diff options
author | Girish Ramakrishnan <mail@girish.in> | 2016-09-02 11:33:26 -0700 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2016-09-02 14:33:26 -0400 |
commit | 6c085594e47eeabbe5084a0e5c231af3e18527b6 (patch) | |
tree | ad1eb6b3ad1dc813a574ffb615ca31b328bca451 | |
parent | f32eb525f3fa0828a23f589d765c267e3b2aea86 (diff) | |
download | chat-6c085594e47eeabbe5084a0e5c231af3e18527b6.tar.gz chat-6c085594e47eeabbe5084a0e5c231af3e18527b6.tar.bz2 chat-6c085594e47eeabbe5084a0e5c231af3e18527b6.zip |
mail: allow PLAIN auth over non-tls connections (#3900)
This allows mattermost to use a non-tls connection with a SMTP server that
supports PLAIN auth (but not LOGIN). The go library explicitly allows PLAIN
auth over non-tls connections - https://golang.org/src/net/smtp/auth.go#L55
Fixes #2929
-rw-r--r-- | model/config.go | 3 | ||||
-rw-r--r-- | utils/mail.go | 7 | ||||
-rw-r--r-- | webapp/components/admin_console/connection_security_dropdown_setting.jsx | 15 | ||||
-rw-r--r-- | webapp/i18n/en.json | 2 |
4 files changed, 24 insertions, 3 deletions
diff --git a/model/config.go b/model/config.go index eedd0d116..cb2d100bc 100644 --- a/model/config.go +++ b/model/config.go @@ -11,6 +11,7 @@ import ( const ( CONN_SECURITY_NONE = "" + CONN_SECURITY_PLAIN = "PLAIN" CONN_SECURITY_TLS = "TLS" CONN_SECURITY_STARTTLS = "STARTTLS" @@ -964,7 +965,7 @@ func (o *Config) IsValid() *AppError { return NewLocAppError("Config.IsValid", "model.config.is_valid.file_salt.app_error", nil, "") } - if !(o.EmailSettings.ConnectionSecurity == CONN_SECURITY_NONE || o.EmailSettings.ConnectionSecurity == CONN_SECURITY_TLS || o.EmailSettings.ConnectionSecurity == CONN_SECURITY_STARTTLS) { + if !(o.EmailSettings.ConnectionSecurity == CONN_SECURITY_NONE || o.EmailSettings.ConnectionSecurity == CONN_SECURITY_TLS || o.EmailSettings.ConnectionSecurity == CONN_SECURITY_STARTTLS || o.EmailSettings.ConnectionSecurity == CONN_SECURITY_PLAIN) { return NewLocAppError("Config.IsValid", "model.config.is_valid.email_security.app_error", nil, "") } diff --git a/utils/mail.go b/utils/mail.go index c4532f7b4..bb3ee7b17 100644 --- a/utils/mail.go +++ b/utils/mail.go @@ -52,8 +52,6 @@ func newSMTPClient(conn net.Conn, config *model.Config) (*smtp.Client, *model.Ap l4g.Error(T("utils.mail.new_client.open.error"), err) return nil, model.NewLocAppError("SendMail", "utils.mail.connect_smtp.open_tls.app_error", nil, err.Error()) } - // GO does not support plain auth over a non encrypted connection. - // so if not tls then no auth auth := smtp.PlainAuth("", config.EmailSettings.SMTPUsername, config.EmailSettings.SMTPPassword, config.EmailSettings.SMTPServer+":"+config.EmailSettings.SMTPPort) if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_TLS { if err = c.Auth(auth); err != nil { @@ -68,6 +66,11 @@ func newSMTPClient(conn net.Conn, config *model.Config) (*smtp.Client, *model.Ap if err = c.Auth(auth); err != nil { return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error()) } + } else if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_PLAIN { + // note: go library only supports PLAIN auth over non-tls connections + if err = c.Auth(auth); err != nil { + return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error()) + } } return c, nil } diff --git a/webapp/components/admin_console/connection_security_dropdown_setting.jsx b/webapp/components/admin_console/connection_security_dropdown_setting.jsx index 09768049e..06be7f78e 100644 --- a/webapp/components/admin_console/connection_security_dropdown_setting.jsx +++ b/webapp/components/admin_console/connection_security_dropdown_setting.jsx @@ -30,6 +30,20 @@ const CONNECTION_SECURITY_HELP_TEXT = ( <tr> <td> <FormattedMessage + id='admin.connectionSecurityPlain' + defaultMessage='PLAIN' + /> + </td> + <td> + <FormattedMessage + id='admin.connectionSecurityPlainDescription' + defaultMessage='Mattermost will connect and authenticate over an unsecure connection.' + /> + </td> + </tr> + <tr> + <td> + <FormattedMessage id='admin.connectionSecurityTls' defaultMessage='TLS' /> @@ -66,6 +80,7 @@ export default class ConnectionSecurityDropdownSetting extends React.Component { id='connectionSecurity' values={[ {value: '', text: Utils.localizeMessage('admin.connectionSecurityNone', 'None')}, + {value: 'PLAIN', text: Utils.localizeMessage('admin.connectionSecurityPlain')}, {value: 'TLS', text: Utils.localizeMessage('admin.connectionSecurityTls', 'TLS (Recommended)')}, {value: 'STARTTLS', text: Utils.localizeMessage('admin.connectionSecurityStart')} ]} diff --git a/webapp/i18n/en.json b/webapp/i18n/en.json index 7dfd477f0..7d502351f 100644 --- a/webapp/i18n/en.json +++ b/webapp/i18n/en.json @@ -199,6 +199,8 @@ "admin.compliance_table.userId": "Requested By", "admin.connectionSecurityNone": "None", "admin.connectionSecurityNoneDescription": "Mattermost will connect over an unsecure connection.", + "admin.connectionSecurityPlain": "PLAIN", + "admin.connectionSecurityPlainDescription": "Mattermost will connect and authenticate over an unsecure connection.", "admin.connectionSecurityStart": "STARTTLS", "admin.connectionSecurityStartDescription": "Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS.", "admin.connectionSecurityTest": "Test Connection", |