Make enable_starttls configurable by envvars (#20321)

ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.

Resolves #20311

1 files changed, 16 insertions, 1 deletions

diff --git a/config/environments/production.rb b/config/environments/production.rb
index f41a0f197..48b134949 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -101,6 +101,20 @@ Rails.application.configure do
   config.action_mailer.default_options[:reply_to]    = ENV['SMTP_REPLY_TO'] if ENV['SMTP_REPLY_TO'].present?
   config.action_mailer.default_options[:return_path] = ENV['SMTP_RETURN_PATH'] if ENV['SMTP_RETURN_PATH'].present?
 
+  enable_starttls = nil
+  enable_starttls_auto = nil
+
+  case env['SMTP_ENABLE_STARTTLS']
+  when 'always'
+    enable_starttls = true
+  when 'never'
+    enable_starttls = false
+  when 'auto'
+    enable_starttls_auto = true
+  else
+    enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false'
+  end
+
   config.action_mailer.smtp_settings = {
     :port                 => ENV['SMTP_PORT'],
     :address              => ENV['SMTP_SERVER'],
@@ -110,7 +124,8 @@ Rails.application.configure do
     :authentication       => ENV['SMTP_AUTH_METHOD'] == 'none' ? nil : ENV['SMTP_AUTH_METHOD'] || :plain,
     :ca_file              => ENV['SMTP_CA_FILE'].presence || '/etc/ssl/certs/ca-certificates.crt',
     :openssl_verify_mode  => ENV['SMTP_OPENSSL_VERIFY_MODE'],
-    :enable_starttls_auto => ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false',
+    :enable_starttls      => enable_starttls,
+    :enable_starttls_auto => enable_starttls_auto,
     :tls                  => ENV['SMTP_TLS'].presence && ENV['SMTP_TLS'] == 'true',
     :ssl                  => ENV['SMTP_SSL'].presence && ENV['SMTP_SSL'] == 'true',
   }