about summary refs log tree commit diff
diff options
context:
space:
mode:
authorF <f@erbridge.co.uk>2022-11-10 20:06:21 +0000
committerGitHub <noreply@github.com>2022-11-10 21:06:21 +0100
commit9feba112a704edc23b4c2240a546363f9e1158b1 (patch)
tree5b14be333972eb24aa37348c87a1798f323d49c0
parent1615c3eb6ecbadb5650f02d48e970e4f35d594d1 (diff)
Make enable_starttls configurable by envvars (#20321)
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.

Resolves #20311
-rw-r--r--app.json7
-rw-r--r--chart/templates/configmap-env.yaml3
-rw-r--r--chart/values.yaml2
-rw-r--r--config/environments/production.rb17
-rw-r--r--lib/tasks/mastodon.rake20
-rw-r--r--scalingo.json7
6 files changed, 51 insertions, 5 deletions
diff --git a/app.json b/app.json
index c694908c5..4f05a64f5 100644
--- a/app.json
+++ b/app.json
@@ -79,8 +79,13 @@
       "description": "SMTP server certificate verification mode. Defaults is 'peer'.",
       "required": false
     },
+    "SMTP_ENABLE_STARTTLS": {
+      "description": "Enable STARTTLS? Default is 'auto'.",
+      "value": "auto",
+      "required": false
+    },
     "SMTP_ENABLE_STARTTLS_AUTO": {
-      "description": "Enable STARTTLS if SMTP server supports it? Default is true.",
+      "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.",
       "required": false
     }
   },
diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml
index 12da91cf9..00e60f315 100644
--- a/chart/templates/configmap-env.yaml
+++ b/chart/templates/configmap-env.yaml
@@ -58,6 +58,9 @@ data:
   {{- if .Values.mastodon.smtp.domain }}
   SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }}
   {{- end }}
+  {{- if .Values.mastodon.smtp.enable_starttls }}
+  SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }}
+  {{- end }}
   {{- if .Values.mastodon.smtp.enable_starttls_auto }}
   SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }}
   {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 9e1c59219..5cee86e0e 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -77,7 +77,7 @@ mastodon:
     ca_file: /etc/ssl/certs/ca-certificates.crt
     delivery_method: smtp
     domain:
-    enable_starttls_auto: true
+    enable_starttls: 'auto'
     from_address: notifications@example.com
     openssl_verify_mode: peer
     port: 587
diff --git a/config/environments/production.rb b/config/environments/production.rb
index f41a0f197..48b134949 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -101,6 +101,20 @@ Rails.application.configure do
   config.action_mailer.default_options[:reply_to]    = ENV['SMTP_REPLY_TO'] if ENV['SMTP_REPLY_TO'].present?
   config.action_mailer.default_options[:return_path] = ENV['SMTP_RETURN_PATH'] if ENV['SMTP_RETURN_PATH'].present?
 
+  enable_starttls = nil
+  enable_starttls_auto = nil
+
+  case env['SMTP_ENABLE_STARTTLS']
+  when 'always'
+    enable_starttls = true
+  when 'never'
+    enable_starttls = false
+  when 'auto'
+    enable_starttls_auto = true
+  else
+    enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false'
+  end
+
   config.action_mailer.smtp_settings = {
     :port                 => ENV['SMTP_PORT'],
     :address              => ENV['SMTP_SERVER'],
@@ -110,7 +124,8 @@ Rails.application.configure do
     :authentication       => ENV['SMTP_AUTH_METHOD'] == 'none' ? nil : ENV['SMTP_AUTH_METHOD'] || :plain,
     :ca_file              => ENV['SMTP_CA_FILE'].presence || '/etc/ssl/certs/ca-certificates.crt',
     :openssl_verify_mode  => ENV['SMTP_OPENSSL_VERIFY_MODE'],
-    :enable_starttls_auto => ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false',
+    :enable_starttls      => enable_starttls,
+    :enable_starttls_auto => enable_starttls_auto,
     :tls                  => ENV['SMTP_TLS'].presence && ENV['SMTP_TLS'] == 'true',
     :ssl                  => ENV['SMTP_SSL'].presence && ENV['SMTP_SSL'] == 'true',
   }
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
index 80e1dcf52..76089ebac 100644
--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -271,6 +271,7 @@ namespace :mastodon do
           env['SMTP_PORT'] = 25
           env['SMTP_AUTH_METHOD'] = 'none'
           env['SMTP_OPENSSL_VERIFY_MODE'] = 'none'
+          env['SMTP_ENABLE_STARTTLS'] = 'auto'
         else
           env['SMTP_SERVER'] = prompt.ask('SMTP server:') do |q|
             q.required true
@@ -299,6 +300,8 @@ namespace :mastodon do
           end
 
           env['SMTP_OPENSSL_VERIFY_MODE'] = prompt.select('SMTP OpenSSL verify mode:', %w(none peer client_once fail_if_no_peer_cert))
+
+          env['SMTP_ENABLE_STARTTLS'] = prompt.select('Enable STARTTLS:', %w(auto always never))
         end
 
         env['SMTP_FROM_ADDRESS'] = prompt.ask('E-mail address to send e-mails "from":') do |q|
@@ -312,6 +315,20 @@ namespace :mastodon do
         send_to = prompt.ask('Send test e-mail to:', required: true)
 
         begin
+          enable_starttls = nil
+          enable_starttls_auto = nil
+
+          case env['SMTP_ENABLE_STARTTLS']
+          when 'always'
+            enable_starttls = true
+          when 'never'
+            enable_starttls = false
+          when 'auto'
+            enable_starttls_auto = true
+          else
+            enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false'
+          end
+
           ActionMailer::Base.smtp_settings = {
             port:                 env['SMTP_PORT'],
             address:              env['SMTP_SERVER'],
@@ -320,7 +337,8 @@ namespace :mastodon do
             domain:               env['LOCAL_DOMAIN'],
             authentication:       env['SMTP_AUTH_METHOD'] == 'none' ? nil : env['SMTP_AUTH_METHOD'] || :plain,
             openssl_verify_mode:  env['SMTP_OPENSSL_VERIFY_MODE'],
-            enable_starttls_auto: true,
+            enable_starttls:      enable_starttls,
+            enable_starttls_auto: enable_starttls_auto,
           }
 
           ActionMailer::Base.default_options = {
diff --git a/scalingo.json b/scalingo.json
index 511c1802a..8c8992977 100644
--- a/scalingo.json
+++ b/scalingo.json
@@ -74,8 +74,13 @@
       "description": "SMTP server certificate verification mode. Defaults is 'peer'.",
       "required": false
     },
+    "SMTP_ENABLE_STARTTLS": {
+      "description": "Enable STARTTLS? Default is 'auto'.",
+      "value": "auto",
+      "required": false
+    },
     "SMTP_ENABLE_STARTTLS_AUTO": {
-      "description": "Enable STARTTLS if SMTP server supports it? Default is true.",
+      "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.",
       "required": false
     },
     "BUILDPACK_URL": {