From cd0ab378efb48d5ef2c1b0edc9bac924dd0a8889 Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin@tolmer.fr>
Date: Sat, 30 Jul 2022 15:41:10 +0200
Subject: [PATCH] server: deprecate smtp.tls_required, add smtp_encryption

---
 server/src/infra/cli.rs           | 14 +++++++++++++-
 server/src/infra/configuration.rs | 14 ++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/server/src/infra/cli.rs b/server/src/infra/cli.rs
index 4472304..202c3b8 100644
--- a/server/src/infra/cli.rs
+++ b/server/src/infra/cli.rs
@@ -1,5 +1,6 @@
 use clap::Parser;
 use lettre::message::Mailbox;
+use serde::{Deserialize, Serialize};
 
 /// lldap is a lightweight LDAP server
 #[derive(Debug, Parser, Clone)]
@@ -102,6 +103,14 @@ pub struct LdapsOpts {
     pub ldaps_key_file: Option<String>,
 }
 
+clap::arg_enum! {
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub enum SmtpEncryption {
+    TLS,
+    STARTTLS,
+}
+}
+
 #[derive(Debug, Parser, Clone)]
 #[clap(next_help_heading = Some("SMTP"), setting = clap::AppSettings::DeriveDisplayOrder)]
 pub struct SmtpOpts {
@@ -130,8 +139,11 @@ pub struct SmtpOpts {
     pub smtp_password: Option<String>,
 
     /// Whether TLS should be used to connect to SMTP.
-    #[clap(long, env = "LLDAP_SMTP_OPTIONS__TLS_REQUIRED")]
+    #[clap(long, env = "LLDAP_SMTP_OPTIONS__TLS_REQUIRED", setting=clap::ArgSettings::Hidden)]
     pub smtp_tls_required: Option<bool>,
+
+    #[clap(long, env = "LLDAP_SMTP_OPTIONS__ENCRYPTION", possible_values = SmtpEncryption::variants(), case_insensitive = true)]
+    pub smtp_encryption: Option<SmtpEncryption>,
 }
 
 #[derive(Debug, Parser, Clone)]
diff --git a/server/src/infra/configuration.rs b/server/src/infra/configuration.rs
index 687c3e8..96ef30a 100644
--- a/server/src/infra/configuration.rs
+++ b/server/src/infra/configuration.rs
@@ -1,6 +1,6 @@
 use crate::{
     domain::handler::UserId,
-    infra::cli::{GeneralConfigOpts, LdapsOpts, RunOpts, SmtpOpts, TestEmailOpts},
+    infra::cli::{GeneralConfigOpts, LdapsOpts, RunOpts, SmtpEncryption, SmtpOpts, TestEmailOpts},
 };
 use anyhow::{Context, Result};
 use figment::{
@@ -29,8 +29,11 @@ pub struct MailOptions {
     pub user: String,
     #[builder(default = r#"SecUtf8::from("")"#)]
     pub password: SecUtf8,
-    #[builder(default = "true")]
-    pub tls_required: bool,
+    #[builder(default = "SmtpEncryption::TLS")]
+    pub smtp_encryption: SmtpEncryption,
+    /// Deprecated.
+    #[builder(default = "None")]
+    pub tls_required: Option<bool>,
 }
 
 impl std::default::Default for MailOptions {
@@ -234,7 +237,7 @@ impl ConfigOverrider for SmtpOpts {
             config.smtp_options.password = SecUtf8::from(password.clone());
         }
         if let Some(tls_required) = self.smtp_tls_required {
-            config.smtp_options.tls_required = tls_required;
+            config.smtp_options.tls_required = Some(tls_required);
         }
     }
 }
@@ -268,5 +271,8 @@ where
     if config.ldap_user_pass == SecUtf8::from("password") {
         println!("WARNING: Unsecure default admin password is used.");
     }
+    if config.smtp_options.tls_required.is_some() {
+        println!("DEPRECATED: smtp_options.tls_required field is deprecated, it never did anything. You can replace it with smtp_options.smtp_encryption.");
+    }
     Ok(config)
 }