[NXP-24884] Email notification service must support encrypted parameters - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 9.10, 10.1
Fix Version/s: 9.10-HF07, 10.2
Component/s: Core, Notifications

Release Notes Summary:
The support for encrypted parameters is added to the notification service.
Tags:
- SupCom
- nxfit
Backlog priority:
800
Sprint:
nxfit 10.2.4
Story Points:
3

Description

Working scenario (authenticated SMTP traffic but unencrypted parameter mail.transport.password)

install nuxeo

add the following parameters to nuxeo.conf:

mail.transport.port=2525
mail.transport.user=toto
mail.transport.password=password
mail.transport.auth=true

uncomment the following line in nuxeo.conf to allow debugging

JAVA_OPTS=$JAVA_OPTS -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n

start the server

start a python debug server on port 2525:

sudo python -m smtpd -n -c DebuggingServer localhost:2525

login as Administrator
create a workspace
create a document in the workspace
go the Administration tab
start a debugging session in your preferred IDE
set a breakpoint in EmailHelper on this line:
https://github.com/nuxeo/nuxeo/blob/release-9.10-HF05/nuxeo-features/nuxeo-platform-notification/nuxeo-platform-notification-core/src/main/java/org/nuxeo/ecm/platform/ec/notification/email/EmailHelper.java#L111
in the Notifications sub-tab register the Administrator user on New comment event.
the breakpoint should be enabled right after
in the variables, check the content of session.authenticator.properties and observe:
```
mail.smtp.password=password
```
stop the debugging session
stop the server

Non-working scenario (authenticated SMTP traffic but encrypted parameter mail.transport.password)

encrypt the password with the following commands:

nuxeoctl config server.crypt.secretkey --set -q
nuxeoctl config mail.transport.password --encrypt --set -q

when prompted set the password as password
to double-check the encrypted password is decryptable use the following:
```
nuxeoctl decrypt 'encryption string'
```
start the server
login as Administrator
create a document in the workspace
go the Administration tab
start a debugging session in your preferred IDE
set a breakpoint in EmailHelper on this line:
https://github.com/nuxeo/nuxeo/blob/release-9.10-HF05/nuxeo-features/nuxeo-platform-notification/nuxeo-platform-notification-core/src/main/java/org/nuxeo/ecm/platform/ec/notification/email/EmailHelper.java#L111
in the Notifications sub-tab register the Administrator user on New comment event.
the breakpoint should be enabled right after
in the variables, check the content of session.authenticator.properties and observe:
```
mail.smtp.password=${mail.transport.password}
```

Impact: this prevents using authentication to a mail server. It works fine when not encrypting the parameter. For instance, this means notifications cannot be sent in this case.

Expected behavior: the parameter should be correctly decrypted.

Attachments

Issue Links

is related to

NXP-16918 nuxeo.conf password encryption

Resolved

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Frantz Fischer

Participants:

Antoine Taillefer, Frantz Fischer, Jenkins

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2018-04-19 13:01

Updated:

2018-05-04 16:11

Resolved:

2018-05-03 12:58

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1d 3h