mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	Merge branch 'R3DRUN3-new_branch'
This commit is contained in:
		| @@ -373,7 +373,7 @@ | ||||
| # ROCKET_WORKERS=10 | ||||
| # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} | ||||
|  | ||||
| ## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service. | ||||
| ## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service. | ||||
| ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. | ||||
| ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory | ||||
| # SMTP_HOST=smtp.domain.tld | ||||
| @@ -385,6 +385,11 @@ | ||||
| # SMTP_PASSWORD=password | ||||
| # SMTP_TIMEOUT=15 | ||||
|  | ||||
| # Whether to send mail via the `sendmail` command | ||||
| # USE_SENDMAIL=false | ||||
| # Which sendmail command to use. The one found in the $PATH is used if not specified. | ||||
| # SENDMAIL_COMMAND="/path/to/sendmail" | ||||
|  | ||||
| ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections. | ||||
| ## Possible values: ["Plain", "Login", "Xoauth2"]. | ||||
| ## Multiple options need to be separated by a comma ','. | ||||
|   | ||||
| @@ -1,16 +1,20 @@ | ||||
| --- | ||||
| repos: | ||||
| -   repo: https://github.com/pre-commit/pre-commit-hooks | ||||
|     rev: v4.3.0 | ||||
|     rev: v4.4.0 | ||||
|     hooks: | ||||
|     - id: check-yaml | ||||
|     - id: check-json | ||||
|     - id: check-toml | ||||
|     - id: mixed-line-ending | ||||
|       args: ["--fix=no"] | ||||
|     - id: end-of-file-fixer | ||||
|       exclude: "(.*js$|.*css$)" | ||||
|     - id: check-case-conflict | ||||
|     - id: check-merge-conflict | ||||
|     - id: detect-private-key | ||||
|     - id: check-symlinks | ||||
|     - id: forbid-submodules | ||||
| -   repo: local | ||||
|     hooks: | ||||
|     - id: fmt | ||||
| @@ -36,5 +40,5 @@ repos: | ||||
|       language: system | ||||
|       args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"] | ||||
|       types_or: [rust, file] | ||||
|       files: (Cargo.toml|Cargo.lock|rust-toolchain|.*\.rs$) | ||||
|       files: (Cargo.toml|Cargo.lock|rust-toolchain|clippy.toml|.*\.rs$) | ||||
|       pass_filenames: false | ||||
|   | ||||
							
								
								
									
										528
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										528
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										33
									
								
								Cargo.toml
									
									
									
									
									
								
							
							
						
						
									
										33
									
								
								Cargo.toml
									
									
									
									
									
