Skip to content

Commit

Permalink
fix: allow empty mailer password (#6066)
Browse files Browse the repository at this point in the history
fix #6046
smtp relay may allow empty password, although this is usually not safe
  • Loading branch information
darkskygit committed Mar 13, 2024
1 parent f2ec81b commit 282b788
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/backend/server/src/fundamentals/mailer/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import { MAILER } from './mailer';
@OptionalModule({
providers: [MAILER],
exports: [MAILER],
requires: ['mailer.auth.user', 'mailer.auth.pass'],
requires: ['mailer.auth.user'],
})
class MailerModule {}

Expand Down
16 changes: 14 additions & 2 deletions packages/backend/server/src/fundamentals/mailer/mailer.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { FactoryProvider } from '@nestjs/common';
import { FactoryProvider, Logger } from '@nestjs/common';
import { createTransport, Transporter } from 'nodemailer';
import SMTPTransport from 'nodemailer/lib/smtp-transport';

Expand All @@ -15,7 +15,19 @@ export const MAILER: FactoryProvider<
> = {
provide: MAILER_SERVICE,
useFactory: (config: Config) => {
return config.mailer ? createTransport(config.mailer) : undefined;
if (config.mailer) {
const logger = new Logger('Mailer');
const auth = config.mailer.auth;
if (auth && auth.user && !('pass' in auth)) {
logger.warn(
'Mailer service has not configured password, please make sure your mailer service allow empty password.'
);
}

return createTransport(config.mailer);
} else {
return undefined;
}
},
inject: [Config],
};

0 comments on commit 282b788

Please sign in to comment.