[GH-6366] Add functionality to disable Authentication when connecting to SMTP (#6639)

* Issue #6366: Add feature to disable auth for Encrypted connections to SMTP settings.

* Clean PLAIN AUTH Option

* Reorder SMTP server setup and change helptext

* remove unneeded setting and modify logic

* text description change

config/config.json

@@ -129,6 +129,7 @@
         "FeedbackName": "",
         "FeedbackEmail": "test@example.com",
         "FeedbackOrganization": "",
+        "EnableSMTPAuth": false,
         "SMTPUsername": "",
         "SMTPPassword": "",
         "SMTPServer": "dockerhost",
@@ -299,4 +300,4 @@
         "RunJobs": true,
         "RunScheduler": true
     }
-}
+}

model/config.go

@@ -262,6 +262,7 @@ type EmailSettings struct {
 	FeedbackName                      string
 	FeedbackEmail                     string
 	FeedbackOrganization              *string
+	EnableSMTPAuth                    *bool
 	SMTPUsername                      string
 	SMTPPassword                      string
 	SMTPServer                        string
@@ -785,6 +786,19 @@ func (o *Config) SetDefaults() {
 		*o.EmailSettings.EmailBatchingInterval = EMAIL_BATCHING_INTERVAL
 	}
 
+	if o.EmailSettings.EnableSMTPAuth == nil {
+		o.EmailSettings.EnableSMTPAuth = new(bool)
+		if o.EmailSettings.ConnectionSecurity == CONN_SECURITY_NONE {
+			*o.EmailSettings.EnableSMTPAuth = false
+		} else {
+			*o.EmailSettings.EnableSMTPAuth = true
+		}
+	}
+
+	if o.EmailSettings.ConnectionSecurity == CONN_SECURITY_PLAIN {
+		o.EmailSettings.ConnectionSecurity = CONN_SECURITY_NONE
+	}
+
 	if o.EmailSettings.SkipServerCertificateVerification == nil {
 		o.EmailSettings.SkipServerCertificateVerification = new(bool)
 		*o.EmailSettings.SkipServerCertificateVerification = false

utils/mail.go

@@ -6,13 +6,14 @@ package utils
 import (
 	"crypto/tls"
 	"fmt"
-	l4g "github.com/alecthomas/log4go"
-	"github.com/mattermost/platform/model"
 	"mime"
 	"net"
 	"net/mail"
 	"net/smtp"
 	"time"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/model"
 )
 
 func encodeRFC2047Word(s string) string {
@@ -59,22 +60,17 @@ func newSMTPClient(conn net.Conn, config *model.Config) (*smtp.Client, *model.Ap
 		}
 	}
 
-	auth := smtp.PlainAuth("", config.EmailSettings.SMTPUsername, config.EmailSettings.SMTPPassword, config.EmailSettings.SMTPServer+":"+config.EmailSettings.SMTPPort)
-	if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_TLS {
-		if err = c.Auth(auth); err != nil {
-			return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error())
-		}
-	} else if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_STARTTLS {
+	if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_STARTTLS {
 		tlsconfig := &tls.Config{
 			InsecureSkipVerify: *config.EmailSettings.SkipServerCertificateVerification,
 			ServerName:         config.EmailSettings.SMTPServer,
 		}
 		c.StartTLS(tlsconfig)
-		if err = c.Auth(auth); err != nil {
-			return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error())
-		}
-	} else if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_PLAIN {
-		// note: go library only supports PLAIN auth over non-tls connections
+	}
+
+	if *config.EmailSettings.EnableSMTPAuth {
+		auth := smtp.PlainAuth("", config.EmailSettings.SMTPUsername, config.EmailSettings.SMTPPassword, config.EmailSettings.SMTPServer+":"+config.EmailSettings.SMTPPort)
+
 		if err = c.Auth(auth); err != nil {
 			return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error())
 		}

webapp/components/admin_console/connection_security_dropdown_setting.jsx

@@ -26,23 +26,6 @@ const SECTION_NONE = (
     </tr>
 );
 