								
							| @@ -62,22 +62,24 @@ rocket = { version = "0.5.0-rc.2", features = ["tls", "json"], default-features | ||||
| # WebSockets libraries | ||||
| tokio-tungstenite = "0.18.0" | ||||
| rmpv = "1.0.0" # MessagePack library | ||||
|  | ||||
| # Concurrent HashMap used for WebSocket messaging and favicons | ||||
| dashmap = "5.4.0" | ||||
|  | ||||
| # Async futures | ||||
| futures = "0.3.25" | ||||
| tokio = { version = "1.24.2", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } | ||||
| futures = "0.3.26" | ||||
| tokio = { version = "1.25.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } | ||||
|  | ||||
| # A generic serialization/deserialization framework | ||||
| serde = { version = "1.0.152", features = ["derive"] } | ||||
| serde_json = "1.0.91" | ||||
| serde_json = "1.0.93" | ||||
|  | ||||
| # A safe, extensible ORM and Query builder | ||||
| diesel = { version = "2.0.3", features = ["chrono", "r2d2"] } | ||||
| diesel_migrations = "2.0.0" | ||||
| diesel_logger = { version = "0.2.0", optional = true } | ||||
|  | ||||
| # Bundled SQLite | ||||
| # Bundled/Static SQLite | ||||
| libsqlite3-sys = { version = "0.25.2", features = ["bundled"], optional = true } | ||||
|  | ||||
| # Crypto-related libraries | ||||
| @@ -85,7 +87,7 @@ rand = { version = "0.8.5", features = ["small_rng"] } | ||||
| ring = "0.16.20" | ||||
|  | ||||
| # UUID generation | ||||
| uuid = { version = "1.2.2", features = ["v4"] } | ||||
| uuid = { version = "1.3.0", features = ["v4"] } | ||||
|  | ||||
| # Date and time libraries | ||||
| chrono = { version = "0.4.23", features = ["clock", "serde"], default-features = false } | ||||
| @@ -93,7 +95,7 @@ chrono-tz = "0.8.1" | ||||
| time = "0.3.17" | ||||
|  | ||||
| # Job scheduler | ||||
| job_scheduler_ng = "2.0.3" | ||||
| job_scheduler_ng = "2.0.4" | ||||
|  | ||||
| # Data encoding library Hex/Base32/Base64 | ||||
| data-encoding = "2.3.3" | ||||
| @@ -110,32 +112,34 @@ yubico = { version = "0.11.0", features = ["online-tokio"], default-features = f | ||||
| # WebAuthn libraries | ||||
| webauthn-rs = "0.3.2" | ||||
|  | ||||
| # Handling of URL's for WebAuthn | ||||
| # Handling of URL's for WebAuthn and favicons | ||||
| url = "2.3.1" | ||||
|  | ||||
| # Email librariese-Base, Update crates and small change. | ||||
| lettre = { version = "0.10.1", features = ["smtp-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } | ||||
| # Email libraries | ||||
| lettre = { version = "0.10.2", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } | ||||
| percent-encoding = "2.2.0" # URL encoding library used for URL's in the emails | ||||
| email_address = "0.2.4" | ||||
|  | ||||
| # Template library | ||||
| # HTML Template library | ||||
| handlebars = { version = "4.3.6", features = ["dir_source"] } | ||||
|  | ||||
| # HTTP client | ||||
| # HTTP client (Used for favicons, version check, DUO and HIBP API) | ||||
| reqwest = { version = "0.11.14", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] } | ||||
|  | ||||
| # For favicon extraction from main website | ||||
| # Favicon extraction libraries | ||||
| html5gum = "0.5.2" | ||||
| regex = { version = "1.7.1", features = ["std", "perf", "unicode-perl"], default-features = false } | ||||
| data-url = "0.2.0" | ||||
| bytes = "1.3.0" | ||||
| bytes = "1.4.0" | ||||
|  | ||||
| # Cache function results (Used for version check and favicon fetching) | ||||
| cached = "0.42.0" | ||||
|  | ||||
| # Used for custom short lived cookie jar during favicon extraction | ||||
| cookie = "0.16.2" | ||||
| cookie_store = "0.19.0" | ||||
|  | ||||
| # Used by U2F, JWT and Postgres | ||||
| # Used by U2F, JWT and PostgreSQL | ||||
| openssl = "0.10.45" | ||||
|  | ||||
| # CLI argument parsing | ||||
| @@ -151,6 +155,7 @@ semver = "1.0.16" | ||||
| # Allow overriding the default memory allocator | ||||
| # Mainly used for the musl builds, since the default musl malloc is very slow | ||||
| mimalloc = { version = "0.1.34", features = ["secure"], default-features = false, optional = true } | ||||
| which = "4.4.0" | ||||
|  | ||||
| # Strip debuginfo from the release builds | ||||
| # Also enable thin LTO for some optimizations | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
| 📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation. | ||||
|  | ||||
| --- | ||||
|  | ||||
| [](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml) | ||||
| [](https://hub.docker.com/r/vaultwarden/server) | ||||
