From 952142699c4b16db266d0e637b5193ac0b6b6cdb Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 8 Feb 2024 16:15:29 +0530 Subject: [PATCH 1/3] fix: smtp tls config --- CHANGELOG.md | 5 +++++ ingredients/emaildelivery/main.go | 7 ++++++- ingredients/emaildelivery/smtpmodels.go | 15 +++++++++------ supertokens/constants.go | 2 +- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e4a016..1f9ca06f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +## [0.17.4] - 2024-02-08 + +- Adds `TLSConfig` to SMTP settings. +- `TLSConfig` is always passed to gomail so that it can be used when gomail uses `STARTTLS` to upgrade the connection to TLS. + ## [0.17.3] - 2023-12-12 - CI/CD changes diff --git a/ingredients/emaildelivery/main.go b/ingredients/emaildelivery/main.go index a69db6a9..ace63245 100644 --- a/ingredients/emaildelivery/main.go +++ b/ingredients/emaildelivery/main.go @@ -59,8 +59,13 @@ func SendSMTPEmail(settings SMTPSettings, content EmailContent) error { d := gomail.NewDialer(settings.Host, settings.Port, username, settings.Password) - if settings.Secure { + if settings.TLSConfig != nil { + d.TLSConfig = settings.TLSConfig + } else { d.TLSConfig = &tls.Config{InsecureSkipVerify: true, ServerName: settings.Host} + } + + if settings.Secure { d.SSL = true } return d.DialAndSend(m) diff --git a/ingredients/emaildelivery/smtpmodels.go b/ingredients/emaildelivery/smtpmodels.go index 6f2040a6..34d26cb1 100644 --- a/ingredients/emaildelivery/smtpmodels.go +++ b/ingredients/emaildelivery/smtpmodels.go @@ -17,16 +17,19 @@ package emaildelivery import ( + "crypto/tls" + "github.com/supertokens/supertokens-golang/supertokens" ) type SMTPSettings struct { - Host string - From SMTPFrom - Port int - Username *string - Password string - Secure bool + Host string + From SMTPFrom + Port int + Username *string + Password string + Secure bool + TLSConfig *tls.Config } type SMTPFrom struct { diff --git a/supertokens/constants.go b/supertokens/constants.go index 01ba16c5..1c5c4d0e 100644 --- a/supertokens/constants.go +++ b/supertokens/constants.go @@ -21,7 +21,7 @@ const ( ) // VERSION current version of the lib -const VERSION = "0.17.3" +const VERSION = "0.17.4" var ( cdiSupported = []string{"3.0"} From 9ae652a086f3fbc4052fded4e2d544a7a843f476 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 8 Feb 2024 16:17:59 +0530 Subject: [PATCH 2/3] fix: changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f9ca06f..2841035a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [0.17.4] - 2024-02-08 - Adds `TLSConfig` to SMTP settings. -- `TLSConfig` is always passed to gomail so that it can be used when gomail uses `STARTTLS` to upgrade the connection to TLS. +- `TLSConfig` is always passed to gomail so that it can be used when gomail uses `STARTTLS` to upgrade the connection to TLS. - https://github.com/supertokens/supertokens-golang/issues/392 ## [0.17.3] - 2023-12-12 From 3a16488e93c0bbfa75db08352d171680986ae5d9 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 8 Feb 2024 16:48:39 +0530 Subject: [PATCH 3/3] fix: insecure config --- CHANGELOG.md | 1 + ingredients/emaildelivery/main.go | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2841035a..7733df0d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Adds `TLSConfig` to SMTP settings. - `TLSConfig` is always passed to gomail so that it can be used when gomail uses `STARTTLS` to upgrade the connection to TLS. - https://github.com/supertokens/supertokens-golang/issues/392 +- Not setting `InsecureSkipVerify` to `true` in the SMTP settings because it is not recommended to use it in production. ## [0.17.3] - 2023-12-12 diff --git a/ingredients/emaildelivery/main.go b/ingredients/emaildelivery/main.go index ace63245..8f904014 100644 --- a/ingredients/emaildelivery/main.go +++ b/ingredients/emaildelivery/main.go @@ -58,11 +58,10 @@ func SendSMTPEmail(settings SMTPSettings, content EmailContent) error { } d := gomail.NewDialer(settings.Host, settings.Port, username, settings.Password) - if settings.TLSConfig != nil { d.TLSConfig = settings.TLSConfig } else { - d.TLSConfig = &tls.Config{InsecureSkipVerify: true, ServerName: settings.Host} + d.TLSConfig = &tls.Config{ServerName: settings.Host} } if settings.Secure {