-const SECTION_PLAIN = (
-    <tr>
-        <td>
-            <FormattedMessage
-                id='admin.connectionSecurityPlain'
-                defaultMessage='PLAIN'
-            />
-        </td>
-        <td>
-            <FormattedMessage
-                id='admin.connectionSecurityPlainDescription'
-                defaultMessage='Mattermost will connect and authenticate over an insecure connection.'
-            />
-        </td>
-    </tr>
-);
-
 const SECTION_TLS = (
     <tr>
         <td>
@@ -84,7 +67,6 @@ const CONNECTION_SECURITY_HELP_TEXT_EMAIL = (
     >
         <tbody>
             {SECTION_NONE}
-            {SECTION_PLAIN}
             {SECTION_TLS}
             {SECTION_STARTTLS}
         </tbody>
@@ -122,7 +104,6 @@ export function ConnectionSecurityDropdownSettingEmail(props) {
             id='connectionSecurity'
             values={[
                 {value: '', text: Utils.localizeMessage('admin.connectionSecurityNone', 'None')},
-                {value: 'PLAIN', text: Utils.localizeMessage('admin.connectionSecurityPlain')},
                 {value: 'TLS', text: Utils.localizeMessage('admin.connectionSecurityTls', 'TLS (Recommended)')},
                 {value: 'STARTTLS', text: Utils.localizeMessage('admin.connectionSecurityStart')}
             ]}

webapp/components/admin_console/email_settings.jsx

@@ -32,6 +32,7 @@ export default class EmailSettings extends AdminSettings {
         config.EmailSettings.FeedbackName = this.state.feedbackName;
         config.EmailSettings.FeedbackEmail = this.state.feedbackEmail;
         config.EmailSettings.FeedbackOrganization = this.state.feedbackOrganization;
+        config.EmailSettings.EnableSMTPAuth = this.state.enableSMTPAuth;
         config.EmailSettings.SMTPUsername = this.state.smtpUsername;
         config.EmailSettings.SMTPPassword = this.state.smtpPassword;
         config.EmailSettings.SMTPServer = this.state.smtpServer;
@@ -56,6 +57,7 @@ export default class EmailSettings extends AdminSettings {
             feedbackName: config.EmailSettings.FeedbackName,
             feedbackEmail: config.EmailSettings.FeedbackEmail,
             feedbackOrganization: config.EmailSettings.FeedbackOrganization,
+            enableSMTPAuth: config.EmailSettings.EnableSMTPAuth,
             smtpUsername: config.EmailSettings.SMTPUsername,
             smtpPassword: config.EmailSettings.SMTPPassword,
             smtpServer: config.EmailSettings.SMTPServer,
@@ -201,44 +203,6 @@ export default class EmailSettings extends AdminSettings {
                     onChange={this.handleChange}
                     disabled={!this.state.sendEmailNotifications}
                 />
-                <TextSetting
-                    id='smtpUsername'
-                    label={
-                        <FormattedMessage
-                            id='admin.email.smtpUsernameTitle'
-                            defaultMessage='SMTP Server Username:'
-                        />
-                    }
-                    placeholder={Utils.localizeMessage('admin.email.smtpUsernameExample', 'Ex: "admin@yourcompany.com", "AKIADTOVBGERKLCBV"')}
-                    helpText={
-                        <FormattedMessage
-                            id='admin.email.smtpUsernameDescription'
-                            defaultMessage=' Obtain this credential from administrator setting up your email server.'
-                        />
-                    }
-                    value={this.state.smtpUsername}
-                    onChange={this.handleChange}
-                    disabled={!this.state.sendEmailNotifications}
-                />
-                <TextSetting
-                    id='smtpPassword'
-                    label={
-                        <FormattedMessage
-                            id='admin.email.smtpPasswordTitle'
-                            defaultMessage='SMTP Server Password:'
-                        />
-                    }
-                    placeholder={Utils.localizeMessage('admin.email.smtpPasswordExample', 'Ex: "yourpassword", "jcuS8PuvcpGhpgHhlcpT1Mx42pnqMxQY"')}
-                    helpText={
-                        <FormattedMessage
-                            id='admin.email.smtpPasswordDescription'
-                            defaultMessage=' Obtain this credential from administrator setting up your email server.'
-                        />
-                    }
-                    value={this.state.smtpPassword}
-                    onChange={this.handleChange}
-                    disabled={!this.state.sendEmailNotifications}
-                />
                 <TextSetting
                     id='smtpServer'
                     label={
@@ -277,6 +241,63 @@ export default class EmailSettings extends AdminSettings {
                     onChange={this.handleChange}
                     disabled={!this.state.sendEmailNotifications}
                 />
+                <BooleanSetting
+                    id='enableSMTPAuth'
+                    label={
+                        <FormattedMessage
+                            id='admin.email.enableSMTPAuthTitle'
+                            defaultMessage='Enable SMTP Authentication: '
+                        />
+                    }
+                    helpText={[
+                        <FormattedHTMLMessage
+                            key='admin.email.enableSMTPAuthDesc'
+                            id='admin.email.enableSMTPAuthDesc'
+                            defaultMessage='When true, SMTP Authentication is enabled.'
+                        />
+                    ]}
+                    value={this.state.enableSMTPAuth}
+                    onChange={this.handleChange}
+                    disabled={!this.state.sendEmailNotifications}
+                />
+                <TextSetting
+                    id='smtpUsername'
+                    label={
+                        <FormattedMessage
+                            id='admin.email.smtpUsernameTitle'
+                            defaultMessage='SMTP Server Username:'
+                        />
+                    }
+                    placeholder={Utils.localizeMessage('admin.email.smtpUsernameExample', 'Ex: "admin@yourcompany.com", "AKIADTOVBGERKLCBV"')}
+                    helpText={
+                        <FormattedMessage
+                            id='admin.email.smtpUsernameDescription'
+                            defaultMessage=' Obtain this credential from administrator setting up your email server.'
+                        />
+                    }
+                    value={this.state.smtpUsername}
+                    onChange={this.handleChange}
+                    disabled={!this.state.sendEmailNotifications || !this.state.enableSMTPAuth}
+                />
+                <TextSetting
+                    id='smtpPassword'
+                    label={
+                        <FormattedMessage
+                            id='admin.email.smtpPasswordTitle'
+                            defaultMessage='SMTP Server Password:'
+                        />
+                    }
+                    placeholder={Utils.localizeMessage('admin.email.smtpPasswordExample', 'Ex: "yourpassword", "jcuS8PuvcpGhpgHhlcpT1Mx42pnqMxQY"')}
+                    helpText={
+                        <FormattedMessage
+                            id='admin.email.smtpPasswordDescription'
+                            defaultMessage=' Obtain this credential from administrator setting up your email server.'
+                        />
+                    }
+                    value={this.state.smtpPassword}
+                    onChange={this.handleChange}
+                    disabled={!this.state.sendEmailNotifications || !this.state.enableSMTPAuth}
+                />
                 <ConnectionSecurityDropdownSettingEmail
                     value={this.state.connectionSecurity}
                     onChange={this.handleChange}

