Skip to content

feat: support optional SMTP auth #14533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 3, 2024
Merged

feat: support optional SMTP auth #14533

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
da550f4
feat: support optional SMTP auth
dannykopping Sep 3, 2024
f7fcaf9
Be more explicit about no auth
dannykopping Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Be more explicit about no auth 
Signed-off-by: Danny Kopping <danny@coder.com>
  • Loading branch information
@dannykopping
dannykopping committed Sep 3, 2024
commit f7fcaf92a18ce822cdfba8b8f84f9857a80951ae
15 changes: 9 additions & 6 deletions coderd/notifications/dispatch/smtp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,14 +137,20 @@ func (s *SMTPHandler) dispatch(subject, htmlBody, plainBody, to string) Delivery

// Check for authentication capabilities.
if ok, avail := c.Extension("AUTH"); ok {
// Ensure the auth mechanisms available are ones we can use.
// Ensure the auth mechanisms available are ones we can use, and create a SASL client.
auth, err := s.auth(ctx, avail)
if err != nil {
return true, xerrors.Errorf("determine auth mechanism: %w", err)
}

// If so, use the auth mechanism to authenticate.
if auth != nil {
if auth == nil {
// If we get here, no SASL client (which handles authentication) was returned.
// This is expected if auth is supported by the smarthost BUT no authentication details were configured.
s.noAuthWarnOnce.Do(func() {
s.log.Warn(ctx, "skipping auth; no authentication client created")
})
} else {
// We have a SASL client, use it to authenticate.
if err := c.Auth(auth); err != nil {
return true, xerrors.Errorf("%T auth: %w", auth, err)
}
Expand Down Expand Up @@ -434,9 +440,6 @@ func (s *SMTPHandler) auth(ctx context.Context, mechs string) (sasl.Client, erro

// All auth mechanisms require username, so if one is not defined then don't return an auth client.
if username == "" {
s.noAuthWarnOnce.Do(func() {
s.log.Warn(ctx, "skipping auth; no username configured", slog.F("support_mechanisms", mechs))
})
// nolint:nilnil // This is a valid response.
return nil, nil
Copy link
Member

@mafredri mafredri Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the new return signature handled by the caller(s)? I see that nilnil is new (unless sasl lib also returns it).

Edit: Might be good to mention this return signature in the function comment as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup.

		// Check for authentication capabilities.
		if ok, avail := c.Extension("AUTH"); ok { <--- enters if auth is supported
			// Ensure the auth mechanisms available are ones we can use.
			auth, err := s.auth(ctx, avail)
			if err != nil {
				return true, xerrors.Errorf("determine auth mechanism: %w", err)
			}

			// If so, use the auth mechanism to authenticate.
			if auth != nil { <--- bails out because auth is nil
				if err := c.Auth(auth); err != nil {
					return true, xerrors.Errorf("%T auth: %w", auth, err)
				}
			}
		} else if !s.cfg.Auth.Empty() {
			return false, xerrors.New("no authentication mechanisms supported by server")
		}

		<--- ... continues to process message without auth ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Admittedly the comments could be better about this case, lemme add that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See f7fcaf9 @mafredri, thanks for the prompt.

}
Expand Down
Loading