mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[FIX] File Notifier Default Permissions (#902)
* [FIX] File Notifier Default Permissions * set to 0600 for security * recreate file if it exists with correct perms * remove named return vars from notifier
This commit is contained in:
parent
c1ac25a15b
commit
e89e040949
|
@ -1,3 +1,3 @@
|
||||||
package notification
|
package notification
|
||||||
|
|
||||||
const fileNotifierMode = 0755
|
const fileNotifierMode = 0600
|
||||||
|
|
|
@ -23,36 +23,29 @@ func NewFileNotifier(configuration schema.FileSystemNotifierConfiguration) *File
|
||||||
}
|
}
|
||||||
|
|
||||||
// StartupCheck checks the file provider can write to the specified file
|
// StartupCheck checks the file provider can write to the specified file
|
||||||
func (n *FileNotifier) StartupCheck() (ok bool, err error) {
|
func (n *FileNotifier) StartupCheck() (bool, error) {
|
||||||
ok = true
|
|
||||||
dir := filepath.Dir(n.path)
|
dir := filepath.Dir(n.path)
|
||||||
if _, err = os.Stat(dir); err != nil {
|
if _, err := os.Stat(dir); err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
if err = os.MkdirAll(dir, fileNotifierMode); err != nil {
|
if err = os.MkdirAll(dir, fileNotifierMode); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
|
||||||
if err = ioutil.WriteFile(n.path, []byte(""), fileNotifierMode); err != nil {
|
|
||||||
ok = false
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
} else if _, err = os.Stat(n.path); err != nil {
|
} else if _, err = os.Stat(n.path); err != nil {
|
||||||
if os.IsNotExist(err) {
|
if !os.IsNotExist(err) {
|
||||||
if err = ioutil.WriteFile(n.path, []byte(""), fileNotifierMode); err != nil {
|
return false, err
|
||||||
ok = false
|
}
|
||||||
return
|
} else {
|
||||||
}
|
if err = os.Remove(n.path); err != nil {
|
||||||
} else {
|
return false, err
|
||||||
ok = false
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
err = nil
|
if err := ioutil.WriteFile(n.path, []byte(""), fileNotifierMode); err != nil {
|
||||||
return
|
return false, err
|
||||||
|
}
|
||||||
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send send a identity verification link to a user.
|
// Send send a identity verification link to a user.
|
||||||
|
|
|
@ -91,20 +91,19 @@ func (n *SMTPNotifier) initializeTLSConfig() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
|
// Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
|
||||||
func (n *SMTPNotifier) startTLS() (err error) {
|
func (n *SMTPNotifier) startTLS() error {
|
||||||
// Only start if not already encrypted
|
// Only start if not already encrypted
|
||||||
if _, ok := n.client.TLSConnectionState(); ok {
|
if _, ok := n.client.TLSConnectionState(); ok {
|
||||||
log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
|
log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
ok, _ := n.client.Extension("STARTTLS")
|
ok, _ := n.client.Extension("STARTTLS")
|
||||||
if ok {
|
if ok {
|
||||||
log.Debugf("Notifier SMTP server supports STARTTLS (disableVerifyCert: %t, ServerName: %s), attempting", n.tlsConfig.InsecureSkipVerify, n.tlsConfig.ServerName)
|
log.Debugf("Notifier SMTP server supports STARTTLS (disableVerifyCert: %t, ServerName: %s), attempting", n.tlsConfig.InsecureSkipVerify, n.tlsConfig.ServerName)
|
||||||
|
|
||||||
err = n.client.StartTLS(n.tlsConfig)
|
if err := n.client.StartTLS(n.tlsConfig); err != nil {
|
||||||
if err != nil {
|
return err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
log.Debug("Notifier SMTP STARTTLS completed without error")
|
log.Debug("Notifier SMTP STARTTLS completed without error")
|
||||||
} else if n.disableRequireTLS {
|
} else if n.disableRequireTLS {
|
||||||
|
@ -112,11 +111,11 @@ func (n *SMTPNotifier) startTLS() (err error) {
|
||||||
} else {
|
} else {
|
||||||
return errors.New("Notifier SMTP server does not support TLS and it is required by default (see documentation if you want to disable this highly recommended requirement)")
|
return errors.New("Notifier SMTP server does not support TLS and it is required by default (see documentation if you want to disable this highly recommended requirement)")
|
||||||
}
|
}
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Attempt Authentication.
