# Copyright 2015-2016 OpenMarket Ltd # Copyright 2017-2018 New Vector Ltd # Copyright 2019 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file can't be called email.py because if it is, we cannot: import email.utils import os from enum import Enum from typing import Optional import attr from ._base import Config, ConfigError MISSING_PASSWORD_RESET_CONFIG_ERROR = """\ Password reset emails are enabled on this homeserver due to a partial 'email' block. However, the following required keys are missing: %s """ DEFAULT_SUBJECTS = { "message_from_person_in_room": "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room...", "message_from_person": "[%(app)s] You have a message on %(app)s from %(person)s...", "messages_from_person": "[%(app)s] You have messages on %(app)s from %(person)s...", "messages_in_room": "[%(app)s] You have messages on %(app)s in the %(room)s room...", "messages_in_room_and_others": "[%(app)s] You have messages on %(app)s in the %(room)s room and others...", "messages_from_person_and_others": "[%(app)s] You have messages on %(app)s from %(person)s and others...", "invite_from_person": "[%(app)s] %(person)s has invited you to chat on %(app)s...", "invite_from_person_to_room": "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s...", "password_reset": "[%(server_name)s] Password reset", "email_validation": "[%(server_name)s] Validate your email", } @attr.s class EmailSubjectConfig: message_from_person_in_room = attr.ib(type=str) message_from_person = attr.ib(type=str) messages_from_person = attr.ib(type=str) messages_in_room = attr.ib(type=str) messages_in_room_and_others = attr.ib(type=str) messages_from_person_and_others = attr.ib(type=str) invite_from_person = attr.ib(type=str) invite_from_person_to_room = attr.ib(type=str) password_reset = attr.ib(type=str) email_validation = attr.ib(type=str) class EmailConfig(Config): section = "email" def read_config(self, config, **kwargs): # TODO: We should separate better the email configuration from the notification # and account validity config. self.email_enable_notifs = False email_config = config.get("email") if email_config is None: email_config = {} self.email_smtp_host = email_config.get("smtp_host", "localhost") self.email_smtp_port = email_config.get("smtp_port", 25) self.email_smtp_user = email_config.get("smtp_user", None) self.email_smtp_pass = email_config.get("smtp_pass", None) self.require_transport_security = email_config.get( "require_transport_security", False ) if "app_name" in email_config: self.email_app_name = email_config["app_name"] else: self.email_app_name = "Matrix" # TODO: Rename notif_from to something more generic, or have a separate # from for password resets, message notifications, etc? # Currently the email section is a bit bogged down with settings for # multiple functions. Would be good to split it out into separate # sections and only put the common ones under email: self.email_notif_from = email_config.get("notif_from", None) if self.email_notif_from is not None: # make sure it's valid parsed = email.utils.parseaddr(self.email_notif_from) if parsed[1] == "": raise RuntimeError("Invalid notif_from address") # A user-configurable template directory template_dir = email_config.get("template_dir") if isinstance(template_dir, str): # We need an absolute path, because we change directory after starting (and # we don't yet know what auxiliary templates like mail.css we will need). template_dir = os.path.abspath(template_dir) elif template_dir is not None: # If template_dir is something other than a str or None, warn the user raise ConfigError("Config option email.template_dir must be type str") self.email_enable_notifs = email_config.get("enable_notifs", False) self.threepid_behaviour_email = ( # Have Synapse handle the email sending if account_threepid_delegates.email # is not defined # msisdn is currently always remote while Synapse does not support any method of # sending SMS messages ThreepidBehaviour.REMOTE if self.account_threepid_delegate_email else ThreepidBehaviour.LOCAL ) # Prior to Synapse v1.4.0, there was another option that defined whether Synapse would # use an identity server to password reset tokens on its behalf. We now warn the user # if they have this set and tell them to use the updated option, while using a default # identity server in the process. self.using_identity_server_from_trusted_list = False if ( not self.account_threepid_delegate_email and config.get("trust_identity_server_for_password_resets", False) is True ): # Use the first entry in