summaryrefslogtreecommitdiffstats
path: root/services/auth/source/smtp/auth.go
blob: d797982da18ec214ab26eb7c83acd51d39f8fa4f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package smtp

import (
	"crypto/tls"
	"fmt"
	"net"
	"net/smtp"
	"os"
	"strconv"

	"code.gitea.io/gitea/models"
)

//   _________   __________________________
//  /   _____/  /     \__    ___/\______   \
//  \_____  \  /  \ /  \|    |    |     ___/
//  /        \/    Y    \    |    |    |
// /_______  /\____|__  /____|    |____|
//         \/         \/

type loginAuthenticator struct {
	username, password string
}

func (auth *loginAuthenticator) Start(server *smtp.ServerInfo) (string, []byte, error) {
	return "LOGIN", []byte(auth.username), nil
}

func (auth *loginAuthenticator) Next(fromServer []byte, more bool) ([]byte, error) {
	if more {
		switch string(fromServer) {
		case "Username:":
			return []byte(auth.username), nil
		case "Password:":
			return []byte(auth.password), nil
		}
	}
	return nil, nil
}

// SMTP authentication type names.
const (
	PlainAuthentication   = "PLAIN"
	LoginAuthentication   = "LOGIN"
	CRAMMD5Authentication = "CRAM-MD5"
)

// Authenticators contains available SMTP authentication type names.
var Authenticators = []string{PlainAuthentication, LoginAuthentication, CRAMMD5Authentication}

// Authenticate performs an SMTP authentication.
func Authenticate(a smtp.Auth, source *Source) error {
	tlsConfig := &tls.Config{
		InsecureSkipVerify: source.SkipVerify,
		ServerName:         source.Host,
	}

	conn, err := net.Dial("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port)))
	if err != nil {
		return err
	}
	defer conn.Close()

	if source.UseTLS() {
		conn = tls.Client(conn, tlsConfig)
	}

	client, err := smtp.NewClient(conn, source.Host)
	if err != nil {
		return fmt.Errorf("failed to create NewClient: %w", err)
	}
	defer client.Close()

	if !source.DisableHelo {
		hostname := source.HeloHostname
		if len(hostname) == 0 {
			hostname, err = os.Hostname()
			if err != nil {
				return fmt.Errorf("failed to find Hostname: %w", err)
			}
		}

		if err = client.Hello(hostname); err != nil {
			return fmt.Errorf("failed to send Helo: %w", err)
		}
	}

	// If not using SMTPS, always use STARTTLS if available
	hasStartTLS, _ := client.Extension("STARTTLS")
	if !source.UseTLS() && hasStartTLS {
		if err = client.StartTLS(tlsConfig); err != nil {
			return fmt.Errorf("failed to start StartTLS: %v", err)
		}
	}

	if ok, _ := client.Extension("AUTH"); ok {
		return client.Auth(a)
	}

	return models.ErrUnsupportedLoginType
}