import { SmtpNotifier } from "./SmtpNotifier";
 import { FileSystemNotifier } from "./FileSystemNotifier";

 export class NotifierFactory {
@ -14,6 +15,12 @@ export class NotifierFactory {
    else if ("filesystem" in options) {
      return new FileSystemNotifier(options.filesystem);
    }
+    else if ("smtp" in options) {
+      return new SmtpNotifier(options.smtp, nodemailer);
+    }
+    else {
+      throw new Error("No available notifier option detected.");
+    }
  }
 }

--- a/src/server/lib/notifiers/SmtpNotifier.ts
+++ b/src/server/lib/notifiers/SmtpNotifier.ts
@ -0,0 +1,53 @@
+
+
+import * as BluebirdPromise from "bluebird";
+import Nodemailer = require("nodemailer");
+
+import { AbstractEmailNotifier } from "../notifiers/AbstractEmailNotifier";
+import { SmtpNotifierConfiguration } from "../configuration/Configuration";
+
+export class SmtpNotifier extends AbstractEmailNotifier {
+  private transporter: any;
+
+  constructor(options: SmtpNotifierConfiguration, nodemailer: typeof Nodemailer) {
+    super();
+    const smtpOptions = {
+      host: options.host,
+      port: options.port,
+      secure: options.secure, // upgrade later with STARTTLS
+      auth: {
+        user: options.username,
+        pass: options.password
+      }
+    };
+    console.log(smtpOptions);
+    const transporter = nodemailer.createTransport(smtpOptions);
+    this.transporter = BluebirdPromise.promisifyAll(transporter);
+
+    // verify connection configuration
+    console.log("Checking SMTP server connection.");
+    transporter.verify(function (error, success) {
+      if (error) {
+        throw new Error("Unable to connect to SMTP server. \
+Please check the service is running and your credentials are correct.");
+      } else {
+        console.log("SMTP Server is ready to take our messages");
+      }
+    });
+  }
+
+  sendEmail(email: string, subject: string, content: string) {
+    const mailOptions = {
+      from: "authelia@authelia.com",
+      to: email,
+      subject: subject,
+      html: content
+    };
+    return this.transporter.sendMail(mailOptions, (error: Error, data: string) => {
+      if (error) {
+        return console.log(error);
+      }
+      console.log("Message sent: %s", JSON.stringify(data));
+    });
+  }
+}
--- a/test/features/step_definitions/reset-password.ts
+++ b/test/features/step_definitions/reset-password.ts
@ -9,12 +9,10 @@ Cucumber.defineSupportCode(function ({ Given, When, Then }) {
  });

  When("I click on the link of the email", function () {
-    const notif = Fs.readFileSync("/tmp/notifications/notification.txt").toString();
-    const regexp = new RegExp(/Link: (.+)/);
-    const match = regexp.exec(notif);
-    const link = match[1];
    const that = this;
-
-    return this.driver.get(link);
+    return this.retrieveLatestMail()
+      .then(function (link: string) {
+        return that.driver.get(link);
+      });
  });
 });
--- a/test/features/support/world.ts
+++ b/test/features/support/world.ts
@ -4,6 +4,8 @@ import Cucumber = require("cucumber");
 import Fs = require("fs");
 import Speakeasy = require("speakeasy");
 import Assert = require("assert");
+import Request = require("request-promise");
+import BluebirdPromise = require("bluebird");

 function CustomWorld() {
  const that = this;
@ -49,7 +51,7 @@ function CustomWorld() {
          .click();
      })
      .then(function () {
-        return that.driver.sleep(500);
+        return that.driver.sleep(1000);
      });
  };

@ -69,18 +71,37 @@ function CustomWorld() {
      });
  };

+  this.retrieveLatestMail = function () {
+    return Request({
+      method: "GET",
+      uri: "http://localhost:8085/messages",
+      json: true
+    })
+      .then(function (data: any) {
+        const messageId = data[data.length - 1].id;
+        return Request({
+          method: "GET",
+          uri: `http://localhost:8085/messages/${messageId}.html`
+        });
+      })
+      .then(function (data: any) {
+        const regexp = new RegExp(/<a href="(.+)" class="button">Continue<\/a>/);
+        const match = regexp.exec(data);
+        const link = match[1];
+        return BluebirdPromise.resolve(link);
+      });
+  };
+
  this.registerTotpSecret = function (totpSecretHandle: string) {
    return that.driver.wait(seleniumWebdriver.until.elementLocated(seleniumWebdriver.By.className("register-totp")), 4000)
      .then(function () {
        return that.driver.findElement(seleniumWebdriver.By.className("register-totp")).click();
      })
      .then(function () {
-        const notif = Fs.readFileSync("/tmp/notifications/notification.txt").toString();
-        const regexp = new RegExp(/Link: (.+)/);
-        const match = regexp.exec(notif);
-        const link = match[1];
-        console.log("Link: " + link);
-        return that.driver.get(link);
+        return that.retrieveLatestMail();
+      })
+      .then(function (url: string) {
+        return that.driver.get(url);
      })
      .then(function () {
        return that.driver.wait(seleniumWebdriver.until.elementLocated(seleniumWebdriver.By.id("secret")), 5000);
@ -140,4 +161,4 @@ function CustomWorld() {

 Cucumber.defineSupportCode(function ({ setWorldConstructor }) {
  setWorldConstructor(CustomWorld);
-});
+});