8000 feat: support optional SMTP auth by dannykopping · Pull Request #14533 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content

feat: support optional SMTP auth #14533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 3, 2024
Merged

feat: support optional SMTP auth #14533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
da550f4
feat: support optional SMTP auth
dannykopping Sep 3, 2024
f7fcaf9
Be more explicit about no auth
dannykopping Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions coderd/notifications/dispatch/smtp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@ type SMTPHandler struct {
cfg codersdk.NotificationsEmailConfig
log slog.Logger

loginWarnOnce sync.Once
noAuthWarnOnce sync.Once
loginWarnOnce sync.Once

helpers template.FuncMap
}
Expand Down Expand Up @@ -136,14 +137,20 @@ func (s *SMTPHandler) dispatch(subject, htmlBody, plainBody, to string) Delivery

// Check for authentication capabilities.
if ok, avail := c.Extension("AUTH"); ok {
// Ensure the auth mechanisms available are ones we can use.
// Ensure the auth mechanisms available are ones we can use, and create a SASL client.
auth, err := s.auth(ctx, avail)
if err != nil {
return true, xerrors.Errorf("determine auth mechanism: %w", err)
}

// If so, use the auth mechanism to authenticate.
if auth != nil {
if auth == nil {
// If we get here, no SASL client (which handles authentication) was returned.
// This is expected if auth is supported by the smarthost BUT no authentication details were configured.
s.noAuthWarnOnce.Do(func() {
s.log.Warn(ctx, "skipping auth; no authentication client created")
})
} else {
// We have a SASL client, use it to authenticate.
if err := c.Auth(auth); err != nil {
return true, xerrors.Errorf("%T auth: %w", auth, err)
}
Expand Down Expand Up @@ -431,6 +438,12 @@ func (s *SMTPHandler) loadCertificate() (*tls.Certificate, error) {
func (s *SMTPHandler) auth(ctx context.Context, mechs string) (sasl.Client, error) {
username := s.cfg.Auth.Username.String()

// All auth mechanisms require username, so if one is not defined then don't return an auth client.
if username == "" {
// nolint:nilnil // This is a valid response.
return nil, nil
Copy link
Member
@mafredri mafredri Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the new return signature handled by the caller(s)? I see that nilnil is new (unless sasl lib also returns it).

Edit: Might be good to mention this return signature in the function comment as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup.

		// Check for authentication capabilities.
		if ok, avail := c.Extension("AUTH"); ok { <--- enters if auth is supported
			// Ensure the auth mechanisms available are ones we can use.
			auth, err := s.auth(ctx, avail)
			if err != nil {
				return true, xerrors.Errorf("determine au
8000
th mechanism: %w", err)
			}

			// If so, use the auth mechanism to authenticate.
			if auth != nil { <--- bails out because auth is nil
				if err := c.Auth(auth); err != nil {
					return true, xerrors.Errorf("%T auth: %w", auth, err)
				}
			}
		} else if !s.cfg.Auth.Empty() {
			return false, xerrors.New("no authentication mechanisms supported by server")
		}

		<--- ... continues to process message without auth ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Admittedly the comments could be better about this case, lemme add that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See f7fcaf9 @mafredri, thanks for the prompt.

}

var errs error
list := strings.Split(mechs, " ")
for _, mech := range list {
Expand Down
11 changes: 10 additions & 1 deletion coderd/notifications/dispatch/smtp_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,6 @@ func TestSMTP(t *testing.T) {
retryable: false,
},
{
// No auth, no problem!
name: "No auth mechanisms supported, none configured",
authMechs: []string{},
cfg: codersdk.NotificationsEmailConfig{
Expand All @@ -213,6 +212,16 @@ func TestSMTP(t *testing.T) {
toAddrs: []string{to},
expectedAuthMeth: "",
},
{
name: "Auth mechanisms supported optionally, none configured",
authMechs: []string{sasl.Login, sasl.Plain},
cfg: codersdk.NotificationsEmailConfig{
Hello: hello,
From: from,
},
toAddrs: []string{to},
expectedAuthMeth: "",
},
/**
* TLS connections
*/
Expand Down
Loading
0