From 9feba112a704edc23b4c2240a546363f9e1158b1 Mon Sep 17 00:00:00 2001 From: F Date: Thu, 10 Nov 2022 20:06:21 +0000 Subject: Make enable_starttls configurable by envvars (#20321) ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting three values: 'auto' (the default), 'always', and 'never'. If ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In this way, this change should be fully backwards compatible. Resolves #20311 --- app.json | 7 ++++++- chart/templates/configmap-env.yaml | 3 +++ chart/values.yaml | 2 +- config/environments/production.rb | 17 ++++++++++++++++- lib/tasks/mastodon.rake | 20 +++++++++++++++++++- scalingo.json | 7 ++++++- 6 files changed, 51 insertions(+), 5 deletions(-) diff --git a/app.json b/app.json index c694908c5..4f05a64f5 100644 --- a/app.json +++ b/app.json @@ -79,8 +79,13 @@ "description": "SMTP server certificate verification mode. Defaults is 'peer'.", "required": false }, + "SMTP_ENABLE_STARTTLS": { + "description": "Enable STARTTLS? Default is 'auto'.", + "value": "auto", + "required": false + }, "SMTP_ENABLE_STARTTLS_AUTO": { - "description": "Enable STARTTLS if SMTP server supports it? Default is true.", + "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.", "required": false } }, diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index 12da91cf9..00e60f315 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -58,6 +58,9 @@ data: {{- if .Values.mastodon.smtp.domain }} SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} {{- end }} + {{- if .Values.mastodon.smtp.enable_starttls }} + SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }} + {{- end }} {{- if .Values.mastodon.smtp.enable_starttls_auto }} SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 9e1c59219..5cee86e0e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -77,7 +77,7 @@ mastodon: ca_file: /etc/ssl/certs/ca-certificates.crt delivery_method: smtp domain: - enable_starttls_auto: true + enable_starttls: 'auto' from_address: notifications@example.com openssl_verify_mode: peer port: 587 diff --git a/config/environments/production.rb b/config/environments/production.rb index f41a0f197..48b134949 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -101,6 +101,20 @@ Rails.application.configure do config.action_mailer.default_options[:reply_to] = ENV['SMTP_REPLY_TO'] if ENV['SMTP_REPLY_TO'].present? config.action_mailer.default_options[:return_path] = ENV['SMTP_RETURN_PATH'] if ENV['SMTP_RETURN_PATH'].present? + enable_starttls = nil + enable_starttls_auto = nil + + case env['SMTP_ENABLE_STARTTLS'] + when 'always' + enable_starttls = true + when 'never' + enable_starttls = false + when 'auto' + enable_starttls_auto = true + else + enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false' + end + config.action_mailer.smtp_settings = { :port => ENV['SMTP_PORT'], :address => ENV['SMTP_SERVER'], @@ -110,7 +124,8 @@ Rails.application.configure do :authentication => ENV['SMTP_AUTH_METHOD'] == 'none' ? nil : ENV['SMTP_AUTH_METHOD'] || :plain, :ca_file => ENV['SMTP_CA_FILE'].presence || '/etc/ssl/certs/ca-certificates.crt', :openssl_verify_mode => ENV['SMTP_OPENSSL_VERIFY_MODE'], - :enable_starttls_auto => ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false', + :enable_starttls => enable_starttls, + :enable_starttls_auto => enable_starttls_auto, :tls => ENV['SMTP_TLS'].presence && ENV['SMTP_TLS'] == 'true', :ssl => ENV['SMTP_SSL'].presence && ENV['SMTP_SSL'] == 'true', } diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake index 80e1dcf52..76089ebac 100644 --- a/lib/tasks/mastodon.rake +++ b/lib/tasks/mastodon.rake @@ -271,6 +271,7 @@ namespace :mastodon do env['SMTP_PORT'] = 25 env['SMTP_AUTH_METHOD'] = 'none' env['SMTP_OPENSSL_VERIFY_MODE'] = 'none' + env['SMTP_ENABLE_STARTTLS'] = 'auto' else env['SMTP_SERVER'] = prompt.ask('SMTP server:') do |q| q.required true @@ -299,6 +300,8 @@ namespace :mastodon do end env['SMTP_OPENSSL_VERIFY_MODE'] = prompt.select('SMTP OpenSSL verify mode:', %w(none peer client_once fail_if_no_peer_cert)) + + env['SMTP_ENABLE_STARTTLS'] = prompt.select('Enable STARTTLS:', %w(auto always never)) end env['SMTP_FROM_ADDRESS'] = prompt.ask('E-mail address to send e-mails "from":') do |q| @@ -312,6 +315,20 @@ namespace :mastodon do send_to = prompt.ask('Send test e-mail to:', required: true) begin + enable_starttls = nil + enable_starttls_auto = nil + + case env['SMTP_ENABLE_STARTTLS'] + when 'always' + enable_starttls = true + when 'never' + enable_starttls = false + when 'auto' + enable_starttls_auto = true + else + enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false' + end + ActionMailer::Base.smtp_settings = { port: env['SMTP_PORT'], address: env['SMTP_SERVER'], @@ -320,7 +337,8 @@ namespace :mastodon do domain: env['LOCAL_DOMAIN'], authentication: env['SMTP_AUTH_METHOD'] == 'none' ? nil : env['SMTP_AUTH_METHOD'] || :plain, openssl_verify_mode: env['SMTP_OPENSSL_VERIFY_MODE'], - enable_starttls_auto: true, + enable_starttls: enable_starttls, + enable_starttls_auto: enable_starttls_auto, } ActionMailer::Base.default_options = { diff --git a/scalingo.json b/scalingo.json index 511c1802a..8c8992977 100644 --- a/scalingo.json +++ b/scalingo.json @@ -74,8 +74,13 @@ "description": "SMTP server certificate verification mode. Defaults is 'peer'.", "required": false }, + "SMTP_ENABLE_STARTTLS": { + "description": "Enable STARTTLS? Default is 'auto'.", + "value": "auto", + "required": false + }, "SMTP_ENABLE_STARTTLS_AUTO": { - "description": "Enable STARTTLS if SMTP server supports it? Default is true.", + "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.", "required": false }, "BUILDPACK_URL": { -- cgit