Closed haitzlm closed 2 months ago
@scherztc when you get a chance, deploy this to libappstest and verify sending a password reset email works.
I deployed this branch to libappstest and attempted to sign up a new user. I got the following error :
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:25 state=error: certificate verify failed (Hostname mismatch)):
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6]
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/mailers/new_user_signup_mailer.rb:15:in block in new_user_signup_mail' [d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/mailers/new_user_signup_mailer.rb:13:in
new_user_signup_mail'
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/models/user.rb:28:in `send_admin_mail'
@haitzlm : HOLD on this Review. This doesn't do it securely. Let me try again.
Update this PR to use these settings for config/environments/production.rb. I followed the model from the Treatment Database.
# Configure Mailers
config.action_mailer.perform_caching = false
config.action_mailer.default_options = { from: 'uclappdev@uc.edu' }
# Store the base url from where request is received.
config.action_mailer.default_url_options = { host: ENV.fetch('APP_PORTFOLIO_PRODUCTION_MAILER_URL', nil), protocol: 'https' }
config.action_mailer.delivery_method = :smtp
# updated for tls and sendmail
config.action_mailer.smtp_settings = {
enable_starttls_auto: false,
}
I tested these on libappstest.libraries.uc.edu and was able to send mail.
Also, rebase this PR from the qa branch.
git checkout qa git pull git checkout update-mailer git rebase qa
Here is the secure configuration that works on libappstest and libapps.
config.action_mailer.default_url_options = { host: ENV['APP_PORTFOLIO_PRODUCTION_MAILER_URL'] }
config.mailer_from = 'uclappdev@uc.edu'
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
# 'address' specifies the address of the server that will handle email sending.
address: ENV['MAIL_SMTP_ADDRESS'],
# 'port' specifies which port to use on the SMTP server.
# Port 25 is the default port for SMTP servers like Postfix.
enable_starttls_auto: true,
port: 25,
# 'ca_file' is the path to the certificate authority file.
# In our case, it's a self-signed certificate. This tells Rails to trust this specific certificate.
ca_file: '/etc/ssl/certs/sendmail.pem'
}
We will also need to a value to the .env.production file for
MAIL_SMTP_ADDRESS='libappstest.libraries.uc.edu'
I can work with you to get all of this into the PR and rebase.
@haitzlm : I added a commit to account for the missing environment variables, the rexml vulnerability, and sendmail configuration settings. I pushed this branch up to libappstest.libraries.uc.edu and test the mailer by creating a new user. It successfully sent an e-mail. Since we both worked on the code and tested it on qa, I am okay with either of us merging this.
Thomas, what do you need me to do here?
fixes #344 - updated to send mail securely