| [](https://deps.rs/repo/github/dani-garcia/vaultwarden) | ||||
| [](https://github.com/dani-garcia/vaultwarden/releases/latest) | ||||
|   | ||||
| @@ -3,22 +3,22 @@ | ||||
| # This file was generated using a Jinja2 template. | ||||
| # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. | ||||
|  | ||||
| {% set build_stage_base_image = "rust:1.66-bullseye" %} | ||||
| {% set build_stage_base_image = "rust:1.67-bullseye" %} | ||||
| {% if "alpine" in target_file %} | ||||
| {%   if "amd64" in target_file %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.66.1" %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.67.0" %} | ||||
| {%     set runtime_stage_base_image = "alpine:3.17" %} | ||||
| {%     set package_arch_target = "x86_64-unknown-linux-musl" %} | ||||
| {%   elif "armv7" in target_file %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.66.1" %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.67.0" %} | ||||
| {%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %} | ||||
| {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %} | ||||
| {%   elif "armv6" in target_file %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.66.1" %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.67.0" %} | ||||
| {%     set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %} | ||||
| {%     set package_arch_target = "arm-unknown-linux-musleabi" %} | ||||
| {%   elif "arm64" in target_file %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.66.1" %} | ||||
| {%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.67.0" %} | ||||
| {%     set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %} | ||||
| {%     set package_arch_target = "aarch64-unknown-linux-musl" %} | ||||
| {%   endif %} | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:x86_64-musl-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:x86_64-musl-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:x86_64-musl-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:x86_64-musl-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:aarch64-musl-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:aarch64-musl-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:aarch64-musl-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:aarch64-musl-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:arm-musleabi-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:arm-musleabi-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:arm-musleabi-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:arm-musleabi-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:armv7-musleabihf-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM rust:1.66-bullseye as build | ||||
| FROM rust:1.67-bullseye as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -27,7 +27,7 @@ | ||||
| FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault | ||||
|  | ||||
| ########################## BUILD IMAGE  ########################## | ||||
| FROM blackdex/rust-musl:armv7-musleabihf-stable-1.66.1 as build | ||||
| FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.0 as build | ||||
|  | ||||
| # Build time options to avoid dpkg warnings and help with reproducible builds. | ||||
| ENV DEBIAN_FRONTEND=noninteractive \ | ||||
|   | ||||
| @@ -1 +1 @@ | ||||
| 1.66.1 | ||||
| 1.67.0 | ||||
|   | ||||
| @@ -1,3 +1,4 @@ | ||||
| use std::env::consts::EXE_SUFFIX; | ||||
| use std::process::exit; | ||||
| use std::sync::RwLock; | ||||
|  | ||||
| @@ -614,6 +615,10 @@ make_config! { | ||||
|     smtp: _enable_smtp { | ||||
|         /// Enabled | ||||
|         _enable_smtp:                  bool,   true,   def,     true; | ||||
|         /// Use Sendmail |> Whether to send mail via the `sendmail` command | ||||
|         use_sendmail:                  bool,   true,   def,     false; | ||||
|         /// Sendmail Command |> Which sendmail command to use. The one found in the $PATH is used if not specified. | ||||
|         sendmail_command:              String, true,   option; | ||||
|         /// Host | ||||
|         smtp_host:                     String, true,   option; | ||||
|         /// DEPRECATED smtp_ssl |> DEPRECATED - Please use SMTP_SECURITY | ||||
| @@ -653,7 +658,7 @@ make_config! { | ||||
|     /// Email 2FA Settings | ||||
|     email_2fa: _enable_email_2fa { | ||||
|         /// Enabled |> Disabling will prevent users from setting up new email 2FA and using existing email 2FA configured | ||||
|         _enable_email_2fa:      bool,   true,   auto,    |c| c._enable_smtp && c.smtp_host.is_some(); | ||||