self.trusted_third_party_id_servers instead if self.trusted_third_party_id_servers: # XXX: It's a little confusing that account_threepid_delegate_email is modified # both in RegistrationConfig and here. We should factor this bit out first_trusted_identity_server = self.trusted_third_party_id_servers[0] # trusted_third_party_id_servers does not contain a scheme whereas # account_threepid_delegate_email is expected to. Presume https self.account_threepid_delegate_email: Optional[str] = ( "https://" + first_trusted_identity_server ) self.using_identity_server_from_trusted_list = True else: raise ConfigError( "Attempted to use an identity server from" '"trusted_third_party_id_servers" but it is empty.' ) self.local_threepid_handling_disabled_due_to_email_config = False if ( self.threepid_behaviour_email == ThreepidBehaviour.LOCAL and email_config == {} ): # We cannot warn the user this has happened here # Instead do so when a user attempts to reset their password self.local_threepid_handling_disabled_due_to_email_config = True self.threepid_behaviour_email = ThreepidBehaviour.OFF # Get lifetime of a validation token in milliseconds self.email_validation_token_lifetime = self.parse_duration( email_config.get("validation_token_lifetime", "1h") ) if self.threepid_behaviour_email == ThreepidBehaviour.LOCAL: missing = [] if not self.email_notif_from: missing.append("email.notif_from") # public_baseurl is required to build password reset and validation links that # will be emailed to users if config.get("public_baseurl") is None: missing.append("public_baseurl") if missing: raise ConfigError( MISSING_PASSWORD_RESET_CONFIG_ERROR % (", ".join(missing),) ) # These email templates have placeholders in them, and thus must be # parsed using a templating engine during a request password_reset_template_html = email_config.get( "password_reset_template_html", "password_reset.html" ) password_reset_template_text = email_config.get( "password_reset_template_text", "password_reset.txt" ) registration_template_html = email_config.get( "registration_template_html", "registration.html" ) registration_template_text = email_config.get( "registration_template_text", "registration.txt" ) add_threepid_template_html = email_config.get( "add_threepid_template_html", "add_threepid.html" ) add_threepid_template_text = email_config.get( "add_threepid_template_text", "add_threepid.txt" ) password_reset_template_failure_html = email_config.get( "password_reset_template_failure_html", "password_reset_failure.html" ) registration_template_failure_html = email_config.get( "registration_template_failure_html", "registration_failure.html" ) add_threepid_template_failure_html = email_config.get( "add_threepid_template_failure_html", "add_threepid_failure.html" ) # These templates do not support any placeholder variables, so we # will read them from disk once during setup password_reset_template_success_html = email_config.get( "password_reset_template_success_html", "password_reset_success.html" ) registration_template_success_html = email_config.get( "registration_template_success_html", "registration_success.html" ) add_threepid_template_success_html = email_config.get( "add_threepid_template_success_html", "add_threepid_success.html" ) # Read all templates from disk ( self.email_password_reset_template_html, self.email_password_reset_template_text, self.email_registration_template_html, self.email_registration_template_text, self.email_add_threepid_template_html, self.email_add_threepid_template_text, self.email_password_reset_template_confirmation_html, self.email_password_reset_template_failure_html, self.email_registration_template_failure_html, self.email_add_threepid_template_failure_html, password_reset_template_success_html_template, registration_template_success_html_template, add_threepid_template_success_html_template, ) = self.read_templates( [ password_reset_template_html, password_reset_template_text, registration_template_html, registration_template_text, add_threepid_template_html, add_threepid_template_text, "password_reset_confirmation.html", password_reset_template_failure_html, registration_template_failure_html, add_threepid_template_failure_html, password_reset_template_success_html, registration_template_success_html, add_threepid_template_success_html, ], template_dir, ) # Render templates that do not contain any placeholders self.email_password_reset_template_success_html_content = ( password_reset_template_success_html_template.render() ) self.email_registration_template_success_html_content = ( registration_template_success_html_template.render() ) self.email_add_threepid_template_success_html_content = ( add_threepid_template_success_html_template.render() ) if self.email_enable_notifs: missing = [] if not self.email_notif_from: missing.append("email.notif_from") if config.get("public_baseurl") is None: missing.append("public_baseurl") if missing: raise ConfigError( "email.enable_notifs is True but required keys are missing: %s" % (", ".join(missing),) ) notif_template_html = email_config.get( "notif_template_html", "notif_mail.html" ) notif_template_text = email_config.get( "notif_template_text", "notif_mail.txt" ) ( self.email_notif_template_html, self.email_notif_template_text, ) = self.read_templates( [notif_template_html, notif_template_text], template_dir, ) self.email_notif_for_new_users = email_config.get( "notif_for_new_users", True ) self.email_riot_base_url = email_config.get( "client_base_url", email_config.get("riot_base_url", None) ) if self.account_validity_renew_by_email_enabled: expiry_template_html = email_config.get( "expiry_template_html", "notice_expiry.html" ) expiry_template_text = email_config.get( "expiry_template_text", "notice_expiry.txt" ) ( self.account_validity_template_html, self.account_validity_template_text, ) = self.read_templates( [expiry_template_html, expiry_template_text], template_dir, ) subjects_config = email_config.get("subjects", {}) subjects = {} for key, default in DEFAULT_SUBJECTS.items(): subjects[key] = subjects_config.get(key, default) self.email_subjects = EmailSubjectConfig(**subjects) # The invite client location should be a HTTP(S) URL or None. self.invite_client_location = email_config.get("invite_client_location") or None if self.invite_client_location: if not isinstance(self.invite_client_location, str): raise ConfigError( "Config option email.invite_client_location must be type str" ) if not ( self.invite_client_location.startswith("http://") or self.invite_client_location.startswith("https://") ): raise ConfigError( "Config option email.invite_client_location must be a http or https URL", path=("email", "invite_client_location"), ) def generate_config_section(self, config_dir_path, server_name, **kwargs): return ( """\ # Configuration for sending emails from Synapse. # email: # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # #smtp_host: mail.server # The port on the mail server for outgoing SMTP. Defaults to 25. # #smtp_port: 587 # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # #smtp_user: "exampleusername" #smtp_pass: "examplepassword" # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to # TLS via STARTTLS *if the SMTP server supports it*. If this option is set, # Synapse will refuse to connect unless the server supports STARTTLS. # #require_transport_security: true # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. # # The placeholder '%%(app)s' will be replaced by the application name, # which is normally 'app_name' (below), but may be overridden by the # Matrix client application. # # Note that the placeholder must be written '%%(app)s', including the # trailing 's'. # #notif_from: "Your Friendly %%(app)s homeserver <noreply@example.com>" # app_name defines the default value for '%%(app)s' in notif_from and email # subjects. It defaults to 'Matrix'. # #app_name: my_branded_matrix_server # Uncomment the following to enable sending emails for messages that the user # has missed. Disabled by default. # #enable_notifs: true # Uncomment the following to disable automatic subscription to email # notifications for new users. Enabled by default. # #notif_for_new_users: false # Custom URL for client links within the email notifications. By default # links will be based on "https://matrix.to". # # (This setting used to be called riot_base_url; the old name is still # supported for backwards-compatibility but is now deprecated.) # #client_base_url: "http://localhost/riot" # Configure the time that a validation email will expire after sending. # Defaults to 1h. # #validation_token_lifetime: 15m # The web client location to direct users to during an invite. This is passed # to the identity server as the org.matrix.web_client_location key. Defaults # to unset, giving no guidance to the identity server. # #invite_client_location: https://app.element.io # Directory in which Synapse will try to find the template files below. # If not set, or the files named below are not found within the template # directory, default templates from within the Synapse package will be used. # # Synapse will look for the following