Support unencrypted email usage during development only.
hnb-ku opened this issue · comments
Context:
Rauthy forces TLS connections right now. It tries "real" TLS first and will try again with a downgrade to STARTTLS, if this fails. It will never allow plaintext, because it should really never be used in a real deployment.
This works great and, indeed, real production / staging deployments should always be encrypted, but would it be possible to support plaintext only during development? The can be 100% tied to DEV_MODE to prevent any accidental configuration mishaps.
Use case:
Running Rauthy via docker compose with "throw away" containers and local SMTP via something like MailHog, or MailDev allows for a tighter feedback loop during development. This includes testing user registration flows / API key setups / magic links and data storage.
Expected result:
When DEV_MODE is set to true in Rauthy config, it should be possible to configure Rauthy to use local SMTP (even if non-encrypted)
Actual result:
Rauthy attempts to connect a few times and fails and then the container exits.
That's not a big deal actually. I will not tie it to DEV_MODE, because this does quite a bit more stuff with DB migrations and so on under the hood which might not be what you want in that case.
As I am thinking about it, this could actually come in handy in some deployment scenarios. For instance if someone is not using the container image but maybe the binary directly on the host. In this case the unencrypted localhost relay would be safe in production.
I could add a new config var which will try an unencrypted connection to an SMTP relay running on your localhost port 25 by default without any further configuration. Would that fit your need?
Edit:
Will make the port configurable as well. But I guess we can skip authentication in that case.
I implemented this in #246 .
Do you have a local Rust dev setup and are you able to start the current main branch locally for testing? That would speed up things quite a bit, because I would not need to run the whole nightly-container pipeline otherwise, which takes almost 1 hour to complete on the current machine.
I added just recipes just maildev-start and just maildev-stop for local testing and updated the E-Mail section in the config quite a bit:
#####################################
############# E-MAIL ################
#####################################
# Will be used as the prefix for the E-Mail subject for each E-Mail
# that will be sent out to a client.
# This can be used to further customize your deployment.
# default: "Rauthy IAM"
EMAIL_SUB_PREFIX="Rauthy IAM"
# Rauthy will force TLS and try a downgrade to STARTTLS, if
# TLS fails. It will never allow an unencrypted connection.
# You might want to set `SMTP_DANGER_INSECURE=true` if you
# need this for local dev.
#SMTP_URL=
#SMTP_USERNAME=
#SMTP_PASSWORD=
# Format: "Rauthy <rauthy@localhost.de>"
#SMTP_FROM=
# The number of retries that should be done for connecting to
# the given SMTP_URL.
# When these retries are exceeded without success, Rauthy will
# panic and exit, so no E-Mail can get lost silently because of
# a missing SMTP connection.
# default: 3
SMTP_CONNECT_RETRIES=3
# You can set this to `true` to allow an unencrypted and
# unauthenticated SMTP connection to an SMTP relay on your localhost
# or for development purposes.
# When set to `true`, `SMTP_USERNAME` and `SMTP_PASSWORD` will be
# ignored and you can modify the target port with
# `SMTP_DANGER_INSECURE_PORT`.
# default: false
SMTP_DANGER_INSECURE=true
# The port for an insecure SMTP relay.
# This will most likely be used for testing only.
# It will only be taken into account if `SMTP_DANGER_INSECURE=true` is set.
# default: 1025
#SMTP_DANGER_INSECURE_PORT=1025
It is working like expected so far. I started with allowing it on localhost only, but that would not work when using docker compose obviously, so now there is SMTP_DANGER_INSECURE=true, properly named with DANGER, because it would basically allow an insecure connection to any host.
This is merged into the current main branch and if you could test this on your side directly, it would be nice.
I explained a bit in the CONTRIBUTING.md how to get it running in local dev mode.
Nvm about the local Rust setup on your side. I have some free resources on a machine on the side and just started a nightly pipeline. In ~45 - 60 minutes, you can test with a nightly container image directly.
If you want to use a local SMTP relay for testing E-Mails, there are just recipes for maildev:
Just FYI there's a cool Rust alternative for this as well. Reached v1.0 just a week ago:
https://github.com/tweedegolf/mailcrab/ by @marlonbaeten
Just FYI there's a cool Rust alternative for this as well, which reached v1.0 just a week ago: https://github.com/tweedegolf/mailcrab/
Oh that's really cool. I did not know about this.
Will change the recipes with the next release because I like keeping everything Rust only.
You can use the new nightly images for testing the changes:
ghcr.io/sebadob/rauthy:0.20.2-20240118
ghcr.io/sebadob/rauthy:0.20.2-20240118-lite
Thanks so much for the super fast turn around and the comprehensive additions!
I believe everything should be sorted for cases where you want to run the binary directly or when you run the docker image directly on the host (using the host network)
One last quality of life improvement is to allow docker compose internal DNS resolution to work. Here's what I mean by this. In docker-compose.yml
maildev:
image: maildev/maildev
ports:
- "1080:1080"
- "1025:1025"
rauthy:
image: ghcr.io/sebadob/rauthy:0.20.2-20240118
ports:
- '8080:8080'
- '9090:9090'
volumes:
- ./rauthy/data/:/app/data
environment:
- SMTP_URL=maildev
- SMTP_DANGER_INSECURE=true
depends_on:
- maildev
SMTP_DANGER_INSECURE and SMTP_URL are sort of incompatible here because I want to use maildev as the URL (which docker compose would resolve to the maildev container.
If I was running everything on the same host network I wouldn't have this problem. But... it's nice to have things isolated from each other unless it's actually needed.
In other words, when I set SMTP_DANGER_INSECURE to true, the "host" (as in the url host) for SMTP seems to not use the SMTP_URL option if I'm reading this correctly and seems set to a fixed value of localhost
https://github.com/sebadob/rauthy/blob/main/rauthy-models/src/email.rs#L547-L574
Can this respect the SMTP_URL and maybe have that default to localhost if that's needed. That way I can set the SMTP_URL to maildev or mailcrab or whatever local SMTP server I have as a named service in docker compose and it would resolve to that. Note the the SMTP port stuff is not related here. That part seems OK, this just about the host part of the url.
Thanks again!
Oh yeah, that's my bad. The first version was restricted to localhost only, but then I wanted to change it to make it work with docker compose and other hosts too, I simply forgot to switch the hardcoded localhost to the SMTP_URL. My bad, sorry. I will build a new nightly with the change, then it should be fine.
You can check again with the new nightly, which respects the SMTP_URL for insecure relays:
ghcr.io/sebadob/rauthy:0.20.2-20240119
ghcr.io/sebadob/rauthy:0.20.2-20240119-lite
Magic, thanks a ton!
This is fully resolved on my end and the issue can be closed (I'll leave that to you)
