From 0558da90fe9902e1ac3dd4f587bed95e7f8d992d Mon Sep 17 00:00:00 2001 From: Glenn Wilkinson Date: Sat, 8 Aug 2020 21:03:42 +0100 Subject: [PATCH] Added support to allow invalid IMAP certificates (#1909) This commit allows self-signed certificates to be used in upstream IMAP connections. --- ...0000000_0.11.0_imap_ignore_cert_errors.sql | 7 +++++ ...0000000_0.11.0_imap_ignore_cert_errors.sql | 7 +++++ imap/imap.go | 26 +++++++++++-------- imap/monitor.go | 1 + models/imap.go | 1 + static/js/src/app/settings.js | 5 ++++ templates/settings.html | 13 +++++++++- 7 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 db/db_mysql/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql create mode 100644 db/db_sqlite3/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql diff --git a/db/db_mysql/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql b/db/db_mysql/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql new file mode 100644 index 00000000..88fc6a76 --- /dev/null +++ b/db/db_mysql/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql @@ -0,0 +1,7 @@ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied +ALTER TABLE `imap` ADD COLUMN ignore_cert_errors BOOLEAN; + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back diff --git a/db/db_sqlite3/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql b/db/db_sqlite3/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql new file mode 100644 index 00000000..bc825bff --- /dev/null +++ b/db/db_sqlite3/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql @@ -0,0 +1,7 @@ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied +ALTER TABLE imap ADD COLUMN ignore_cert_errors BOOLEAN; + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back diff --git a/imap/imap.go b/imap/imap.go index 07b580f1..7e056176 100644 --- a/imap/imap.go +++ b/imap/imap.go @@ -35,11 +35,12 @@ type Email struct { // Mailbox holds onto the credentials and other information // needed for connecting to an IMAP server. type Mailbox struct { - Host string - TLS bool - User string - Pwd string - Folder string + Host string + TLS bool + IgnoreCertErrors bool + User string + Pwd string + Folder string // Read only mode, false (original logic) if not initialized ReadOnly bool } @@ -54,11 +55,12 @@ func Validate(s *models.IMAP) error { s.Host = s.Host + ":" + strconv.Itoa(int(s.Port)) // Append port mailServer := Mailbox{ - Host: s.Host, - TLS: s.TLS, - User: s.Username, - Pwd: s.Password, - Folder: s.Folder} + Host: s.Host, + TLS: s.TLS, + IgnoreCertErrors: s.IgnoreCertErrors, + User: s.Username, + Pwd: s.Password, + Folder: s.Folder} imapClient, err := mailServer.newClient() if err != nil { @@ -183,7 +185,9 @@ func (mbox *Mailbox) newClient() (*client.Client, error) { var imapClient *client.Client var err error if mbox.TLS { - imapClient, err = client.DialTLS(mbox.Host, new(tls.Config)) + config := new(tls.Config) + config.InsecureSkipVerify = mbox.IgnoreCertErrors + imapClient, err = client.DialTLS(mbox.Host, config) } else { imapClient, err = client.Dial(mbox.Host) } diff --git a/imap/monitor.go b/imap/monitor.go index 9d87e3da..839981c1 100644 --- a/imap/monitor.go +++ b/imap/monitor.go @@ -120,6 +120,7 @@ func checkForNewEmails(im models.IMAP) { mailServer := Mailbox{ Host: im.Host, TLS: im.TLS, + IgnoreCertErrors: im.IgnoreCertErrors, User: im.Username, Pwd: im.Password, Folder: im.Folder} diff --git a/models/imap.go b/models/imap.go index e00ceaa4..a92e4c38 100644 --- a/models/imap.go +++ b/models/imap.go @@ -21,6 +21,7 @@ type IMAP struct { Username string `json:"username"` Password string `json:"password"` TLS bool `json:"tls"` + IgnoreCertErrors bool `json:"ignore_cert_errors"` Folder string `json:"folder"` RestrictDomain string `json:"restrict_domain"` DeleteReportedCampaignEmail bool `json:"delete_reported_campaign_email"` diff --git a/static/js/src/app/settings.js b/static/js/src/app/settings.js index 75569cb5..8a47ec6c 100644 --- a/static/js/src/app/settings.js +++ b/static/js/src/app/settings.js @@ -36,6 +36,7 @@ $(document).ready(function () { imapSettings.folder = $("#folder").val() imapSettings.imap_freq = $("#imapfreq").val() imapSettings.restrict_domain = $("#restrictdomain").val() + imapSettings.ignore_cert_errors = $('#ignorecerterrors').prop('checked') imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked') //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error. @@ -91,6 +92,7 @@ $(document).ready(function () { server.username = $("#imapusername").val() server.password = $("#imappassword").val() server.tls = $('#use_tls').prop('checked') + server.ignore_cert_errors = $('#ignorecerterrors').prop('checked') //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error. if (server.host == ""){ @@ -120,6 +122,7 @@ $(document).ready(function () { $("#imappassword").attr("disabled", true); $("#use_imap").attr("disabled", true); $("#use_tls").attr("disabled", true); + $('#ignorecerterrors').attr("disabled", true); $("#folder").attr("disabled", true); $("#restrictdomain").attr("disabled", true); $('#deletecampaign').attr("disabled", true); @@ -171,6 +174,7 @@ $(document).ready(function () { $("#imappassword").attr("disabled", false); $("#use_imap").attr("disabled", false); $("#use_tls").attr("disabled", false); + $('#ignorecerterrors').attr("disabled", false); $("#folder").attr("disabled", false); $("#restrictdomain").attr("disabled", false); $('#deletecampaign').attr("disabled", false); @@ -208,6 +212,7 @@ $(document).ready(function () { $("#imapport").val(imap.port) $("#imappassword").val(imap.password) $('#use_tls').prop('checked', imap.tls) + $('#ignorecerterrors').prop('checked', imap.ignore_cert_errors) $('#use_imap').prop('checked', imap.enabled) $("#folder").val(imap.folder) $("#restrictdomain").val(imap.restrict_domain) diff --git a/templates/settings.html b/templates/settings.html index 11e1bbaa..ea05802d 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -191,7 +191,18 @@
- + +
+ +
+
+ + +
+
+
+
+