search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.12k stars 5.49k forks source link

Gsuite smtp oauth #10340

Closed cromerc closed 2 years ago

cromerc commented 4 years ago

Description

I use gsuite from google to send emails from my gitea server. This is done through what google calls an SMTP relay. However a problem will be coming up in the future to continue using it since they will start blocking access using only username and password, they will require the use of oauth2.

Right now my config for email looks like this: ENABLED = true MAILER_TYPE = smtp HOST = smtp-relay.gmail.com:465 FROM = gitea@mydomain.com USER = myusername@mydomain.com PASSWD = mypassword HELO_HOSTNAME = mydomain.com IS_TLS_ENABLED = true

This is what I received in an email from google:

June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so.
This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP.
Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts.

So in June nobody will be able to use gmail server with gitea except for those people that were already using it before that date. Then in February of 2021 it will stop working for everyone including myself.

I don't know why, but it already effected me now, for some reason LSA was disabled automatically on my account and all emails from gitea were failing to be sent. I re-enabled LSA for now, but that is only a temporary solution.

To get around this problem oauth2 support will have to be added. I don't know if this is the right page, but here is some info on oauth2 with smtp from google: https://developers.google.com/gmail/imap/xoauth2-protocol

lafriks commented 4 years ago

Why not just use Google oauth2 for login?

cromerc commented 4 years ago

I do use google oauth2 for login, that is unrelated to this problem. This is about the emails sent by the gitea service through google smtp server, not about login.

lafriks commented 4 years ago

Oh, ok, sorry, misunderstood issue

techknowlogick commented 4 years ago

Our built in mail library may not support oauth2, however with @zeripath's mail refactoring we may be able to add another type of mail provider using https://godoc.org/google.golang.org/api/gmail/v1 (see https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample#L631 for more details about alternative mail providers).

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

twisted-nematic57 commented 2 years ago

Not stale we need this