|
// Attempt Authentication.
|
||||||
func (n *SMTPNotifier) auth() (err error) {
|
func (n *SMTPNotifier) auth() error {
|
||||||
// Attempt AUTH if password is specified only.
|
// Attempt AUTH if password is specified only.
|
||||||
if n.password != "" {
|
if n.password != "" {
|
||||||
_, ok := n.client.TLSConnectionState()
|
_, ok := n.client.TLSConnectionState()
|
||||||
|
@ -146,9 +145,8 @@ func (n *SMTPNotifier) auth() (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authenticate.
|
// Authenticate.
|
||||||
err = n.client.Auth(auth)
|
if err := n.client.Auth(auth); err != nil {
|
||||||
if err != nil {
|
return err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
log.Debug("Notifier SMTP client authenticated successfully with the server")
|
log.Debug("Notifier SMTP client authenticated successfully with the server")
|
||||||
return nil
|
return nil
|
||||||
|
@ -159,7 +157,7 @@ func (n *SMTPNotifier) auth() (err error) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (n *SMTPNotifier) compose(recipient, subject, body string) (err error) {
|
func (n *SMTPNotifier) compose(recipient, subject, body string) error {
|
||||||
log.Debugf("Notifier SMTP client attempting to send email body to %s", recipient)
|
log.Debugf("Notifier SMTP client attempting to send email body to %s", recipient)
|
||||||
if !n.disableRequireTLS {
|
if !n.disableRequireTLS {
|
||||||
_, ok := n.client.TLSConnectionState()
|
_, ok := n.client.TLSConnectionState()
|
||||||
|
@ -194,7 +192,7 @@ func (n *SMTPNotifier) compose(recipient, subject, body string) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Dial the SMTP server with the SMTPNotifier config.
|
// Dial the SMTP server with the SMTPNotifier config.
|
||||||
func (n *SMTPNotifier) dial() (err error) {
|
func (n *SMTPNotifier) dial() error {
|
||||||
log.Debugf("Notifier SMTP client attempting connection to %s", n.address)
|
log.Debugf("Notifier SMTP client attempting connection to %s", n.address)
|
||||||
if n.port == 465 {
|
if n.port == 465 {
|
||||||
log.Warnf("Notifier SMTP client configured to connect to a SMTPS server. It's highly recommended you use a non SMTPS port and STARTTLS instead of SMTPS, as the protocol is long deprecated.")
|
log.Warnf("Notifier SMTP client configured to connect to a SMTPS server. It's highly recommended you use a non SMTPS port and STARTTLS instead of SMTPS, as the protocol is long deprecated.")
|
||||||
|
@ -227,42 +225,34 @@ func (n *SMTPNotifier) cleanup() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// StartupCheck checks the server is functioning correctly and the configuration is correct.
|
// StartupCheck checks the server is functioning correctly and the configuration is correct.
|
||||||
func (n *SMTPNotifier) StartupCheck() (ok bool, err error) {
|
func (n *SMTPNotifier) StartupCheck() (bool, error) {
|
||||||
ok = true
|
if err := n.dial(); err != nil {
|
||||||
|
return false, err
|
||||||
if err = n.dial(); err != nil {
|
|
||||||
ok = false
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
defer n.cleanup()
|
defer n.cleanup()
|
||||||
|
|
||||||
if err = n.startTLS(); err != nil {
|
if err := n.startTLS(); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = n.auth(); err != nil {
|
if err := n.auth(); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = n.client.Mail(n.sender); err != nil {
|
if err := n.client.Mail(n.sender); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = n.client.Rcpt(n.startupCheckAddress); err != nil {
|
if err := n.client.Rcpt(n.startupCheckAddress); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = n.client.Reset(); err != nil {
|
if err := n.client.Reset(); err != nil {
|
||||||
ok = false
|
return false, err
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send is used to send an email to a recipient.
|
// Send is used to send an email to a recipient.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user