Added support to allow invalid IMAP certificates (#1909)

This commit allows self-signed certificates to be used in upstream IMAP connections.
pull/1938/head
Glenn Wilkinson 2020-08-08 21:03:42 +01:00 committed by GitHub
parent 90fed5a575
commit 0558da90fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 48 additions and 12 deletions

View File

@ -0,0 +1,7 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE `imap` ADD COLUMN ignore_cert_errors BOOLEAN;
-- +goose Down
-- SQL section 'Down' is executed when this migration is rolled back

View File

@ -0,0 +1,7 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE imap ADD COLUMN ignore_cert_errors BOOLEAN;
-- +goose Down
-- SQL section 'Down' is executed when this migration is rolled back

View File

@ -37,6 +37,7 @@ type Email struct {
type Mailbox struct { type Mailbox struct {
Host string Host string
TLS bool TLS bool
IgnoreCertErrors bool
User string User string
Pwd string Pwd string
Folder string Folder string
@ -56,6 +57,7 @@ func Validate(s *models.IMAP) error {
mailServer := Mailbox{ mailServer := Mailbox{
Host: s.Host, Host: s.Host,
TLS: s.TLS, TLS: s.TLS,
IgnoreCertErrors: s.IgnoreCertErrors,
User: s.Username, User: s.Username,
Pwd: s.Password, Pwd: s.Password,
Folder: s.Folder} Folder: s.Folder}
@ -183,7 +185,9 @@ func (mbox *Mailbox) newClient() (*client.Client, error) {
var imapClient *client.Client var imapClient *client.Client
var err error var err error
if mbox.TLS { if mbox.TLS {
imapClient, err = client.DialTLS(mbox.Host, new(tls.Config)) config := new(tls.Config)
config.InsecureSkipVerify = mbox.IgnoreCertErrors
imapClient, err = client.DialTLS(mbox.Host, config)
} else { } else {
imapClient, err = client.Dial(mbox.Host) imapClient, err = client.Dial(mbox.Host)
} }

View File

@ -120,6 +120,7 @@ func checkForNewEmails(im models.IMAP) {
mailServer := Mailbox{ mailServer := Mailbox{
Host: im.Host, Host: im.Host,
TLS: im.TLS, TLS: im.TLS,
IgnoreCertErrors: im.IgnoreCertErrors,
User: im.Username, User: im.Username,
Pwd: im.Password, Pwd: im.Password,
Folder: im.Folder} Folder: im.Folder}

View File

@ -21,6 +21,7 @@ type IMAP struct {
Username string `json:"username"` Username string `json:"username"`
Password string `json:"password"` Password string `json:"password"`
TLS bool `json:"tls"` TLS bool `json:"tls"`
IgnoreCertErrors bool `json:"ignore_cert_errors"`
Folder string `json:"folder"` Folder string `json:"folder"`
RestrictDomain string `json:"restrict_domain"` RestrictDomain string `json:"restrict_domain"`
DeleteReportedCampaignEmail bool `json:"delete_reported_campaign_email"` DeleteReportedCampaignEmail bool `json:"delete_reported_campaign_email"`

View File

@ -36,6 +36,7 @@ $(document).ready(function () {
imapSettings.folder = $("#folder").val() imapSettings.folder = $("#folder").val()
imapSettings.imap_freq = $("#imapfreq").val() imapSettings.imap_freq = $("#imapfreq").val()
imapSettings.restrict_domain = $("#restrictdomain").val() imapSettings.restrict_domain = $("#restrictdomain").val()
imapSettings.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked') imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked')
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error. //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
@ -91,6 +92,7 @@ $(document).ready(function () {
server.username = $("#imapusername").val() server.username = $("#imapusername").val()
server.password = $("#imappassword").val() server.password = $("#imappassword").val()
server.tls = $('#use_tls').prop('checked') server.tls = $('#use_tls').prop('checked')
server.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error. //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
if (server.host == ""){ if (server.host == ""){
@ -120,6 +122,7 @@ $(document).ready(function () {
$("#imappassword").attr("disabled", true); $("#imappassword").attr("disabled", true);
$("#use_imap").attr("disabled", true); $("#use_imap").attr("disabled", true);
$("#use_tls").attr("disabled", true); $("#use_tls").attr("disabled", true);
$('#ignorecerterrors').attr("disabled", true);
$("#folder").attr("disabled", true); $("#folder").attr("disabled", true);
$("#restrictdomain").attr("disabled", true); $("#restrictdomain").attr("disabled", true);
$('#deletecampaign').attr("disabled", true); $('#deletecampaign').attr("disabled", true);
@ -171,6 +174,7 @@ $(document).ready(function () {
$("#imappassword").attr("disabled", false); $("#imappassword").attr("disabled", false);
$("#use_imap").attr("disabled", false); $("#use_imap").attr("disabled", false);
$("#use_tls").attr("disabled", false); $("#use_tls").attr("disabled", false);
$('#ignorecerterrors').attr("disabled", false);
$("#folder").attr("disabled", false); $("#folder").attr("disabled", false);
$("#restrictdomain").attr("disabled", false); $("#restrictdomain").attr("disabled", false);
$('#deletecampaign').attr("disabled", false); $('#deletecampaign').attr("disabled", false);
@ -208,6 +212,7 @@ $(document).ready(function () {
$("#imapport").val(imap.port) $("#imapport").val(imap.port)
$("#imappassword").val(imap.password) $("#imappassword").val(imap.password)
$('#use_tls').prop('checked', imap.tls) $('#use_tls').prop('checked', imap.tls)
$('#ignorecerterrors').prop('checked', imap.ignore_cert_errors)
$('#use_imap').prop('checked', imap.enabled) $('#use_imap').prop('checked', imap.enabled)
$("#folder").val(imap.folder) $("#folder").val(imap.folder)
$("#restrictdomain").val(imap.restrict_domain) $("#restrictdomain").val(imap.restrict_domain)

View File

@ -192,6 +192,17 @@
</div> </div>
<br /> <br />
<div class="row">
<label for="ignorecerterrors" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)">Ignore Certificate Errors:</label>
<div class="col-md-6">
<div class="checkbox checkbox-primary">
<input id="ignorecerterrors" type="checkbox">
<label for="ignorecerterrors"></label>
</div>
</div>
</div>
<br />
<div class="row"> <div class="row">
<label for="deletecampaign" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Delete campaign emails after they've been reported.">Delete campaigns emails:</label> <label for="deletecampaign" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Delete campaign emails after they've been reported.">Delete campaigns emails:</label>
<div class="col-md-6"> <div class="col-md-6">