Added support to allow invalid IMAP certificates (#1909)

This commit allows self-signed certificates to be used in upstream IMAP connections.
pull/1938/head
Glenn Wilkinson 2020-08-08 21:03:42 +01:00 committed by GitHub
parent 90fed5a575
commit 0558da90fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 48 additions and 12 deletions

View File

@ -0,0 +1,7 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE `imap` ADD COLUMN ignore_cert_errors BOOLEAN;
-- +goose Down
-- SQL section 'Down' is executed when this migration is rolled back

View File

@ -0,0 +1,7 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE imap ADD COLUMN ignore_cert_errors BOOLEAN;
-- +goose Down
-- SQL section 'Down' is executed when this migration is rolled back

View File

@ -35,11 +35,12 @@ type Email struct {
// Mailbox holds onto the credentials and other information
// needed for connecting to an IMAP server.
type Mailbox struct {
Host string
TLS bool
User string
Pwd string
Folder string
Host string
TLS bool
IgnoreCertErrors bool
User string
Pwd string
Folder string
// Read only mode, false (original logic) if not initialized
ReadOnly bool
}
@ -54,11 +55,12 @@ func Validate(s *models.IMAP) error {
s.Host = s.Host + ":" + strconv.Itoa(int(s.Port)) // Append port
mailServer := Mailbox{
Host: s.Host,
TLS: s.TLS,
User: s.Username,
Pwd: s.Password,
Folder: s.Folder}
Host: s.Host,
TLS: s.TLS,
IgnoreCertErrors: s.IgnoreCertErrors,
User: s.Username,
Pwd: s.Password,
Folder: s.Folder}
imapClient, err := mailServer.newClient()
if err != nil {
@ -183,7 +185,9 @@ func (mbox *Mailbox) newClient() (*client.Client, error) {
var imapClient *client.Client
var err error
if mbox.TLS {
imapClient, err = client.DialTLS(mbox.Host, new(tls.Config))
config := new(tls.Config)
config.InsecureSkipVerify = mbox.IgnoreCertErrors
imapClient, err = client.DialTLS(mbox.Host, config)
} else {
imapClient, err = client.Dial(mbox.Host)
}

View File

@ -120,6 +120,7 @@ func checkForNewEmails(im models.IMAP) {
mailServer := Mailbox{
Host: im.Host,
TLS: im.TLS,
IgnoreCertErrors: im.IgnoreCertErrors,
User: im.Username,
Pwd: im.Password,
Folder: im.Folder}

View File

@ -21,6 +21,7 @@ type IMAP struct {
Username string `json:"username"`
Password string `json:"password"`
TLS bool `json:"tls"`
IgnoreCertErrors bool `json:"ignore_cert_errors"`
Folder string `json:"folder"`
RestrictDomain string `json:"restrict_domain"`
DeleteReportedCampaignEmail bool `json:"delete_reported_campaign_email"`

View File

@ -36,6 +36,7 @@ $(document).ready(function () {
imapSettings.folder = $("#folder").val()
imapSettings.imap_freq = $("#imapfreq").val()
imapSettings.restrict_domain = $("#restrictdomain").val()
imapSettings.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
imapSettings.delete_reported_campaign_email = $('#deletecampaign').prop('checked')
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
@ -91,6 +92,7 @@ $(document).ready(function () {
server.username = $("#imapusername").val()
server.password = $("#imappassword").val()
server.tls = $('#use_tls').prop('checked')
server.ignore_cert_errors = $('#ignorecerterrors').prop('checked')
//To avoid unmarshalling error in controllers/api/imap.go. It would fail gracefully, but with a generic error.
if (server.host == ""){
@ -120,6 +122,7 @@ $(document).ready(function () {
$("#imappassword").attr("disabled", true);
$("#use_imap").attr("disabled", true);
$("#use_tls").attr("disabled", true);
$('#ignorecerterrors').attr("disabled", true);
$("#folder").attr("disabled", true);
$("#restrictdomain").attr("disabled", true);
$('#deletecampaign').attr("disabled", true);
@ -171,6 +174,7 @@ $(document).ready(function () {
$("#imappassword").attr("disabled", false);
$("#use_imap").attr("disabled", false);
$("#use_tls").attr("disabled", false);
$('#ignorecerterrors').attr("disabled", false);
$("#folder").attr("disabled", false);
$("#restrictdomain").attr("disabled", false);
$('#deletecampaign').attr("disabled", false);
@ -208,6 +212,7 @@ $(document).ready(function () {
$("#imapport").val(imap.port)
$("#imappassword").val(imap.password)
$('#use_tls').prop('checked', imap.tls)
$('#ignorecerterrors').prop('checked', imap.ignore_cert_errors)
$('#use_imap').prop('checked', imap.enabled)
$("#folder").val(imap.folder)
$("#restrictdomain").val(imap.restrict_domain)

View File

@ -192,6 +192,17 @@
</div>
<br />
<div class="row">
<label for="ignorecerterrors" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)">Ignore Certificate Errors:</label>
<div class="col-md-6">
<div class="checkbox checkbox-primary">
<input id="ignorecerterrors" type="checkbox">
<label for="ignorecerterrors"></label>
</div>
</div>
</div>
<br />
<div class="row">
<label for="deletecampaign" class="col-sm-2 control-label form-label" data-toggle="tooltip" title="Delete campaign emails after they've been reported.">Delete campaigns emails:</label>
<div class="col-md-6">