8000 Fix SMTP username and password validation by tysoncung · Pull Request #10532 · appwrite/appwrite · GitHub
[go: up one dir, main page]
Skip to content

Fix SMTP username and password validation #10532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix SMTP username and password validation #10532

wants to merge 1 commit into from

Conversation

tysoncung
Copy link

What does this PR do?

This PR fixes the SMTP validation issue where incorrect username and password were not being properly validated when updating SMTP settings.

Description

When updating a project's SMTP settings, the username and password were not being validated because SMTPAuth was not set to true before attempting the connection. This meant that even with incorrect credentials, the SMTP settings would be saved successfully.

The fix adds the SMTPAuth property setting before the SMTP connection test, matching the implementation in the Mails worker.

Test Plan

  1. Update a project's SMTP settings
  2. Use a valid host, port, and secure protocol
  3. Use an incorrect username and password
  4. Click Update
  5. Expected: The update should fail with an error message about invalid credentials
  6. Previous behavior: The SMTP settings were updated successfully despite incorrect credentials

Related Issues

Fixes #9067

Checklist

@tysoncung
Fix SMTP username and password validation
8391eb0 
- Added SMTPAuth setting before connecting to SMTP server
- Set SMTPAuth to true only when both username and password are provided
- This ensures credentials are validated during SMTP connection test
- Matches the implementation in Workers/Mails.php

Fixes appwrite#9067
@github-actions GitHub Actions
Copy link

Security Scan Results for PR

Docker Image Scan Results

Package Version Vulnerability Severity
binutils 2.42-r0 CVE-2025-0840 HIGH
git 2.45.3-r0 CVE-2025-46334 HIGH
git 2.45.3-r0 CVE-2025-48384 HIGH
git 2.45.3-r0 CVE-2025-48385 HIGH
git-init-template 2.45.3-r0 CVE-2025-46334 HIGH
git-init-template 2.45.3-r0 CVE-2025-48384 HIGH
git-init-template 2.45.3-r0 CVE-2025-48385 HIGH
icu 74.2-r0 CVE-2025-5222 HIGH
icu-data-en 74.2-r0 CVE-2025-5222 HIGH
icu-dev 74.2-r0 CVE-2025-5222 HIGH
icu-libs 74.2-r0 CVE-2025-5222 HIGH
libecpg 16.8-r0 CVE-2025-8714 HIGH
libecpg 16.8-r0 CVE-2025-8715 HIGH
libecpg-dev 16.8-r0 CVE-2025-8714 HIGH
libecpg-dev 16.8-r0 CVE-2025-8715 HIGH
libexpat 2.6.4-r0 CVE-2024-8176 HIGH
libpq 16.8-r0 CVE-2025-8714 HIGH
libpq 16.8-r0 CVE-2025-8715 HIGH
libpq-dev 16.8-r0 CVE-2025-8714 HIGH
libpq-dev 16.8-r0 CVE-2025-8715 HIGH
libxml2 2.12.7-r0 CVE-2024-56171 HIGH
libxml2 2.12.7-r0 CVE-2025-24928 HIGH
libxml2 2.12.7-r0 CVE-2025-27113 HIGH
libxml2 2.12.7-r0 CVE-2025-32414 HIGH
libxml2 2.12.7-r0 CVE-2025-32415 HIGH
postgresql16-dev 16.8-r0 CVE-2025-8714 HIGH
postgresql16-dev 16.8-r0 CVE-2025-8715 HIGH
pyc 3.12.9-r0 CVE-2024-12718 HIGH
pyc 3.12.9-r0 CVE-2025-4138 HIGH
pyc 3.12.9-r0 CVE-2025-4330 HIGH
pyc 3.12.9-r0 CVE-2025-4517 HIGH
python3 3.12.9-r0 CVE-2024-12718 HIGH
python3 3.12.9-r0 CVE-2025-4138 HIGH
python3 3.12.9-r0 CVE-2025-4330 HIGH
python3 3.12.9-r0 CVE-2025-4517 HIGH
python3-pyc 3.12.9-r0 CVE-2024-12718 HIGH
python3-pyc 3.12.9-r0 CVE-2025-4138 HIGH
python3-pyc 3.12.9-r0 CVE-2025-4330 HIGH
python3-pyc 3.12.9-r0 CVE-2025-4517 HIGH
python3-pycache-pyc0 3.12.9-r0 CVE-2024-12718 HIGH
python3-pycache-pyc0 3.12.9-r0 CVE-2025-4138 HIGH
python3-pycache-pyc0 3.12.9-r0 CVE-2025-4330 HIGH
python3-pycache-pyc0 3.12.9-r0 CVE-2025-4517 HIGH
sqlite-libs 3.45.3-r1 CVE-2025-29087 HIGH
xz 5.6.2-r0 CVE-2025-31115 HIGH
xz-libs 5.6.2-r0 CVE-2025-31115 HIGH
golang.org/x/crypto v0.31.0 CVE-2025-22869 HIGH
golang.org/x/oauth2 v0.24.0 CVE-2025-22868 HIGH
stdlib 1.22.10 CVE-2025-47906 HIGH
stdlib 1.22.10 CVE-2025-47907 HIGH

Source Code Scan Results

🎉 No vulnerabilities found!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 Bug Report: SMTP username and password aren't validated when updating SMTP settings
1 participant
@tysoncung
0