vaultwarden/src/mail.rs

use lettre::smtp::authentication::Credentials;
use lettre::smtp::ConnectionReuseParameters;
use lettre::{ClientSecurity, ClientTlsParameters, SmtpClient, SmtpTransport, Transport};
use lettre_email::EmailBuilder;
use native_tls::{Protocol, TlsConnector};

use crate::api::EmptyResult;
use crate::auth::{encode_jwt, generate_invite_claims};
use crate::error::Error;
use crate::CONFIG;

fn mailer() -> SmtpTransport {
    let host = CONFIG.smtp_host().unwrap();

    let client_security = if CONFIG.smtp_ssl() {
        let tls = TlsConnector::builder()
            .min_protocol_version(Some(Protocol::Tlsv11))
            .build()
            .unwrap();

        let params = ClientTlsParameters::new(host.clone(), tls);

        if CONFIG.smtp_explicit_tls() {
            ClientSecurity::Wrapper(params)
        } else {
            ClientSecurity::Required(params)
        }
    } else {
        ClientSecurity::None
    };

    let smtp_client = SmtpClient::new((host.as_str(), CONFIG.smtp_port()), client_security).unwrap();

    let smtp_client = match (&CONFIG.smtp_username(), &CONFIG.smtp_password()) {
        (Some(user), Some(pass)) => smtp_client.credentials(Credentials::new(user.clone(), pass.clone())),
        _ => smtp_client,
    };

    smtp_client
        .smtp_utf8(true)
        .connection_reuse(ConnectionReuseParameters::NoReuse)
        .transport()
}

fn get_text(template_name: &'static str, data: serde_json::Value) -> Result<(String, String, String), Error> {
    let (subject_html, body_html) = get_template(&format!("{}.html", template_name), &data)?;
    let (_subject_text, body_text) = get_template(template_name, &data)?;
    Ok((subject_html, body_html, body_text))
}

fn get_template(template_name: &str, data: &serde_json::Value) -> Result<(String, String), Error> {
    let text = CONFIG.render_template(template_name, data)?;
    let mut text_split = text.split("<!---------------->");

    let subject = match text_split.next() {
        Some(s) => s.trim().to_string(),
        None => err!("Template doesn't contain subject"),
    };

    let body = match text_split.next() {
        Some(s) => s.trim().to_string(),
        None => err!("Template doesn't contain body"),
    };

    Ok((subject, body))
}

pub fn send_password_hint(address: &str, hint: Option<String>) -> EmptyResult {
    let template_name = if hint.is_some() {
        "email/pw_hint_some"
    } else {
        "email/pw_hint_none"
    };

    let (subject, body_html, body_text) = get_text(template_name, json!({ "hint": hint, "url": CONFIG.domain() }))?;

    send_email(&address, &subject, &body_html, &body_text)
}

pub fn send_invite(
    address: &str,
    uuid: &str,
    org_id: Option<String>,
    org_user_id: Option<String>,
    org_name: &str,
    invited_by_email: Option<String>,
) -> EmptyResult {
    let claims = generate_invite_claims(
        uuid.to_string(),
        String::from(address),
        org_id.clone(),
        org_user_id.clone(),
        invited_by_email.clone(),
    );
    let invite_token = encode_jwt(&claims);

    let (subject, body_html, body_text) = get_text(
        "email/send_org_invite",
        json!({
            "url": CONFIG.domain(),
            "org_id": org_id.unwrap_or_else(|| "_".to_string()),
            "org_user_id": org_user_id.unwrap_or_else(|| "_".to_string()),
            "email": address,
            "org_name": org_name,
            "token": invite_token,
        }),
    )?;

    send_email(&address, &subject, &body_html, &body_text)
}

pub fn send_invite_accepted(new_user_email: &str, address: &str, org_name: &str) -> EmptyResult {
    let (subject, body_html, body_text) = get_text(
        "email/invite_accepted",
        json!({
            "url": CONFIG.domain(),
            "email": new_user_email,
            "org_name": org_name,
        }),
    )?;

    send_email(&address, &subject, &body_html, &body_text)
}

pub fn send_invite_confirmed(address: &str, org_name: &str) -> EmptyResult {
    let (subject, body_html, body_text) = get_text(
        "email/invite_confirmed",
        json!({
            "url": CONFIG.domain(),
            "org_name": org_name,
        }),
    )?;

    send_email(&address, &subject, &body_html, &body_text)
}

fn send_email(address: &str, subject: &str, body_html: &str, body_text: &str) -> EmptyResult {
    let email = EmailBuilder::new()
        .to(address)
        .from((CONFIG.smtp_from().as_str(), CONFIG.smtp_from_name().as_str()))
        .subject(subject)
        .alternative(body_html, body_text)
        .build()
        .map_err(|e| Error::new("Error building email", e.to_string()))?;

    let mut transport = mailer();

    let result = transport
        .send(email.into())
        .map_err(|e| Error::new("Error sending email", e.to_string()))
        .and(Ok(()));

