feat(engine): conf insecureSkipVerifyTLS on smtp (#5480)

Signed-off-by: Yvonnick Esnault <[email protected]>
ovh · Oct 6, 2020 · c8dbc04 · c8dbc04
1 parent f20c519
commit c8dbc04
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 19 deletions.
diff --git a/engine/api/api.go b/engine/api/api.go
@@ -78,7 +78,7 @@ type Configuration struct {
 			Host     string `toml:"host" default:"localhost:6379" comment:"If your want to use a redis-sentinel based cluster, follow this syntax! <clustername>@sentinel1:26379,sentinel2:26379,sentinel3:26379" json:"host"`
 			Password string `toml:"password" json:"-"`
 		} `toml:"redis" comment:"Connect CDS to a redis cache If you more than one CDS instance and to avoid losing data at startup" json:"redis"`
-	} `toml:"cache" comment:"######################\n CDS Cache Settings \n#####################\n" json:"cache"`
+	} `toml:"cache" comment:"######################\n CDS Cache Settings \n#####################" json:"cache"`
 	Directories struct {
 		Download string `toml:"download" default:"/var/lib/cds-engine" json:"download"`
 	} `toml:"directories" json:"directories"`
@@ -146,13 +146,14 @@ type Configuration struct {
 		} `toml:"oidc" json:"oidc" comment:"#######\n CDS <-> Open ID Connect Auth. Documentation on https://ovh.github.io/cds/docs/integrations/openid-connect/ \n######"`
 	} `toml:"auth" comment:"##############################\n CDS Authentication Settings# \n#############################" json:"auth"`
 	SMTP struct {
-		Disable  bool   `toml:"disable" default:"true" json:"disable" comment:"Set to false to enable the internal SMTP client"`
-		Host     string `toml:"host" json:"host" comment:"smtp host"`
-		Port     string `toml:"port" json:"port" comment:"smtp port"`
-		TLS      bool   `toml:"tls" json:"tls"`
-		User     string `toml:"user" json:"user"`
-		Password string `toml:"password" json:"-"`
-		From     string `toml:"from" default:"[email protected]" json:"from"`
+		Disable               bool   `toml:"disable" default:"true" json:"disable" comment:"Set to false to enable the internal SMTP client. If false, emails will be displayed in CDS API Log."`
+		Host                  string `toml:"host" json:"host" comment:"smtp host"`
+		Port                  string `toml:"port" json:"port" comment:"smtp port"`
+		ModeTLS               string `toml:"modeTLS" json:"modeTLS" default:"" comment:"possible values: empty, tls, starttls"`
+		InsecureSkipVerifyTLS bool   `toml:"insecureSkipVerifyTLS" json:"insecureSkipVerifyTLS" default:"false" comment:"skip TLS verification with TLS / StartTLS mode"`
+		User                  string `toml:"user" json:"user" comment:"smtp username"`
+		Password              string `toml:"password" json:"-" comment:"smtp password"`
+		From                  string `toml:"from" default:"[email protected]" json:"from" comment:"smtp from"`
 	} `toml:"smtp" comment:"#####################\n# CDS SMTP Settings \n####################" json:"smtp"`
 	Artifact struct {
 		Mode  string `toml:"mode" default:"local" comment:"swift, awss3 or local" json:"mode"`
@@ -427,7 +428,8 @@ func (a *API) Serve(ctx context.Context) error {
 		a.Config.SMTP.From,
 		a.Config.SMTP.Host,
 		a.Config.SMTP.Port,
-		a.Config.SMTP.TLS,
+		a.Config.SMTP.ModeTLS,
+		a.Config.SMTP.InsecureSkipVerifyTLS,
 		a.Config.SMTP.Disable)
 
 	//Initialize artifacts storage

diff --git a/engine/api/mail/mail.go b/engine/api/mail/mail.go
@@ -13,11 +13,18 @@ import (
 	"github.com/ovh/cds/sdk"
 )
 
-var smtpUser, smtpPassword, smtpFrom, smtpHost, smtpPort string
-var smtpTLS, smtpEnable bool
+var smtpUser, smtpPassword, smtpFrom, smtpHost, smtpPort, smtpModeTLS string
+var smtpTLS, smtpEnable, smtpInsecureSkipVerify bool
 var lastError error
 var counter uint64
 
+const (
+	// modeTLS uses tls without starttls
+	modeTLS = "tls"
+	// modeStartTLS uses starttls
+	modeStartTLS = "starttls"
+)
+
 const templateSignedup = `Welcome to CDS,
 
 You recently signed up for CDS.
@@ -52,13 +59,14 @@ CDS Team
 `
 
 // Init initializes configuration
-func Init(user, password, from, host, port string, tls, disable bool) {
+func Init(user, password, from, host, port, modeTLS string, insecureSkipVerify, disable bool) {
 	smtpUser = user
 	smtpPassword = password
 	smtpFrom = from
 	smtpHost = host
 	smtpPort = port
-	smtpTLS = tls
+	smtpModeTLS = modeTLS
+	smtpInsecureSkipVerify = insecureSkipVerify
 	smtpEnable = !disable
 }
 
@@ -137,14 +145,19 @@ func SendEmail(ctx context.Context, subject string, mailContent *bytes.Buffer, u
 	if smtpUser != "" && smtpPassword != "" {
 		auth = smtp.PlainAuth("", smtpUser, smtpPassword, smtpHost)
 	}
+
+	tlsconfig := &tls.Config{
+		InsecureSkipVerify: smtpInsecureSkipVerify,
+		ServerName:         smtpHost,
+	}
+
 	var err error
-	if smtpTLS {
-		tlsconfig := &tls.Config{
-			InsecureSkipVerify: false,
-			ServerName:         smtpHost,
-		}
+	switch smtpModeTLS {
+	case modeStartTLS:
 		err = e.SendWithStartTLS(servername, auth, tlsconfig)
-	} else {
+	case modeTLS:
+		err = e.SendWithTLS(servername, auth, tlsconfig)
+	default:
 		err = e.Send(servername, auth)
 	}
 	if err != nil {