Added support to allow invalid IMAP certificates (#1909)

This commit allows self-signed certificates to be used in upstream IMAP connections.

db/db_mysql/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql

@@ -0,0 +1,7 @@
+
+-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+ALTER TABLE `imap` ADD COLUMN ignore_cert_errors BOOLEAN;
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back

db/db_sqlite3/migrations/20200730000000_0.11.0_imap_ignore_cert_errors.sql

@@ -0,0 +1,7 @@
+
+-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+ALTER TABLE imap ADD COLUMN ignore_cert_errors BOOLEAN;
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back

imap/imap.go

@@ -35,11 +35,12 @@ type Email struct {
 // Mailbox holds onto the credentials and other information
 // needed for connecting to an IMAP server.
 type Mailbox struct {
-	Host   string
+	Host             string
-	TLS    bool
+	TLS              bool
-	User   string
+	IgnoreCertErrors bool
-	Pwd    string
+	User             string
-	Folder string
+	Pwd              string
+	Folder           string
 	// Read only mode, false (original logic) if not initialized
 	ReadOnly bool
 }
@@ -54,11 +55,12 @@ func Validate(s *models.IMAP) error {
 
 	s.Host = s.Host + ":" + strconv.Itoa(int(s.Port)) // Append port
 	mailServer := Mailbox{
-		Host:   s.Host,
+		Host:             s.Host,
-		TLS:    s.TLS,
+		TLS:              s.TLS,
-		User:   s.Username,
+		IgnoreCertErrors: s.IgnoreCertErrors,
-		Pwd:    s.Password,
+		User:             s.Username,
-		Folder: s.Folder}
+		Pwd:              s.Password,
+		Folder:           s.Folder}
 
 	imapClient, err := mailServer.newClient()
 	if err != nil {
@@ -183,7 +185,9 @@ func (mbox *Mailbox) newClient() (*client.Client, error) {
 	var imapClient *client.Client
 	var err error
 	if mbox.TLS {
-		imapClient, err = client.DialTLS(mbox.Host, new(tls.Config))
+		config := new(tls.Config)
+		config.InsecureSkipVerify = mbox.IgnoreCertErrors
+		imapClient, err = client.DialTLS(mbox.Host, config)
 	} else {
 		imapClient, err = client.Dial(mbox.Host)
 	}

imap/monitor.go

@@ -120,6 +120,7 @@ func checkForNewEmails(im models.IMAP) {
 	mailServer := Mailbox{
 		Host:   im.Host,
 		TLS:    im.TLS,
+		IgnoreCertErrors: im.IgnoreCertErrors,
 		User:   im.Username,
 		Pwd:    im.Password,
 		Folder: im.Folder}

models/imap.go

@@ -21,6 +21,7 @@ type IMAP struct {
 	Username                    string    `json:"username"`
 	Password                    string    `json:"password"`
 	TLS                         bool      `json:"tls"`
+	IgnoreCertErrors            bool      `json:"ignore_cert_errors"`
 	Folder                      string    `json:"folder"`
 	RestrictDomain              string    `json:"restrict_domain"`
 	DeleteReportedCampaignEmail bool      `json:"delete_reported_campaign_email"`

static/js/src/app/settings.js

@@ -36,6 +36,7 @@ $(document).ready(function () {
         imapSettings.folder = $("#folder").val()
         imapSettings.imap_freq = $("#imapfreq").val()
         imapSettings.restrict_domain = $("#restrictdomain").val()
+        imapSettings.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
         imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked')
         
         //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
@@ -91,6 +92,7 @@ $(document).ready(function () {
         server.username = $("#imapusername").val()
         server.password = $("#imappassword").val()
         server.tls = $('#use_tls').prop('checked')
+        server.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
 
         //To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error. 
         if (server.host == ""){
@@ -120,6 +122,7 @@ $(document).ready(function () {
         $("#imappassword").attr("disabled", true);
         $("#use_imap").attr("disabled", true);
         $("#use_tls").attr("disabled", true);
+        $('#ignorecerterrors').attr("disabled", true);
         $("#folder").attr("disabled", true);
         $("#restrictdomain").attr("disabled", true);
         $('#deletecampaign').attr("disabled", true);
@@ -171,6 +174,7 @@ $(document).ready(function () {
             $("#imappassword").attr("disabled", false);
             $("#use_imap").attr("disabled", false);
             $("#use_tls").attr("disabled", false);
+            $('#ignorecerterrors').attr("disabled", false);
             $("#folder").attr("disabled", false);
             $("#restrictdomain").attr("disabled", false);
             $('#deletecampaign').attr("disabled", false);
@@ -208,6 +212,7 @@ $(document).ready(function () {
                 $("#imapport").val(imap.port)
                 $("#imappassword").val(imap.password)
                 $('#use_tls').prop('checked', imap.tls)
+                $('#ignorecerterrors').prop('checked', imap.ignore_cert_errors)
                 $('#use_imap').prop('checked', imap.enabled)
                 $("#folder").val(imap.folder)
                 $("#restrictdomain").val(imap.restrict_domain)

templates/settings.html

@@ -192,6 +192,17 @@
                 </div>
                 <br />
 
+                <div class="row">
+                    <label for="ignorecerterrors" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)">Ignore Certificate Errors:</label>
+                    <div class="col-md-6">
+                        <div class="checkbox checkbox-primary">
+                            <input id="ignorecerterrors" type="checkbox">
+                            <label for="ignorecerterrors"></label>
+                        </div>
+                    </div>
+                </div>
+                <br />
+
                 <div class="row">
                     <label for="deletecampaign" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Delete campaign emails after they've been reported.">Delete campaigns emails:</label>
                     <div class="col-md-6">