|         _enable_email_2fa:      bool,   true,   auto,    |c| c._enable_smtp && (c.smtp_host.is_some() || c.use_sendmail); | ||||
|         /// Email token size |> Number of digits in an email 2FA token (min: 6, max: 255). Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting. | ||||
|         email_token_size:       u8,     true,   def,      6; | ||||
|         /// Token expiration time |> Maximum time in seconds a token is valid. The time the user has to open email client and copy token. | ||||
| @@ -744,20 +749,51 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { | ||||
|             ), | ||||
|         } | ||||
|  | ||||
|         if cfg.smtp_host.is_some() == cfg.smtp_from.is_empty() { | ||||
|             err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support") | ||||
|         if cfg.use_sendmail { | ||||
|             let command = cfg.sendmail_command.clone().unwrap_or_else(|| format!("sendmail{EXE_SUFFIX}")); | ||||
|  | ||||
|             let mut path = std::path::PathBuf::from(&command); | ||||
|  | ||||
|             if !path.is_absolute() { | ||||
|                 match which::which(&command) { | ||||
|                     Ok(result) => path = result, | ||||
|                     Err(_) => err!(format!("sendmail command {command:?} not found in $PATH")), | ||||
|                 } | ||||
|             } | ||||
|  | ||||
|         if cfg.smtp_host.is_some() && !cfg.smtp_from.contains('@') { | ||||
|             err!("SMTP_FROM does not contain a mandatory @ sign") | ||||
|             match path.metadata() { | ||||
|                 Err(err) if err.kind() == std::io::ErrorKind::NotFound => { | ||||
|                     err!(format!("sendmail command not found at `{path:?}`")) | ||||
|                 } | ||||
|                 Err(err) => { | ||||
|                     err!(format!("failed to access sendmail command at `{path:?}`: {err}")) | ||||
|                 } | ||||
|                 Ok(metadata) => { | ||||
|                     if metadata.is_dir() { | ||||
|                         err!(format!("sendmail command at `{path:?}` isn't a directory")); | ||||
|                     } | ||||
|  | ||||
|                     #[cfg(unix)] | ||||
|                     { | ||||
|                         use std::os::unix::fs::PermissionsExt; | ||||
|                         if !metadata.permissions().mode() & 0o111 != 0 { | ||||
|                             err!(format!("sendmail command at `{path:?}` isn't executable")); | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } else { | ||||
|             if cfg.smtp_host.is_some() == cfg.smtp_from.is_empty() { | ||||
|                 err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support without `USE_SENDMAIL`") | ||||
|             } | ||||
|  | ||||
|             if cfg.smtp_username.is_some() != cfg.smtp_password.is_some() { | ||||
|             err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication") | ||||
|                 err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication without `USE_SENDMAIL`") | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         if cfg._enable_email_2fa && (!cfg._enable_smtp || cfg.smtp_host.is_none()) { | ||||
|             err!("To enable email 2FA, SMTP must be configured") | ||||
|         if (cfg.smtp_host.is_some() || cfg.use_sendmail) && !cfg.smtp_from.contains('@') { | ||||
|             err!("SMTP_FROM does not contain a mandatory @ sign") | ||||
|         } | ||||
|  | ||||
|         if cfg._enable_email_2fa && cfg.email_token_size < 6 { | ||||
| @@ -765,6 +801,10 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     if cfg._enable_email_2fa && !(cfg.smtp_host.is_some() || cfg.use_sendmail) { | ||||
|         err!("To enable email 2FA, a mail transport must be configured") | ||||
|     } | ||||
|  | ||||
|     // Check if the icon blacklist regex is valid | ||||
|     if let Some(ref r) = cfg.icon_blacklist_regex { | ||||
|         let validate_regex = regex::Regex::new(r); | ||||
| @@ -1045,7 +1085,7 @@ impl Config { | ||||
|     } | ||||
|     pub fn mail_enabled(&self) -> bool { | ||||
|         let inner = &self.inner.read().unwrap().config; | ||||
|         inner._enable_smtp && inner.smtp_host.is_some() | ||||
|         inner._enable_smtp && (inner.smtp_host.is_some() || inner.use_sendmail) | ||||
|     } | ||||
|  | ||||
|     pub fn get_duo_akey(&self) -> String { | ||||
|   | ||||
							
