Broken email function (for registration and password reset)

[mreid-tt]

Currently, when a new administrator is registered or the reset password function is triggered an email should be sent to the user to confirm the account creation/modification. At present it appears that the mail function is broken and the following is seen:

In testing this in a dev environment, I also see the following log entries:

ConnectionRefusedError: [Errno 111] Connection refused

[mreid-tt]

@publicarray @Diaoul, any thoughts on the above?

EDIT: I was looking at the app initialisation and we seem to be loading all the environment variables from SPKREPO_CONFIG. Do we know if the mail configurations are still valid? Anyone with access to the logs to see more details on the above failure?

[Diaoul]

Probably that's the issue indeed 😬
Can't look at the logs before the weekend though 😢

[mreid-tt]

Probably that's the issue indeed 😬 Can't look at the logs before the weekend though 😢

Hopefully you are able to find something. Happy to assist.

[mreid-tt]

@publicarray @Diaoul, any progress on the above?

[publicarray]

@Diaoul I hope you don't mind I have uploaded the config file, don't worry I made sure that there weren't any secrets in it,

@mreid-tt I don't see any SMTP or similar configuration being set besides the from address. I think we don't need to send emails besides maybe a password reset. Unfortunately I also think with so many bots out there that we may get false password resets as well.

https://github.com/SynoCommunity/kb/blob/main/docker-config.py#L26

[mreid-tt]

@mreid-tt I don't see any SMTP or similar configuration being set besides the from address. I think we don't need to send emails besides maybe a password reset. Unfortunately I also think with so many bots out there that we may get false password resets as well.

Thanks for looking into this. From what I can tell the setup looks well structured. According to Flask-Security, we have the SECURITY_EMAIL_SENDER set which sets the MAIL_DEFAULT_SENDER. I believe the other configurations which may need to be set are:

From the Configuring Flask-Mail docs:

MAIL_SERVER : default ‘localhost’
MAIL_PORT : default 25
MAIL_USE_TLS : default False
MAIL_USE_SSL : default False
MAIL_USERNAME : default None
MAIL_PASSWORD : default None

So as it is, unless we are running a local mail server on 'localhost' with no security, we won't be able to send emails. For our particular config, this would depend on our email provider. Based on a lookup of the MX records for 'synocommunity.com' we seem to be using OVHcloud. Thus a sample config may look like this:

# Mail Config
MAIL_SERVER = ssl0.ovh.net
MAIL_PORT = 465
MAIL_USE_TLS = False
MAIL_USE_SSL = True
MAIL_USERNAME = [full email address of sending mailbox]
MAIL_PASSWORD = [password of sending mailbox]

We should be able to use our existing methods of abstracting these values to functions rather than hardcoding in the config file if preferred.

@publicarray, I've sent you a note on Discord related to this.

EDIT: Simplified the required config above.

[mreid-tt]

Further to my initial research, I was able to test this in my demo environment successfully. I used a simple test Gmail account and was able to receive registration and password reset emails. Gmail requires two-step verification enabled on the account and a specific app password for the service (see: How to Use Your Gmail Account as Your Email Sender via SMTP).

Once that initial setup was done I just added the following to my config.py:

# Mail Config
MAIL_SERVER = "smtp.gmail.com"
MAIL_PORT = 465
MAIL_USE_TLS = False
MAIL_USE_SSL = True
MAIL_USERNAME = "********@gmail.com"
MAIL_PASSWORD = "****************"

Everything else just worked after that. As such, it should be an easy fix once we have our correct settings from our email provider verified.