[ISSUE] Web Modeler SMTP server cannot be used without authentication if TLS is enabled

[jfriedenstab]

Describe the issue: The SMTP server configured for Web Modeler cannot be used without username/password authentication if TLS is enabled for the SMTP connection.

Actual behavior: The mail.smtp.auth property in the restapi configuration – which will enable the SMTP authentication – is always set to the same value as webModeler.restapi.mail.smtpTlsEnabled, even if webModeler.restapi.mail.smtpUser and webModeler.restapi.mail.smtpPassword are not provided.

Expected behavior: The mail.smtp.auth property should not depend on webModeler.restapi.mail.smtpTlsEnabled, but should be set independently – either by:

• setting it to true implicitly if webModeler.restapi.mail.smtpUser is provided and false otherwise
• introducing a new boolean property like webModeler.restapi.mail.smtpAuthEnabled that can be used to explicitly enable or disable the authentication

How to reproduce:

• Use an SMTP server that does not require username/password authentication
• Configure that server for Web Modeler with the values under webModeler.restapi.mail.*:

  webModeler:
  restapi:
    mail:
      smtpHost: "smtp.example.com"
      smtpPort: 587
      smtpUser: ""
      smtpPassword: ""
      smtpTlsEnabled: true

• Install Web Modeler using the Helm chart
• Try to send an email from Web Modeler (e.g. by sending a diagram share link)

Logs: You'll see the following message in the restapi logs:

DEBUG SMTP: need username and password for authentication

Additional Context As a workaround, you can disable the SMTP authentication by providing the following environment variable to the restapi component:

webModeler:
  restapi:
    env:
      - name: SPRING_APPLICATION_JSON
        value: '{"spring": {"mail": {"properties": {"mail.smtp.auth": false}}}}'

### Tasks
- [ ] https://github.com/camunda/camunda-platform-helm/pull/2245

[hamza-m-masood]

@jfriedenstab I assume this change should only be implemented in 8.5 and future 8.6 release. This will not get backported. Is that fine with you or would like this backported as well?

[hamza-m-masood]

I contemplated whether webModeler.restapi.mail.smtpAuthEnabled would be a good addition to the values.yaml I decided not to go with this value because it would lead to a little confusion. The customer would have to set this value to true and also set the username and password. It's an unnecessary extra step.

[jfriedenstab]

Thanks for picking this up, @hamza-m-masood! 👍🏻

I assume this change should only be implemented in 8.5 and future 8.6 release. This will not get backported. Is that fine with you or would like this backported as well?

Yes, it's fine. I don't think the fix needs to be backported (also given that there's a workaround available).