webapp/i18n/en.json

@@ -203,8 +203,6 @@
   "admin.compliance_table.userId": "Requested By",
   "admin.connectionSecurityNone": "None",
   "admin.connectionSecurityNoneDescription": "Mattermost will connect over an insecure connection.",
-  "admin.connectionSecurityPlain": "PLAIN",
-  "admin.connectionSecurityPlainDescription": "Mattermost will connect and authenticate over an insecure connection.",
   "admin.connectionSecurityStart": "STARTTLS",
   "admin.connectionSecurityStartDescription": "Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS.",
   "admin.connectionSecurityTest": "Test Connection",
@@ -309,7 +307,7 @@
   "admin.email.selfPush": "Manually enter Push Notification Service location",
   "admin.email.skipServerCertificateVerification.description": "When true, Mattermost will not verify the email server certificate.",
   "admin.email.skipServerCertificateVerification.title": "Skip Server Certificate Verification: ",
-  "admin.email.smtpPasswordDescription": " Obtain this credential from administrator setting up your email server.",
+  "admin.email.smtpPasswordDescription": "The password associated with the SMTP username.",
   "admin.email.smtpPasswordExample": "E.g.: \"yourpassword\", \"jcuS8PuvcpGhpgHhlcpT1Mx42pnqMxQY\"",
   "admin.email.smtpPasswordTitle": "SMTP Server Password:",
   "admin.email.smtpPortDescription": "Port of SMTP email server.",
@@ -318,9 +316,11 @@
   "admin.email.smtpServerDescription": "Location of SMTP email server.",
   "admin.email.smtpServerExample": "E.g.: \"smtp.yourcompany.com\", \"email-smtp.us-east-1.amazonaws.com\"",
   "admin.email.smtpServerTitle": "SMTP Server:",
-  "admin.email.smtpUsernameDescription": " Obtain this credential from administrator setting up your email server.",
+  "admin.email.smtpUsernameDescription": "The username for authenticating to the SMTP server.",
   "admin.email.smtpUsernameExample": "E.g.: \"admin@yourcompany.com\", \"AKIADTOVBGERKLCBV\"",
   "admin.email.smtpUsernameTitle": "SMTP Server Username:",
+  "admin.email.enableSMTPAuthTitle": "Enable SMTP Authentication:",
+  "admin.email.enableSMTPAuthDesc": "When enabled, username and password are used for authenticating to the SMTP server.",
   "admin.email.testing": "Testing...",
   "admin.false": "false",
   "admin.file.enableFileAttachments": "Allow File Sharing:",