feat: allow anonymous smtp authentication (#1204)

Introduces the ability to use anonymous SMTP authentication where no username or password is provided. Also introduces a new flag to disable TLS avoiding cases also where STARTTLS is used despite `secure` being set to `false`
2025-11-09 20:12:31 +10:00 · 2024-07-09 02:39:59 +02:00
parent 6b5e4da424
commit b0c081683f
6 changed files with 19 additions and 8 deletions
--- a/.env.example
+++ b/.env.example
@ -78,6 +78,8 @@ NEXT_PRIVATE_SMTP_APIKEY_USER=
 NEXT_PRIVATE_SMTP_APIKEY=
 # OPTIONAL: Defines whether to force the use of TLS.
 NEXT_PRIVATE_SMTP_SECURE=
+# OPTIONAL: if this is true and NEXT_PRIVATE_SMTP_SECURE is false then TLS is not used even if the server supports STARTTLS extension
+NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS=
 # REQUIRED: Defines the sender name to use for the from address.
 NEXT_PRIVATE_SMTP_FROM_NAME="Documenso"
 # REQUIRED: Defines the email address to use as the from address.
--- a/docker/README.md
+++ b/docker/README.md
@ -128,6 +128,7 @@ Here's a markdown table documenting all the provided environment variables:
 | `NEXT_PRIVATE_SMTP_APIKEY_USER`              | The API key user for the SMTP server for the `smtp-api` transport.                                  |
 | `NEXT_PRIVATE_SMTP_APIKEY`                   | The API key for the SMTP server for the `smtp-api` transport.                                       |
 | `NEXT_PRIVATE_SMTP_SECURE`                   | Whether to force the use of TLS for the SMTP server for SMTP transports.                            |
+| `NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS`        | If true, then no TLS will be used (even if STARTTLS is supported)                                   |
 | `NEXT_PRIVATE_SMTP_FROM_ADDRESS`             | The email address for the "from" address.                                                           |
 | `NEXT_PRIVATE_SMTP_FROM_NAME`                | The sender name for the "from" address.                                                             |
 | `NEXT_PRIVATE_RESEND_API_KEY`                | The API key for Resend.com for the `resend` transport.                                              |
--- a/packages/email/mailer.ts
+++ b/packages/email/mailer.ts
@ -46,10 +46,13 @@ const getTransport = () => {
    host: process.env.NEXT_PRIVATE_SMTP_HOST ?? 'localhost:2500',
    port: Number(process.env.NEXT_PRIVATE_SMTP_PORT) || 587,
    secure: process.env.NEXT_PRIVATE_SMTP_SECURE === 'true',
-    auth: {
-      user: process.env.NEXT_PRIVATE_SMTP_USERNAME ?? '',
-      pass: process.env.NEXT_PRIVATE_SMTP_PASSWORD ?? '',
-    },
+    ignoreTLS: process.env.NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS === 'true',
+    auth: process.env.NEXT_PRIVATE_SMTP_USERNAME
+      ? {
+          user: process.env.NEXT_PRIVATE_SMTP_USERNAME,
+          pass: process.env.NEXT_PRIVATE_SMTP_PASSWORD ?? '',
+        }
+      : undefined,
  });
 };

--- a/packages/lib/server-only/auth/send-confirmation-email.ts
+++ b/packages/lib/server-only/auth/send-confirmation-email.ts
@ -38,7 +38,7 @@ export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailPro
  const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
  const confirmationLink = `${assetBaseUrl}/verify-email/${verificationToken.token}`;
  const senderName = NEXT_PRIVATE_SMTP_FROM_NAME || 'Documenso';
-  const senderAdress = NEXT_PRIVATE_SMTP_FROM_ADDRESS || 'noreply@documenso.com';
+  const senderAddress = NEXT_PRIVATE_SMTP_FROM_ADDRESS || 'noreply@documenso.com';

  const confirmationTemplate = createElement(ConfirmEmailTemplate, {
    assetBaseUrl,
@ -52,7 +52,7 @@ export const sendConfirmationEmail = async ({ userId }: SendConfirmationEmailPro
    },
    from: {
      name: senderName,
-      address: senderAdress,
+      address: senderAddress,
    },
    subject: 'Please confirm your email',
    html: render(confirmationTemplate),
--- a/packages/tsconfig/process-env.d.ts
+++ b/packages/tsconfig/process-env.d.ts
@ -59,6 +59,7 @@ declare namespace NodeJS {
    NEXT_PRIVATE_SMTP_APIKEY?: string;

    NEXT_PRIVATE_SMTP_SECURE?: string;
+    NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS?: string;

    NEXT_PRIVATE_SMTP_FROM_NAME?: string;
    NEXT_PRIVATE_SMTP_FROM_ADDRESS?: string;
--- a/turbo.json
+++ b/turbo.json
@ -12,9 +12,12 @@
      ]
    },
    "prebuild": {
-      "cache": false,
      "dependsOn": [
        "^prebuild"
+      ],
+      "outputs": [
+        ".next/**",
+        "!.next/cache/**"
      ]
    },
    "lint": {
@ -109,6 +112,7 @@
    "NEXT_PRIVATE_SMTP_APIKEY_USER",
    "NEXT_PRIVATE_SMTP_APIKEY",
    "NEXT_PRIVATE_SMTP_SECURE",
+    "NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS",
    "NEXT_PRIVATE_SMTP_FROM_NAME",
    "NEXT_PRIVATE_SMTP_FROM_ADDRESS",
    "NEXT_PRIVATE_STRIPE_API_KEY",
@ -137,4 +141,4 @@
    "E2E_TEST_AUTHENTICATE_USER_EMAIL",
    "E2E_TEST_AUTHENTICATE_USER_PASSWORD"
  ]
-}
+}