* [FIX] File Notifier Default Permissions
* set to 0600 for security
* recreate file if it exists with correct perms
* remove named return vars from notifier
* implement SMTP notifier startup check
* check dial, starttls, auth, mail from, rcpt to, reset, and quit
* log the error on failure
* implement mock
* misc optimizations, adjustments, and refactoring
* implement validate_skip config option
* fix comments to end with period
* fix suites that used smtp notifier without a smtp container
* add docs
* add file notifier startup check
* move file mode into const.go
* disable gosec linting on insecureskipverify since it's intended, warned, and discouraged
* minor PR commentary adjustment
* apply suggestions from code review
Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
* [FEATURE] Customizable Email Subject
* allow users to optionally change email subject
* this is so they can more easily communicate the source of the email
* Update docs/configuration/notifier/smtp.md
Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* added regulation validator
* made regulations find_time and ban_time values duration notation strings
* added DefaultRegulationConfiguration for the validator
* made session expiration and inactivity values duration notation strings
* TOTP period does not need to be converted because adjustment should be discouraged
* moved TOTP defaults to DefaultTOTPConfiguration and removed the consts
* arranged the root config validator in configuration file order
* adjusted tests for the changes
* moved duration notation docs to root of configuration
* added references to duration notation where applicable
* project wide gofmt and goimports:
* run gofmt
* run goimports -local github.com/authelia/authelia -w on all files
* Make jwt_secret error uniform and add tests
* now at 100% coverage for internal/configuration/validator/configuration.go
* [FEATURE] SMTPS Support
- Added port_tls option to enable SMTPS, off by default.
* Remove configuration variable for SMTPS
Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable.
* Add SMTPS warning and updated docs
* Adjust SMTPS warning
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
- disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
- allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
- allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
- writing future test suites and startup checks more easily
- organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
- If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending
- Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs)
- Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism
- Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported
- Changed secure key to use boolean values instead of strings
- Arranged SMTP notifier properties/vars to be in the same order
- Log the steps for STARTTLS (debug only)
- Log the steps for AUTH (debug only)
Amir Zarrinkafsh
James Elliott
Clement Michaud