search

louislam / uptime-kuma

A fancy self-hosted monitoring tool
https://uptime.kuma.pet
MIT License
60.22k stars 5.38k forks source link

[smtp] Office 365 authentication #1713

Open Drynael opened 2 years ago

Drynael commented 2 years ago

⚠️ Please verify that this bug has NOT been raised before.

πŸ›‘οΈ Security Policy

Description

Upon creating a Mail Notification and using Office 365 i run in following Error:

Error: Invalid login: 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [AM6P193CA0093.EURP193.PROD.OUTLOOK.COM] at SMTPConnection._formatError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:784:19) at SMTPConnection._actionAUTHComplete (/app/node_modules/nodemailer/lib/smtp-connection/index.js:1536:34) at SMTPConnection.<anonymous> (/app/node_modules/nodemailer/lib/smtp-connection/index.js:1490:18) at SMTPConnection._processResponse (/app/node_modules/nodemailer/lib/smtp-connection/index.js:947:20) at SMTPConnection._onData (/app/node_modules/nodemailer/lib/smtp-connection/index.js:749:14) at TLSSocket.SMTPConnection._onSocketData (/app/node_modules/nodemailer/lib/smtp-connection/index.js:189:44) at TLSSocket.emit (node:events:527:28) at addChunk (node:internal/streams/readable:315:12) at readableAddChunk (node:internal/streams/readable:289:9) at TLSSocket.Readable.push (node:internal/streams/readable:228:10) { code: 'EAUTH', response: '535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [AM6P193CA0093.EURP193.PROD.OUTLOOK.COM]', responseCode: 535, command: 'AUTH LOGIN' }

image

πŸ‘Ÿ Reproduction steps

Create New Notification Enter Office 365 Credentials Test

πŸ‘€ Expected behavior

Sending a E-Mail

πŸ˜“ Actual Behavior

Runs in an authentication error

🐻 Uptime-Kuma Version

1.16.1

πŸ’» Operating System and Arch

linux x86_64 Debian GNU/Linux 11 (bullseye)

🌐 Browser

Google Chrome Version 102.0.5005.62

πŸ‹ Docker Version

20.10.12 (API: 1.41)

🟩 NodeJS Version

No response

πŸ“ Relevant log output

Error: Invalid login: 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [AM6P193CA0093.EURP193.PROD.OUTLOOK.COM]
    at SMTPConnection._formatError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:784:19)
    at SMTPConnection._actionAUTHComplete (/app/node_modules/nodemailer/lib/smtp-connection/index.js:1536:34)
    at SMTPConnection.<anonymous> (/app/node_modules/nodemailer/lib/smtp-connection/index.js:1490:18)
    at SMTPConnection._processResponse (/app/node_modules/nodemailer/lib/smtp-connection/index.js:947:20)
    at SMTPConnection._onData (/app/node_modules/nodemailer/lib/smtp-connection/index.js:749:14)
    at TLSSocket.SMTPConnection._onSocketData (/app/node_modules/nodemailer/lib/smtp-connection/index.js:189:44)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10) {
  code: 'EAUTH',
  response: '535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [AM6P193CA0093.EURP193.PROD.OUTLOOK.COM]',
  responseCode: 535,
  command: 'AUTH LOGIN'
}
Computroniks commented 2 years ago

Not sure if this is a uptime kuma issue or a office 365 one. Here are some support pages talking about some of these issues https://docs.microsoft.com/en-us/answers/questions/512954/535-57139-authentication-unsuccessful.html https://wordpress.org/support/topic/office-365-could-not-authenticate-your-smtp-account-4/ https://laserproducts.force.com/support/s/article/Email-Error-5-7-57-Client-not-authenticated-to-send-email

You might need to enable SMTP authentication in your account

Drynael commented 2 years ago

You might need to enable SMTP authentication in your account

This would only work until 1. October https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Computroniks commented 2 years ago

Ahh ok, so we would need to support a new method of authentication for microsoft email servers such as OAuth2. In which case, would it be possible to change this issue from a bug to a feature request for support for this. Anoyingly, OAuth will be more complicated to implement as it requires that we register the app with Azure Active directory. Microsoft have provided details on how to go about implementing this feature here, https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth. Due to the deadline of October 1, 2022 this should probably be fairly high priority as it will probably take a while to get the registration with Azure.

@louislam Sorry to ping you, as this requires registering with an external service, I think that that might be something that you would need to do. I could probably get the rest of it done this weekend or next weekend because I plan to finish off #1550 tomorrow (02/06/22)

Link to docs for nodemailer: https://nodemailer.com/smtp/oauth2/

louislam commented 2 years ago

Ahh ok, so we would need to support a new method of authentication for microsoft email servers such as OAuth2. In which case, would it be possible to change this issue from a bug to a feature request for support for this. Anoyingly, OAuth will be more complicated to implement as it requires that we register the app with Azure Active directory. Microsoft have provided details on how to go about implementing this feature here, https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth. Due to the deadline of October 1, 2022 this should probably be fairly high priority as it will probably take a while to get the registration with Azure.

@louislam Sorry to ping you, as this requires registering with an external service, I think that that might be something that you would need to do. I could probably get the rest of it done this weekend or next weekend because I plan to finish off #1550 tomorrow (02/06/22)

Link to docs for nodemailer: https://nodemailer.com/smtp/oauth2/

Thanks. I suggested that it could be a new notification type maybe called Office 365 SMTP OAuth. So ideally, users just need to hit the Microsoft Login button and done.

Is that mean all existing office 365 smtp with basic auth will be closed on October 1? If yes, it will be a big disaster to the world. I don't think every applications could upgrade to the oauth peacefully.

Computroniks commented 2 years ago

Well, not sure what happened to my comment. It looked like it duplicated but hadn't

Original comment(ish)

Sounds good, I will finish off the JSDoc pr today and start on this one with it being done either this weekend or next weekend hopefully

Computroniks commented 2 years ago

@louislam There doesn't actually seem to be a need for this as it is already accomodated for with Apprise. ~Instead, I will add a PR to the wiki documenting this.~ Have added a comment to #284 https://github.com/caronc/apprise/wiki/Notify_office365

louislam commented 2 years ago

@louislam There doesn't actually seem to be a need for this as it is already accomodated for with Apprise. ~Instead, I will add a PR to the wiki documenting this.~ Have added a comment to #284 https://github.com/caronc/apprise/wiki/Notify_office365

Thanks, just checked their guide, it is quite a lot of steps and difficult in order to get all IDs. I think Microsoft really make a big mistake for this, people will just quit and use other smtp providers.

Computroniks commented 2 years ago

Thanks, just checked their guide, it is quite a lot of steps and difficult in order to get all IDs. I think Microsoft really make a big mistake for this, people will just quit and use other smtp providers.

Yeah, I can understand why they did it but it does seem like a really annoying step, especially when it is so easy with gmail (only need to enable smtp auth in settings)

athornfam2 commented 1 year ago

@louislam Any work been done on this? Oauth integration

CommanderStorm commented 1 year ago

@athornfam2

Please refrain from posting +1 / requests for updates things on issues, as this makes issue-management harder. Issues are for discussing what needs to be done how by whom. We use πŸ‘πŸ» on issues to prioritise work, as always: Pull Requests welcome.

As mentioned above:

I suggested that it could be a new notification type maybe called Office 365 SMTP OAuth

PRs for Notification providers are encouraged, see https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md