vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 812387e5860daefba2e0f57237cc65ae330e6196
parent f7ffb81d9ec0c5deb159bae9064b7f5fb4231731
Author: Jean-Christophe BEGUE <jc.begue@devisubox.com>
Date:   Wed, 15 Aug 2018 08:32:19 +0200

SMTP integration, send password hint by email.

Diffstat:
M.env | 8++++++++
MCargo.toml | 4++++
Msrc/api/core/accounts.rs | 25+++++++++++++++++--------
Asrc/mail.rs | 47+++++++++++++++++++++++++++++++++++++++++++++++
Msrc/main.rs | 15++++++++++-----
5 files changed, 86 insertions(+), 13 deletions(-)

diff --git a/.env b/.env @@ -41,3 +41,10 @@ # ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app # ROCKET_PORT=8000 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} + +## Mail specific settings, if SMTP_HOST is specified, SMTP_USERNAME and SMTP_PASSWORD are mandatory +# SMTP_HOST=smtp.domain.tld +# SMTP_PORT=587 +# SMTP_SSL=true +# SMTP_USERNAME=username +# SMTP_PASSWORD=password +\ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml @@ -58,6 +58,10 @@ lazy_static = "1.0.1" num-traits = "0.2.5" num-derive = "0.2.2" +lettre = "0.8.2" +lettre_email = "0.8.2" +native-tls = "0.1.5" + [patch.crates-io] # Make jwt use ring 0.11, to match rocket jsonwebtoken = { path = "libs/jsonwebtoken" } diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs @@ -5,6 +5,7 @@ use db::models::*; use api::{PasswordData, JsonResult, EmptyResult, JsonUpcase, NumberOrString}; use auth::Headers; +use mail; use CONFIG; @@ -258,15 +259,23 @@ struct PasswordHintData { fn password_hint(data: JsonUpcase<PasswordHintData>, conn: DbConn) -> EmptyResult { let data: PasswordHintData = data.into_inner().data; - if !CONFIG.show_password_hint { - return Ok(()) + let user = User::find_by_mail(&data.Email, &conn); + if user.is_none() { + return Ok(()); + } + + let user = user.unwrap(); + let hint = user.password_hint.to_owned().unwrap_or("You don't have any...".to_string()); + + if let Some(ref mail_config) = CONFIG.mail { + if let Err(e) = mail::send_password_hint(&user.email, &hint, mail_config) { + err!(format!("There have been a problem sending the email: {}", e)); + } } - match User::find_by_mail(&data.Email, &conn) { - Some(user) => { - let hint = user.password_hint.to_owned().unwrap_or_default(); - err!(format!("Your password hint is: {}", hint)) - }, - None => Ok(()), + if !CONFIG.show_password_hint { + err!(format!("Your password hint is: {}", &hint)); } + + Ok(()) } diff --git a/src/mail.rs b/src/mail.rs @@ -0,0 +1,47 @@ +use std::error::Error; +use native_tls::TlsConnector; +use native_tls::{Protocol}; +use lettre::{EmailTransport, SmtpTransport, ClientTlsParameters, ClientSecurity}; +use lettre::smtp::{ConnectionReuseParameters, SmtpTransportBuilder}; +use lettre::smtp::authentication::{Credentials, Mechanism}; +use lettre_email::EmailBuilder; + +use MailConfig; + +fn mailer(config: &MailConfig) -> SmtpTransport { + let client_security = if config.smtp_ssl { + let mut tls_builder = TlsConnector::builder().unwrap(); + tls_builder.supported_protocols(&[ + Protocol::Tlsv10, Protocol::Tlsv11, Protocol::Tlsv12 + ]).unwrap(); + + ClientSecurity::Required( + ClientTlsParameters::new(config.smtp_host.to_owned(), tls_builder.build().unwrap()) + ) + } else { + ClientSecurity::None + }; + + SmtpTransportBuilder::new((config.smtp_host.to_owned().as_str(), config.smtp_port), client_security) + .unwrap() + .credentials(Credentials::new(config.smtp_username.to_owned(), config.smtp_password.to_owned())) + .authentication_mechanism(Mechanism::Login) + .smtp_utf8(true) + .connection_reuse(ConnectionReuseParameters::ReuseUnlimited) + .build() +} + +pub fn send_password_hint(address: &str, hint: &str, config: &MailConfig) -> Result<(), String> { + let email = EmailBuilder::new() + .to(address) + .from((config.smtp_from.to_owned(), "Bitwarden-rs")) + .subject("Your Master Password Hint") + .body(hint) + .build().unwrap(); + + match mailer(config).send(&email) { + Ok(_) => Ok(()), + Err(e) => Err(e.description().to_string()), + } +} + diff --git a/src/main.rs b/src/main.rs @@ -26,6 +26,9 @@ extern crate lazy_static; #[macro_use] extern crate num_derive; extern crate num_traits; +extern crate lettre; +extern crate lettre_email; +extern crate native_tls; use std::{env, path::Path, process::{exit, Command}}; use rocket::Rocket; @@ -37,6 +40,7 @@ mod api; mod db; mod crypto; mod auth; +mod mail; fn init_rocket() -> Rocket { rocket::ignite() @@ -155,10 +159,10 @@ lazy_static! { #[derive(Debug)] pub struct MailConfig { - reply_to_email: Option<String>, smtp_host: String, smtp_port: u16, smtp_ssl: bool, + smtp_from: String, smtp_username: String, smtp_password: String, } @@ -172,22 +176,23 @@ impl MailConfig { return None } - let smtp_ssl = util::parse_option_string(env::var("SMTP_SSL").ok()).unwrap_or(false); + let smtp_ssl = util::parse_option_string(env::var("SMTP_SSL").ok()).unwrap_or(true); let smtp_port = util::parse_option_string(env::var("SMTP_PORT").ok()) .unwrap_or_else(|| { if smtp_ssl { - 465u16 + 587u16 } else { 25u16 } }); Some(MailConfig { - reply_to_email: util::parse_option_string(env::var("REPLY_TO_EMAIL").ok()), smtp_host: smtp_host.unwrap(), smtp_port: smtp_port, smtp_ssl: smtp_ssl, - // If username or password is not specified, and SMTP support seems to be wanted, + smtp_from: util::parse_option_string(env::var("SMTP_FROM").ok()) + .unwrap_or("bitwarden@localhost".to_string()), + // If username or password is not specified and SMTP support seems to be wanted, // don't let the app start: the configuration is clearly incomplete. smtp_username: util::parse_option_string(env::var("SMTP_USERNAME").ok()) .unwrap_or_else(|| {