Skip to content

feat: support optional SMTP auth #14533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 3, 2024
Merged

feat: support optional SMTP auth #14533

merged 2 commits into from
Sep 3, 2024

Conversation

dannykopping
Copy link
Contributor

Currently if an SMTP smarthost supports auth mechanisms but does not enforce one to be used, messages will fail to be delivered if blank authentication details are configured.

Currently messages will fail with this misleading error message:

cannot use PLAIN auth, password not defined (see CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD)

This is a red herring. It stems from always creating an authentication client even if authentication details are not configured - but the smarthost advertises one or more auth mechanisms.

This change bails out of creating the client if authentication details are blank.

@dannykopping
feat: support optional SMTP auth
da550f4 
Signed-off-by: Danny Kopping <danny@coder.com>
mafredri
mafredri approved these changes Sep 3, 2024
View reviewed changes
coderd/notifications/dispatch/smtp.go
s.log.Warn(ctx, "skipping auth; no username configured", slog.F("support_mechanisms", mechs))
})
// nolint:nilnil // This is a valid response.
return nil, nil
Copy link
Member

@mafredri mafredri Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the new return signature handled by the caller(s)? I see that nilnil is new (unless sasl lib also returns it).

Edit: Might be good to mention this return signature in the function comment as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup.

		// Check for authentication capabilities.
		if ok, avail := c.Extension("AUTH"); ok { <--- enters if auth is supported
			// Ensure the auth mechanisms available are ones we can use.
			auth, err := s.auth(ctx, avail)
			if err != nil {
				return true, xerrors.Errorf("determine auth mechanism: %w", err)
			}

			// If so, use the auth mechanism to authenticate.
			if auth != nil { <--- bails out because auth is nil
				if err := c.Auth(auth); err != nil {
					return true, xerrors.Errorf("%T auth: %w", auth, err)
				}
			}
		} else if !s.cfg.Auth.Empty() {
			return false, xerrors.New("no authentication mechanisms supported by server")
		}

		<--- ... continues to process message without auth ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Admittedly the comments could be better about this case, lemme add that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See f7fcaf9 @mafredri, thanks for the prompt.

@dannykopping
Be more explicit about no auth
f7fcaf9 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping dannykopping merged commit f23a050 into main Sep 3, 2024
27 checks passed
@dannykopping dannykopping deleted the dk/optional-auth branch September 3, 2024 09:51
@github-actions github-actions bot locked and limited conversation to collaborators Sep 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

@johnstcn johnstcn johnstcn approved these changes

Assignees

@dannykopping dannykopping

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dannykopping @mafredri @johnstcn