From 282b788258ae6f3699cd82a751aeda182fd8cc3d Mon Sep 17 00:00:00 2001 From: DarkSky Date: Wed, 13 Mar 2024 10:07:18 +0000 Subject: [PATCH] fix: allow empty mailer password (#6066) fix #6046 smtp relay may allow empty password, although this is usually not safe --- .../server/src/fundamentals/mailer/index.ts | 2 +- .../server/src/fundamentals/mailer/mailer.ts | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/packages/backend/server/src/fundamentals/mailer/index.ts b/packages/backend/server/src/fundamentals/mailer/index.ts index b91a7a8fb4..d6412fa381 100644 --- a/packages/backend/server/src/fundamentals/mailer/index.ts +++ b/packages/backend/server/src/fundamentals/mailer/index.ts @@ -8,7 +8,7 @@ import { MAILER } from './mailer'; @OptionalModule({ providers: [MAILER], exports: [MAILER], - requires: ['mailer.auth.user', 'mailer.auth.pass'], + requires: ['mailer.auth.user'], }) class MailerModule {} diff --git a/packages/backend/server/src/fundamentals/mailer/mailer.ts b/packages/backend/server/src/fundamentals/mailer/mailer.ts index 1f8affac2b..eed4a4f4d9 100644 --- a/packages/backend/server/src/fundamentals/mailer/mailer.ts +++ b/packages/backend/server/src/fundamentals/mailer/mailer.ts @@ -1,4 +1,4 @@ -import { FactoryProvider } from '@nestjs/common'; +import { FactoryProvider, Logger } from '@nestjs/common'; import { createTransport, Transporter } from 'nodemailer'; import SMTPTransport from 'nodemailer/lib/smtp-transport'; @@ -15,7 +15,19 @@ export const MAILER: FactoryProvider< > = { provide: MAILER_SERVICE, useFactory: (config: Config) => { - return config.mailer ? createTransport(config.mailer) : undefined; + if (config.mailer) { + const logger = new Logger('Mailer'); + const auth = config.mailer.auth; + if (auth && auth.user && !('pass' in auth)) { + logger.warn( + 'Mailer service has not configured password, please make sure your mailer service allow empty password.' + ); + } + + return createTransport(config.mailer); + } else { + return undefined; + } }, inject: [Config], };