								
								
									
										95
									
								
								src/mail.rs
									
									
									
									
									
								
							
							
						
						
									
										95
									
								
								src/mail.rs
									
									
									
									
									
								
							| @@ -8,7 +8,7 @@ use lettre::{ | ||||
|     transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism}, | ||||
|     transport::smtp::client::{Tls, TlsParameters}, | ||||
|     transport::smtp::extension::ClientId, | ||||
|     Address, AsyncSmtpTransport, AsyncTransport, Tokio1Executor, | ||||
|     Address, AsyncSendmailTransport, AsyncSmtpTransport, AsyncTransport, Tokio1Executor, | ||||
| }; | ||||
|  | ||||
| use crate::{ | ||||
| @@ -21,7 +21,15 @@ use crate::{ | ||||
|     CONFIG, | ||||
| }; | ||||
|  | ||||
| fn mailer() -> AsyncSmtpTransport<Tokio1Executor> { | ||||
| fn sendmail_transport() -> AsyncSendmailTransport<Tokio1Executor> { | ||||
|     if let Some(command) = CONFIG.sendmail_command() { | ||||
|         AsyncSendmailTransport::new_with_command(command) | ||||
|     } else { | ||||
|         AsyncSendmailTransport::new() | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn smtp_transport() -> AsyncSmtpTransport<Tokio1Executor> { | ||||
|     use std::time::Duration; | ||||
|     let host = CONFIG.smtp_host().unwrap(); | ||||
|  | ||||
| @@ -509,6 +517,58 @@ pub async fn send_admin_reset_password(address: &str, user_name: &str, org_name: | ||||
|     send_email(address, &subject, body_html, body_text).await | ||||
| } | ||||
|  | ||||
| async fn send_with_selected_transport(email: Message) -> EmptyResult { | ||||
|     if CONFIG.use_sendmail() { | ||||
|         match sendmail_transport().send(email).await { | ||||
|             Ok(_) => Ok(()), | ||||
|             // Match some common errors and make them more user friendly | ||||
|             Err(e) => { | ||||
|                 if e.is_client() { | ||||
|                     debug!("Sendmail client error: {:#?}", e); | ||||
|                     err!(format!("Sendmail client error: {e}")); | ||||
|                 } else if e.is_response() { | ||||
|                     debug!("Sendmail response error: {:#?}", e); | ||||
|                     err!(format!("Sendmail response error: {e}")); | ||||
|                 } else { | ||||
|                     debug!("Sendmail error: {:#?}", e); | ||||
|                     err!(format!("Sendmail error: {e}")); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } else { | ||||
|         match smtp_transport().send(email).await { | ||||
|             Ok(_) => Ok(()), | ||||
|             // Match some common errors and make them more user friendly | ||||
|             Err(e) => { | ||||
|                 if e.is_client() { | ||||
|                     debug!("SMTP client error: {:#?}", e); | ||||
|                     err!(format!("SMTP client error: {e}")); | ||||
|                 } else if e.is_transient() { | ||||
|                     debug!("SMTP 4xx error: {:#?}", e); | ||||
|                     err!(format!("SMTP 4xx error: {e}")); | ||||
|                 } else if e.is_permanent() { | ||||
|                     debug!("SMTP 5xx error: {:#?}", e); | ||||
|                     let mut msg = e.to_string(); | ||||
|                     // Add a special check for 535 to add a more descriptive message | ||||
|                     if msg.contains("(535)") { | ||||
|                         msg = format!("{msg} - Authentication credentials invalid"); | ||||
|                     } | ||||
|                     err!(format!("SMTP 5xx error: {msg}")); | ||||
|                 } else if e.is_timeout() { | ||||
|                     debug!("SMTP timeout error: {:#?}", e); | ||||
|                     err!(format!("SMTP timeout error: {e}")); | ||||
|                 } else if e.is_tls() { | ||||
|                     debug!("SMTP encryption error: {:#?}", e); | ||||
|                     err!(format!("SMTP encryption error: {e}")); | ||||
|                 } else { | ||||
|                     debug!("SMTP error: {:#?}", e); | ||||
|                     err!(format!("SMTP error: {e}")); | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| async fn send_email(address: &str, subject: &str, body_html: String, body_text: String) -> EmptyResult { | ||||
|     let smtp_from = &CONFIG.smtp_from(); | ||||
|  | ||||
| @@ -538,34 +598,5 @@ async fn send_email(address: &str, subject: &str, body_html: String, body_text: | ||||
|         .subject(subject) | ||||
|         .multipart(body)?; | ||||
|  | ||||
|     match mailer().send(email).await { | ||||
|         Ok(_) => Ok(()), | ||||
|         // Match some common errors and make them more user friendly | ||||
|         Err(e) => { | ||||
|             if e.is_client() { | ||||
|                 debug!("SMTP Client error: {:#?}", e); | ||||
|                 err!(format!("SMTP Client error: {e}")); | ||||
|             } else if e.is_transient() { | ||||
|                 debug!("SMTP 4xx error: {:#?}", e); | ||||
|                 err!(format!("SMTP 4xx error: {e}")); | ||||
|             } else if e.is_permanent() { | ||||
|                 debug!("SMTP 5xx error: {:#?}", e); | ||||
|                 let mut msg = e.to_string(); | ||||
|                 // Add a special check for 535 to add a more descriptive message | ||||
|                 if msg.contains("(535)") { | ||||
|                     msg = format!("{msg} - Authentication credentials invalid"); | ||||
|                 } | ||||
|                 err!(format!("SMTP 5xx error: {msg}")); | ||||
|             } else if e.is_timeout() { | ||||
|                 debug!("SMTP timeout error: {:#?}", e); | ||||
|                 err!(format!("SMTP timeout error: {e}")); | ||||
|             } else if e.is_tls() { | ||||
|                 debug!("SMTP Encryption error: {:#?}", e); | ||||
|                 err!(format!("SMTP Encryption error: {e}")); | ||||
|             } else { | ||||
|                 debug!("SMTP {:#?}", e); | ||||
|                 err!(format!("SMTP {e}")); | ||||
|             } | ||||
|         } | ||||
|     } | ||||
|     send_with_selected_transport(email).await | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user