templates in this directory: # # * The contents of email notifications of missed events: 'notif_mail.html' and # 'notif_mail.txt'. # # * The contents of account expiry notice emails: 'notice_expiry.html' and # 'notice_expiry.txt'. # # * The contents of password reset emails sent by the homeserver: # 'password_reset.html' and 'password_reset.txt' # # * An HTML page that a user will see when they follow the link in the password # reset email. The user will be asked to confirm the action before their # password is reset: 'password_reset_confirmation.html' # # * HTML pages for success and failure that a user will see when they confirm # the password reset flow using the page above: 'password_reset_success.html' # and 'password_reset_failure.html' # # * The contents of address verification emails sent during registration: # 'registration.html' and 'registration.txt' # # * HTML pages for success and failure that a user will see when they follow # the link in an address verification email sent during registration: # 'registration_success.html' and 'registration_failure.html' # # * The contents of address verification emails sent when an address is added # to a Matrix account: 'add_threepid.html' and 'add_threepid.txt' # # * HTML pages for success and failure that a user will see when they follow # the link in an address verification email sent when an address is added # to a Matrix account: 'add_threepid_success.html' and # 'add_threepid_failure.html' # # You can see the default templates at: # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # #template_dir: "res/templates" # Subjects to use when sending emails from Synapse. # # The placeholder '%%(app)s' will be replaced with the value of the 'app_name' # setting above, or by a value dictated by the Matrix client application. # # If a subject isn't overridden in this configuration file, the value used as # its example will be used. # #subjects: # Subjects for notification emails. # # On top of the '%%(app)s' placeholder, these can use the following # placeholders: # # * '%%(person)s', which will be replaced by the display name of the user(s) # that sent the message(s), e.g. "Alice and Bob". # * '%%(room)s', which will be replaced by the name of the room the # message(s) have been sent to, e.g. "My super room". # # See the example provided for each setting to see which placeholder can be # used and how to use them. # # Subject to use to notify about one message from one or more user(s) in a # room which has a name. #message_from_person_in_room: "%(message_from_person_in_room)s" # # Subject to use to notify about one message from one or more user(s) in a # room which doesn't have a name. #message_from_person: "%(message_from_person)s" # # Subject to use to notify about multiple messages from one or more users in # a room which doesn't have a name. #messages_from_person: "%(messages_from_person)s" # # Subject to use to notify about multiple messages in a room which has a # name. #messages_in_room: "%(messages_in_room)s" # # Subject to use to notify about multiple messages in multiple rooms. #messages_in_room_and_others: "%(messages_in_room_and_others)s" # # Subject to use to notify about multiple messages from multiple persons in # multiple rooms. This is similar to the setting above except it's used when # the room in which the notification was triggered has no name. #messages_from_person_and_others: "%(messages_from_person_and_others)s" # # Subject to use to notify about an invite to a room which has a name. #invite_from_person_to_room: "%(invite_from_person_to_room)s" # # Subject to use to notify about an invite to a room which doesn't have a # name. #invite_from_person: "%(invite_from_person)s" # Subject for emails related to account administration. # # On top of the '%%(app)s' placeholder, these one can use the # '%%(server_name)s' placeholder, which will be replaced by the value of the # 'server_name' setting in your Synapse configuration. # # Subject to use when sending a password reset email. #password_reset: "%(password_reset)s" # # Subject to use when sending a verification email to assert an address's # ownership. #email_validation: "%(email_validation)s" """ % DEFAULT_SUBJECTS ) class ThreepidBehaviour(Enum): """ Enum to define the behaviour of Synapse with regards to when it contacts an identity server for 3pid registration and password resets REMOTE = use an external server to send tokens LOCAL = send tokens ourselves OFF = disable registration via 3pid and password resets """ REMOTE = "remote" LOCAL = "local" OFF = "off"