allowthem-core 0.0.9

Core types, database, and auth logic for allowthem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337

//! SMTP email delivery via `lettre`.
//!
//! Composes branded HTML + plain-text with a multipart/alternative body.
//! [`SmtpTls`] distinguishes STARTTLS (port 587) from implicit TLS (port 465);
//! see plan §2.2 for the deviation from bd's `tls: bool`.
//!
//! # Example
//!
//! ```no_run
//! use allowthem_core::{SmtpEmailSender, SmtpConfig, SmtpTls, EmailBranding};
//! let sender = SmtpEmailSender::new(
//!     SmtpConfig {
//!         host: "smtp.example.com".to_owned(),
//!         port: 587,
//!         username: Some("user".to_owned()),
//!         password: Some("pass".to_owned()),
//!         from_address: "noreply@example.com".to_owned(),
//!         from_name: Some("Example".to_owned()),
//!         tls: SmtpTls::StartTls,
//!     },
//!     EmailBranding::default(),
//! ).unwrap();
//! ```

use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;

use lettre::message::{Mailbox, MultiPart, SinglePart, header::ContentType};
use lettre::transport::smtp::authentication::Credentials;
use lettre::{AsyncSmtpTransport, AsyncTransport, Message, Tokio1Executor};

use crate::email::{EmailMessage, EmailSender};
use crate::email_render::{EmailBranding, render};
use crate::error::AuthError;

/// Controls TLS mode for SMTP connections.
///
/// Use [`StartTls`](SmtpTls::StartTls) for port 587 (opportunistic STARTTLS
/// upgrade) and [`ImplicitTls`](SmtpTls::ImplicitTls) for port 465 (TLS
/// wrapper). [`None`](SmtpTls::None) is permitted only for localhost and logs
/// a warning at construction time.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum SmtpTls {
    /// No TLS. Only allowed for `localhost` / `127.0.0.1`. Logs a warning.
    None,
    /// STARTTLS upgrade (RFC 3207). Default for port 587.
    StartTls,
    /// Implicit TLS wrapper. Default for port 465.
    ImplicitTls,
}

/// Configuration for [`SmtpEmailSender`].
#[derive(Debug, Clone)]
pub struct SmtpConfig {
    pub host: String,
    pub port: u16,
    /// SMTP username. `None` means no authentication.
    pub username: Option<String>,
    /// SMTP password. Ignored when `username` is `None`.
    pub password: Option<String>,
    /// `From` envelope address (e.g. `"noreply@example.com"`).
    pub from_address: String,
    /// Optional display name for the `From` header.
    pub from_name: Option<String>,
    pub tls: SmtpTls,
}

/// SMTP email sender backed by `lettre`.
///
/// Generic over the transport so tests can inject
/// `lettre::transport::stub::AsyncStubTransport`.
pub struct SmtpEmailSender<T = AsyncSmtpTransport<Tokio1Executor>> {
    transport: T,
    from: Mailbox,
    branding: Arc<EmailBranding>,
}

impl SmtpEmailSender {
    /// Build a production sender from `config`.
    pub fn new(config: SmtpConfig, branding: EmailBranding) -> Result<Self, AuthError> {
        let is_localhost = config.host == "localhost" || config.host == "127.0.0.1";
        if config.tls == SmtpTls::None && !is_localhost {
            return Err(AuthError::Email(
                "SmtpTls::None is only allowed for localhost hosts".to_owned(),
            ));
        }
        if config.tls == SmtpTls::None {
            tracing::warn!(
                host = %config.host,
                "SmtpEmailSender: using unencrypted SMTP (dev only)"
            );
        }

        let mut builder = match config.tls {
            SmtpTls::StartTls => AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(&config.host)
                .map_err(|e| AuthError::Email(e.to_string()))?,
            SmtpTls::ImplicitTls => AsyncSmtpTransport::<Tokio1Executor>::relay(&config.host)
                .map_err(|e| AuthError::Email(e.to_string()))?,
            SmtpTls::None => AsyncSmtpTransport::<Tokio1Executor>::builder_dangerous(&config.host),
        };

        builder = builder.port(config.port);

        if let (Some(user), Some(pass)) = (config.username, config.password) {
            builder = builder.credentials(Credentials::new(user, pass));
        }

        let transport = builder.build();
        let from = build_mailbox(config.from_name, &config.from_address)?;

        Ok(Self {
            transport,
            from,
            branding: Arc::new(branding),
        })
    }
}

impl<T> SmtpEmailSender<T> {
    /// Test constructor: inject any transport.
    #[cfg(test)]
    pub fn new_with_transport(transport: T, branding: EmailBranding) -> Self {
        Self {
            transport,
            from: "Test Sender <test@example.com>"
                .parse()
                .expect("hardcoded mailbox is valid"),
            branding: Arc::new(branding),
        }
    }
}

impl<T> EmailSender for SmtpEmailSender<T>
where
    T: AsyncTransport + Send + Sync,
    T::Error: std::fmt::Display,
{
    fn send<'a>(
        &'a self,
        message: &'a EmailMessage,
    ) -> Pin<Box<dyn Future<Output = Result<(), AuthError>> + Send + 'a>> {
        Box::pin(async move {
            let rendered = render(&message.template, &self.branding);

            let to: Mailbox = message
                .to
                .parse()
                .map_err(|e: lettre::address::AddressError| AuthError::Email(e.to_string()))?;

            let email = Message::builder()
                .from(self.from.clone())
                .to(to)
                .subject(&message.subject)
                .multipart(
                    MultiPart::alternative()
                        .singlepart(
                            SinglePart::builder()
                                .header(ContentType::TEXT_PLAIN)
                                .body(rendered.text),
                        )
                        .singlepart(
                            SinglePart::builder()
                                .header(ContentType::TEXT_HTML)
                                .body(rendered.html),
                        ),
                )
                .map_err(|e| AuthError::Email(e.to_string()))?;

            self.transport
                .send(email)
                .await
                .map(|_| ())
                .map_err(|e| AuthError::Email(e.to_string()))
        })
    }
}

fn build_mailbox(name: Option<String>, address: &str) -> Result<Mailbox, AuthError> {
    let addr: lettre::Address = address
        .parse()
        .map_err(|e: lettre::address::AddressError| AuthError::Email(e.to_string()))?;
    Ok(Mailbox::new(name, addr))
}

