Mail Config: Updated how TLS is configured
After full review of current MAIL_ENCRYPTION usage in laravel and smyfony mailer, this updates the options in BookStack to be simplified and specific in usage: - Removed mail.mailers.smtp.encryption option since it did not actually affect anything in the current state of dependancies. - Updated MAIL_ENCRYPTION so values of tls OR ssl will force-enable tls via 'scheme' option with laravel passes to the SMTP transfport, which Smyfony uses as an indicator to force TLS. When MAIL_ENCRYPTION is not used, STARTTLS will still be attempted by symfony mailer. Updated .env files to refer to BookStack docs (which was updated for this) and to reflect correct default port. Related to #4342
This commit is contained in:
parent
9ae17efce9
commit
dbb6c87580
4 changed files with 51 additions and 9 deletions
|
@ -37,8 +37,10 @@ MAIL_FROM=bookstack@example.com
|
|||
# SMTP mail options
|
||||
# These settings can be checked using the "Send a Test Email"
|
||||
# feature found in the "Settings > Maintenance" area of the system.
|
||||
# For more detailed documentation on mail options, refer to:
|
||||
# https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration
|
||||
MAIL_HOST=localhost
|
||||
MAIL_PORT=1025
|
||||
MAIL_PORT=587
|
||||
MAIL_USERNAME=null
|
||||
MAIL_PASSWORD=null
|
||||
MAIL_ENCRYPTION=null
|
||||
|
|
|
@ -69,23 +69,19 @@ DB_PASSWORD=database_user_password
|
|||
# certificate itself (Common Name or Subject Alternative Name).
|
||||
MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
|
||||
|
||||
# Mail system to use
|
||||
# Can be 'smtp' or 'sendmail'
|
||||
# Mail configuration
|
||||
# Refer to https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration
|
||||
MAIL_DRIVER=smtp
|
||||
|
||||
# Mail sending options
|
||||
MAIL_FROM=mail@bookstackapp.com
|
||||
MAIL_FROM_NAME=BookStack
|
||||
|
||||
# SMTP mail options
|
||||
MAIL_HOST=localhost
|
||||
MAIL_PORT=1025
|
||||
MAIL_PORT=587
|
||||
MAIL_USERNAME=null
|
||||
MAIL_PASSWORD=null
|
||||
MAIL_ENCRYPTION=null
|
||||
MAIL_VERIFY_SSL=true
|
||||
|
||||
# Command to use when email is sent via sendmail
|
||||
MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
|
||||
|
||||
# Cache & Session driver to use
|
||||
|
|
|
@ -8,6 +8,10 @@
|
|||
* Do not edit this file unless you're happy to maintain any changes yourself.
|
||||
*/
|
||||
|
||||
// Configured mail encryption method.
|
||||
// STARTTLS should still be attempted, but tls/ssl forces TLS usage.
|
||||
$mailEncryption = env('MAIL_ENCRYPTION', null);
|
||||
|
||||
return [
|
||||
|
||||
// Mail driver to use.
|
||||
|
@ -27,9 +31,9 @@ return [
|
|||
'mailers' => [
|
||||
'smtp' => [
|
||||
'transport' => 'smtp',
|
||||
'scheme' => ($mailEncryption === 'tls' || $mailEncryption === 'ssl') ? 'smtps' : null,
|
||||
'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
|
||||
'port' => env('MAIL_PORT', 587),
|
||||
'encryption' => env('MAIL_ENCRYPTION', 'tls'),
|
||||
'username' => env('MAIL_USERNAME'),
|
||||
'password' => env('MAIL_PASSWORD'),
|
||||
'verify_peer' => env('MAIL_VERIFY_SSL', true),
|
||||
|
|
|
@ -5,6 +5,7 @@ namespace Tests\Unit;
|
|||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
|
||||
use Symfony\Component\Mailer\Transport\Smtp\Stream\SocketStream;
|
||||
use Tests\TestCase;
|
||||
|
||||
/**
|
||||
|
@ -122,6 +123,45 @@ class ConfigTest extends TestCase
|
|||
});
|
||||
}
|
||||
|
||||
public function test_non_null_mail_encryption_options_enforce_smtp_scheme()
|
||||
{
|
||||
$this->checkEnvConfigResult('MAIL_ENCRYPTION', 'tls', 'mail.mailers.smtp.scheme', 'smtps');
|
||||
$this->checkEnvConfigResult('MAIL_ENCRYPTION', 'ssl', 'mail.mailers.smtp.scheme', 'smtps');
|
||||
$this->checkEnvConfigResult('MAIL_ENCRYPTION', 'null', 'mail.mailers.smtp.scheme', null);
|
||||
}
|
||||
|
||||
public function test_smtp_scheme_and_certain_port_forces_tls_usage()
|
||||
{
|
||||
$isMailTlsForcedEnabled = function () {
|
||||
$transport = Mail::mailer('smtp')->getSymfonyTransport();
|
||||
/** @var SocketStream $stream */
|
||||
$stream = $transport->getStream();
|
||||
Mail::purge('smtp');
|
||||
return $stream->isTLS();
|
||||
};
|
||||
|
||||
config()->set([
|
||||
'mail.mailers.smtp.scheme' => null,
|
||||
'mail.mailers.smtp.port' => 587,
|
||||
]);
|
||||
|
||||
$this->assertFalse($isMailTlsForcedEnabled());
|
||||
|
||||
config()->set([
|
||||
'mail.mailers.smtp.scheme' => 'smtps',
|
||||
'mail.mailers.smtp.port' => 587,
|
||||
]);
|
||||
|
||||
$this->assertTrue($isMailTlsForcedEnabled());
|
||||
|
||||
config()->set([
|
||||
'mail.mailers.smtp.scheme' => '',
|
||||
'mail.mailers.smtp.port' => 465,
|
||||
]);
|
||||
|
||||
$this->assertTrue($isMailTlsForcedEnabled());
|
||||
}
|
||||
|
||||
/**
|
||||
* Set an environment variable of the given name and value
|
||||
* then check the given config key to see if it matches the given result.
|
||||
|
|
Loading…
Reference in a new issue