    // Explicitly close the connection, in case of error
    transport.close();
    result
}
make SMTP authentication optionnal, let lettre pick the better auth mechanism 2018-08-15 17:00:55 +02:00			`use lettre::smtp::authentication::Credentials;`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`use lettre::smtp::ConnectionReuseParameters;`
			`use lettre::{ClientSecurity, ClientTlsParameters, SmtpClient, SmtpTransport, Transport};`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00			`use lettre_email::EmailBuilder;`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`use native_tls::{Protocol, TlsConnector};`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`use crate::api::EmptyResult;`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`use crate::auth::{encode_jwt, generate_invite_claims};`
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`use crate::error::Error;`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`use crate::CONFIG;`
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00
Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`fn mailer() -> SmtpTransport {`
			`let host = CONFIG.smtp_host().unwrap();`

			`let client_security = if CONFIG.smtp_ssl() {`
Updated dependencies, removed valid mail check (now done by lettre), and updated global domains file 2018-10-04 00:01:04 +02:00			`let tls = TlsConnector::builder()`
			`.min_protocol_version(Some(Protocol::Tlsv11))`
			`.build()`
			`.unwrap();`

Add option to use wrapped TLS in email, instead of STARTTLS upgrade 2019-03-10 14:44:42 +01:00			`let params = ClientTlsParameters::new(host.clone(), tls);`

			`if CONFIG.smtp_explicit_tls() {`
			`ClientSecurity::Wrapper(params)`
			`} else {`
			`ClientSecurity::Required(params)`
			`}`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00			`} else {`
			`ClientSecurity::None`
			`};`

Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`let smtp_client = SmtpClient::new((host.as_str(), CONFIG.smtp_port()), client_security).unwrap();`
make SMTP authentication optionnal, let lettre pick the better auth mechanism 2018-08-15 17:00:55 +02:00
Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`let smtp_client = match (&CONFIG.smtp_username(), &CONFIG.smtp_password()) {`
Updated dependencies, removed valid mail check (now done by lettre), and updated global domains file 2018-10-04 00:01:04 +02:00			`(Some(user), Some(pass)) => smtp_client.credentials(Credentials::new(user.clone(), pass.clone())),`
			`_ => smtp_client,`
make SMTP authentication optionnal, let lettre pick the better auth mechanism 2018-08-15 17:00:55 +02:00			`};`

Temp fix for OpenSSL 1.1.1 compatibility 2018-09-19 21:45:50 +02:00			`smtp_client`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00			`.smtp_utf8(true)`
make SMTP authentication optionnal, let lettre pick the better auth mechanism 2018-08-15 17:00:55 +02:00			`.connection_reuse(ConnectionReuseParameters::NoReuse)`
Temp fix for OpenSSL 1.1.1 compatibility 2018-09-19 21:45:50 +02:00			`.transport()`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00			`}`

Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`fn get_text(template_name: &'static str, data: serde_json::Value) -> Result<(String, String, String), Error> {`
			`let (subject_html, body_html) = get_template(&format!("{}.html", template_name), &data)?;`
			`let (_subject_text, body_text) = get_template(template_name, &data)?;`
			`Ok((subject_html, body_html, body_text))`
			`}`

			`fn get_template(template_name: &str, data: &serde_json::Value) -> Result<(String, String), Error> {`
			`let text = CONFIG.render_template(template_name, data)?;`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`let mut text_split = text.split("<!---------------->");`

			`let subject = match text_split.next() {`
			`Some(s) => s.trim().to_string(),`
			`None => err!("Template doesn't contain subject"),`
			`};`

			`let body = match text_split.next() {`
			`Some(s) => s.trim().to_string(),`
			`None => err!("Template doesn't contain body"),`
			`};`

			`Ok((subject, body))`
			`}`

Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`pub fn send_password_hint(address: &str, hint: Option<String>) -> EmptyResult {`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`let template_name = if hint.is_some() {`
Move email templates to subfolder 2019-01-19 16:52:12 +01:00			`"email/pw_hint_some"`
Special messages when user has no password hint 2018-09-11 13:04:34 +02:00			`} else {`
Move email templates to subfolder 2019-01-19 16:52:12 +01:00			`"email/pw_hint_none"`
Special messages when user has no password hint 2018-09-11 13:04:34 +02:00			`};`
Better message into the password hint email 2018-08-15 10:17:05 +02:00
Add missing url parameter 2019-02-10 21:40:20 +01:00			`let (subject, body_html, body_text) = get_text(template_name, json!({ "hint": hint, "url": CONFIG.domain() }))?;`
Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`send_email(&address, &subject, &body_html, &body_text)`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00			`}`

