mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-12-11 22:11:58 +01:00
e29e163737
* Improve SMTP authentication, Fix user creation bugs and add LDAP cert/key options This PR has two parts: Improvements for SMTP authentication: * Default to use SMTPS if port is 465, and allow setting of force SMTPS. * Always use STARTTLS if available * Provide CRAM-MD5 mechanism * Add options for HELO hostname disabling * Add options for providing certificates and keys * Handle application specific password response as a failed user login instead of as a 500. Close #16104 Fix creation of new users: * A bug was introduced when allowing users to change usernames which prevents the creation of external users. * The LoginSource refactor also broke this page. Close #16104 Signed-off-by: Andrew Thornton <art27@cantab.net>
105 lines
2.5 KiB
Go
105 lines
2.5 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package smtp
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"net/smtp"
|
|
"os"
|
|
"strconv"
|
|
|
|
"code.gitea.io/gitea/models"
|
|
)
|
|
|
|
// _________ __________________________
|
|
// / _____/ / \__ ___/\______ \
|
|
// \_____ \ / \ / \| | | ___/
|
|
// / \/ Y \ | | |
|
|
// /_______ /\____|__ /____| |____|
|
|
// \/ \/
|
|
|
|
type loginAuthenticator struct {
|
|
username, password string
|
|
}
|
|
|
|
func (auth *loginAuthenticator) Start(server *smtp.ServerInfo) (string, []byte, error) {
|
|
return "LOGIN", []byte(auth.username), nil
|
|
}
|
|
|
|
func (auth *loginAuthenticator) Next(fromServer []byte, more bool) ([]byte, error) {
|
|
if more {
|
|
switch string(fromServer) {
|
|
case "Username:":
|
|
return []byte(auth.username), nil
|
|
case "Password:":
|
|
return []byte(auth.password), nil
|
|
}
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
// SMTP authentication type names.
|
|
const (
|
|
PlainAuthentication = "PLAIN"
|
|
LoginAuthentication = "LOGIN"
|
|
CRAMMD5Authentication = "CRAM-MD5"
|
|
)
|
|
|
|
// Authenticators contains available SMTP authentication type names.
|
|
var Authenticators = []string{PlainAuthentication, LoginAuthentication, CRAMMD5Authentication}
|
|
|
|
// Authenticate performs an SMTP authentication.
|
|
func Authenticate(a smtp.Auth, source *Source) error {
|
|
tlsConfig := &tls.Config{
|
|
InsecureSkipVerify: source.SkipVerify,
|
|
ServerName: source.Host,
|
|
}
|
|
|
|
conn, err := net.Dial("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port)))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer conn.Close()
|
|
|
|
if source.UseTLS() {
|
|
conn = tls.Client(conn, tlsConfig)
|
|
}
|
|
|
|
client, err := smtp.NewClient(conn, source.Host)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create NewClient: %w", err)
|
|
}
|
|
defer client.Close()
|
|
|
|
if !source.DisableHelo {
|
|
hostname := source.HeloHostname
|
|
if len(hostname) == 0 {
|
|
hostname, err = os.Hostname()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to find Hostname: %w", err)
|
|
}
|
|
}
|
|
|
|
if err = client.Hello(hostname); err != nil {
|
|
return fmt.Errorf("failed to send Helo: %w", err)
|
|
}
|
|
}
|
|
|
|
// If not using SMTPS, always use STARTTLS if available
|
|
hasStartTLS, _ := client.Extension("STARTTLS")
|
|
if !source.UseTLS() && hasStartTLS {
|
|
if err = client.StartTLS(tlsConfig); err != nil {
|
|
return fmt.Errorf("failed to start StartTLS: %v", err)
|
|
}
|
|
}
|
|
|
|
if ok, _ := client.Extension("AUTH"); ok {
|
|
return client.Auth(a)
|
|
}
|
|
|
|
return models.ErrUnsupportedLoginType
|
|
}
|