server: deprecate smtp.tls_required, add smtp_encryption

2023-04-12 14:25:13 +00:00 · 2022-07-30 15:41:10 +02:00 · 2022-07-30 15:41:10 +02:00 · cd0ab378ef
commit cd0ab378ef
parent 5a27ae4862
2 changed files with 23 additions and 5 deletions
--- a/server/src/infra/cli.rs
+++ b/server/src/infra/cli.rs
@ -1,5 +1,6 @@
 use clap::Parser;
 use lettre::message::Mailbox;
+use serde::{Deserialize, Serialize};

 /// lldap is a lightweight LDAP server
 #[derive(Debug, Parser, Clone)]
@ -102,6 +103,14 @@ pub struct LdapsOpts {
    pub ldaps_key_file: Option<String>,
 }

+clap::arg_enum! {
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub enum SmtpEncryption {
+    TLS,
+    STARTTLS,
+}
+}
+
 #[derive(Debug, Parser, Clone)]
 #[clap(next_help_heading = Some("SMTP"), setting = clap::AppSettings::DeriveDisplayOrder)]
 pub struct SmtpOpts {
@ -130,8 +139,11 @@ pub struct SmtpOpts {
    pub smtp_password: Option<String>,

    /// Whether TLS should be used to connect to SMTP.
-    #[clap(long, env = "LLDAP_SMTP_OPTIONS__TLS_REQUIRED")]
+    #[clap(long, env = "LLDAP_SMTP_OPTIONS__TLS_REQUIRED", setting=clap::ArgSettings::Hidden)]
    pub smtp_tls_required: Option<bool>,
+
+    #[clap(long, env = "LLDAP_SMTP_OPTIONS__ENCRYPTION", possible_values = SmtpEncryption::variants(), case_insensitive = true)]
+    pub smtp_encryption: Option<SmtpEncryption>,
 }

 #[derive(Debug, Parser, Clone)]
--- a/server/src/infra/configuration.rs
+++ b/server/src/infra/configuration.rs
@ -1,6 +1,6 @@
 use crate::{
    domain::handler::UserId,
-    infra::cli::{GeneralConfigOpts, LdapsOpts, RunOpts, SmtpOpts, TestEmailOpts},
+    infra::cli::{GeneralConfigOpts, LdapsOpts, RunOpts, SmtpEncryption, SmtpOpts, TestEmailOpts},
 };
 use anyhow::{Context, Result};
 use figment::{
@ -29,8 +29,11 @@ pub struct MailOptions {
    pub user: String,
    #[builder(default = r#"SecUtf8::from("")"#)]
    pub password: SecUtf8,
-    #[builder(default = "true")]
-    pub tls_required: bool,
+    #[builder(default = "SmtpEncryption::TLS")]
+    pub smtp_encryption: SmtpEncryption,
+    /// Deprecated.
+    #[builder(default = "None")]
+    pub tls_required: Option<bool>,
 }

 impl std::default::Default for MailOptions {
@ -234,7 +237,7 @@ impl ConfigOverrider for SmtpOpts {
            config.smtp_options.password = SecUtf8::from(password.clone());
        }
        if let Some(tls_required) = self.smtp_tls_required {
-            config.smtp_options.tls_required = tls_required;
+            config.smtp_options.tls_required = Some(tls_required);
        }
    }
 }
@ -268,5 +271,8 @@ where
    if config.ldap_user_pass == SecUtf8::from("password") {
        println!("WARNING: Unsecure default admin password is used.");
    }
+    if config.smtp_options.tls_required.is_some() {
+        println!("DEPRECATED: smtp_options.tls_required field is deprecated, it never did anything. You can replace it with smtp_options.smtp_encryption.");
+    }
    Ok(config)
 }