#[cfg(test)]
mod tests {
    use lettre::transport::stub::AsyncStubTransport;

    use crate::email::EmailTemplate;

    use super::*;

    fn make_sender() -> SmtpEmailSender<AsyncStubTransport> {
        let stub = AsyncStubTransport::new_ok();
        SmtpEmailSender::new_with_transport(stub, EmailBranding::default())
    }

    fn make_sender_with_branding(branding: EmailBranding) -> SmtpEmailSender<AsyncStubTransport> {
        let stub = AsyncStubTransport::new_ok();
        SmtpEmailSender::new_with_transport(stub, branding)
    }

    fn reset_message() -> EmailMessage {
        EmailMessage {
            to: "alice@example.com".to_owned(),
            subject: "Reset your password".to_owned(),
            template: EmailTemplate::PasswordReset {
                url: "https://example.com/reset?t=abc".to_owned(),
                username: "alice".to_owned(),
            },
        }
    }

    #[tokio::test]
    async fn send_captures_message_with_correct_headers() {
        let sender = make_sender();
        sender.send(&reset_message()).await.unwrap();

        let msgs = sender.transport.messages().await;
        assert_eq!(msgs.len(), 1);
        let (envelope, raw) = &msgs[0];
        // Recipient in envelope
        let to_addrs: Vec<_> = envelope.to().iter().map(|a| a.as_ref()).collect();
        assert!(to_addrs.contains(&"alice@example.com"));
        // Both text and HTML bodies present
        assert!(raw.contains("Reset your password"));
        assert!(raw.contains("text/plain"));
        assert!(raw.contains("text/html"));
    }

    #[tokio::test]
    async fn send_includes_subject_and_rendered_url_in_body() {
        // Tightens the existing header-presence test: confirms the rendered
        // template body (URL + username) actually reaches the transport,
        // not just that *something* multipart was sent.
        let sender = make_sender();
        sender.send(&reset_message()).await.unwrap();

        let msgs = sender.transport.messages().await;
        let raw = &msgs[0].1;
        assert!(raw.contains("Subject: Reset your password"));
        // PasswordReset template renders the URL into both html and text.
        // The raw multipart message body has the URL with `=` sequences
        // possibly quoted-printable-encoded; assert on the host + path
        // segment which survives encoding.
        assert!(
            raw.contains("example.com/reset"),
            "rendered URL must reach the SMTP transport"
        );
        assert!(
            raw.contains("alice"),
            "rendered username must reach the SMTP transport"
        );
    }

    #[tokio::test]
    async fn branding_app_name_propagates_to_smtp_body() {
        // Sender-level branding (§2.4) flows through email_render into the
        // multipart body lettre hands to the transport. Operators rely on
        // this so the receiving inbox shows the configured app name.
        let branding = EmailBranding {
            app_name: "Acme Inc".to_owned(),
            logo_url: None,
            footer_line: None,
        };
        let sender = make_sender_with_branding(branding);
        sender.send(&reset_message()).await.unwrap();

        let msgs = sender.transport.messages().await;
        let raw = &msgs[0].1;
        assert!(
            raw.contains("Acme Inc"),
            "branding.app_name must appear in the rendered body sent over SMTP"
        );
    }

    #[tokio::test]
    async fn address_parse_failure_returns_email_error() {
        let sender = make_sender();
        let msg = EmailMessage {
            to: "not-an-email".to_owned(),
            subject: "Subject".to_owned(),
            template: EmailTemplate::PasswordReset {
                url: "https://example.com".to_owned(),
                username: "x".to_owned(),
            },
        };
        let err = sender.send(&msg).await.unwrap_err();
        assert!(matches!(err, AuthError::Email(_)));
    }

    #[test]
    fn tls_none_refused_for_non_localhost() {
        let cfg = SmtpConfig {
            host: "smtp.example.com".to_owned(),
            port: 25,
            username: None,
            password: None,
            from_address: "x@example.com".to_owned(),
            from_name: None,
            tls: SmtpTls::None,
        };
        let result = SmtpEmailSender::new(cfg, EmailBranding::default());
        assert!(matches!(result, Err(AuthError::Email(_))));
    }

    #[test]
    fn tls_none_allowed_for_localhost() {
        let cfg = SmtpConfig {
            host: "localhost".to_owned(),
            port: 1025,
            username: None,
            password: None,
            from_address: "x@example.com".to_owned(),
            from_name: None,
            tls: SmtpTls::None,
        };
        // Should succeed (no actual connection attempt at construction time).
        assert!(SmtpEmailSender::new(cfg, EmailBranding::default()).is_ok());
    }

    #[test]
    fn no_auth_config_succeeds() {
        // username = None, password = None — no Credentials set.
        let cfg = SmtpConfig {
            host: "localhost".to_owned(),
            port: 1025,
            username: None,
            password: None,
            from_address: "x@example.com".to_owned(),
            from_name: None,
            tls: SmtpTls::None,
        };
        assert!(SmtpEmailSender::new(cfg, EmailBranding::default()).is_ok());
    }
}