			`pub fn send_invite(`
			`address: &str,`
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-06 05:03:49 +01:00			`uuid: &str,`
			`org_id: Option<String>,`
			`org_user_id: Option<String>,`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00			`org_name: &str,`
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-06 05:03:49 +01:00			`invited_by_email: Option<String>,`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00			`) -> EmptyResult {`
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-06 05:03:49 +01:00			`let claims = generate_invite_claims(`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`uuid.to_string(),`
			`String::from(address),`
			`org_id.clone(),`
			`org_user_id.clone(),`
			`invited_by_email.clone(),`
			`);`
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-06 05:03:49 +01:00			`let invite_token = encode_jwt(&claims);`
Initial stab at templates 2019-01-13 01:39:29 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`let (subject, body_html, body_text) = get_text(`
Move email templates to subfolder 2019-01-19 16:52:12 +01:00			`"email/send_org_invite",`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`json!({`
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods. 2019-01-25 18:23:51 +01:00			`"url": CONFIG.domain(),`
Fixed some clippy lints and changed update_uuid_revision to only use one db query 2019-02-08 18:45:07 +01:00			`"org_id": org_id.unwrap_or_else(\|\| "_".to_string()),`
			`"org_user_id": org_user_id.unwrap_or_else(\|\| "_".to_string()),`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`"email": address,`
			`"org_name": org_name,`
			`"token": invite_token,`
			`}),`
			`)?;`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`send_email(&address, &subject, &body_html, &body_text)`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00			`}`

Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`pub fn send_invite_accepted(new_user_email: &str, address: &str, org_name: &str) -> EmptyResult {`
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`let (subject, body_html, body_text) = get_text(`
Move email templates to subfolder 2019-01-19 16:52:12 +01:00			`"email/invite_accepted",`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`json!({`
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods. 2019-01-25 18:23:51 +01:00			`"url": CONFIG.domain(),`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`"email": new_user_email,`
			`"org_name": org_name,`
			`}),`
			`)?;`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`send_email(&address, &subject, &body_html, &body_text)`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00			`}`

Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`pub fn send_invite_confirmed(address: &str, org_name: &str) -> EmptyResult {`
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`let (subject, body_html, body_text) = get_text(`
Move email templates to subfolder 2019-01-19 16:52:12 +01:00			`"email/invite_confirmed",`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`json!({`
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods. 2019-01-25 18:23:51 +01:00			`"url": CONFIG.domain(),`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`"org_name": org_name,`
			`}),`
			`)?;`
Update admin page to work with new invitation flow 2019-01-04 16:32:51 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`send_email(&address, &subject, &body_html, &body_text)`
SMTP integration, send password hint by email. 2018-08-15 08:32:19 +02:00			`}`
Add invite email functionality 2018-12-15 03:54:03 +01:00
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`fn send_email(address: &str, subject: &str, body_html: &str, body_text: &str) -> EmptyResult {`
Add invite email functionality 2018-12-15 03:54:03 +01:00			`let email = EmailBuilder::new()`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`.to(address)`
Config can now be serialized / deserialized 2019-02-02 01:09:21 +01:00			`.from((CONFIG.smtp_from().as_str(), CONFIG.smtp_from_name().as_str()))`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`.subject(subject)`
Implemented HTML emails with text alternative 2019-02-10 19:12:34 +01:00			`.alternative(body_html, body_text)`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`.build()`
			`.map_err(\|e\| Error::new("Error building email", e.to_string()))?;`
Add invite email functionality 2018-12-15 03:54:03 +01:00
Explicitly close SMTP connection in case of error. 2019-03-07 20:21:10 +01:00			`let mut transport = mailer();`

			`let result = transport`
Fix formatting and add vault link to notification emails 2019-01-05 19:36:08 +01:00			`.send(email.into())`
			`.map_err(\|e\| Error::new("Error sending email", e.to_string()))`
Explicitly close SMTP connection in case of error. 2019-03-07 20:21:10 +01:00			`.and(Ok(()));`

			`// Explicitly close the connection, in case of error`
			`transport.close();`
			`result`
Initial stab at templates 2019-01-13 01:39:29 +01:00			`}`