Added option to require TLS/STARTTLS on EstmpTransport

ssddanbrown · ssddanbrown · commit e9de8dccd76a · 2025-01-11T14:57:07.000Z
For 7.2 branch, As done before: 6.4: 0497d6e 6.0: symfony/mailer@6.0...ssddanbrown:symfony-mailer:6.0
diff --git a/README.md b/README.md
@@ -3,6 +3,10 @@ Mailer Component
 
 The Mailer component helps sending emails.
 
+Note: This is a (hopefully temporary) fork of [symfony/mailer](https://github.com/symfony/mailer) to patch in TLS
+assurance for use in BookStack. It's not advised to use this library fork for other projects.
+It only contains/patches the single branch used by BookStack.
+
 Getting Started
 ---------------
 
diff --git a/Transport/Smtp/EsmtpTransport.php b/Transport/Smtp/EsmtpTransport.php
@@ -33,6 +33,7 @@ class EsmtpTransport extends SmtpTransport
     private string $password = '';
     private array $capabilities;
     private bool $autoTls = true;
+    private bool $requireTls = false;
 
     public function __construct(string $host = 'localhost', int $port = 0, ?bool $tls = null, ?EventDispatcherInterface $dispatcher = null, ?LoggerInterface $logger = null, ?AbstractStream $stream = null, ?array $authenticators = null)
     {
@@ -62,6 +63,8 @@ public function __construct(string $host = 'localhost', int $port = 0, ?bool $tl
         }
         if (!$tls) {
             $stream->disableTls();
+        } else {
+            $this->requireTls = true;
         }
         if (0 === $port) {
             $port = $tls ? 465 : 25;
@@ -116,6 +119,20 @@ public function isAutoTls(): bool
         return $this->autoTls;
     }
 
+    /**
+     * @return $this
+     */
+    public function setTlsRequirement(bool $required): static
+    {
+        $this->requireTls = $required;
+        return $this;
+    }
+
+    public function getTlsRequirement(): bool
+    {
+        return $this->requireTls;
+    }
+
     public function setAuthenticators(array $authenticators): void
     {
         $this->authenticators = [];
@@ -159,6 +176,7 @@ private function doEhloCommand(): string
 
         /** @var SocketStream $stream */
         $stream = $this->getStream();
+        $tlsStarted = $stream->isTLS();
         // WARNING: !$stream->isTLS() is right, 100% sure :)
         // if you think that the ! should be removed, read the code again
         // if doing so "fixes" your issue then it probably means your SMTP server behaves incorrectly or is wrongly configured
@@ -169,10 +187,15 @@ private function doEhloCommand(): string
                 throw new TransportException('Unable to connect with STARTTLS.');
             }
 
+            $tlsStarted = true;
             $response = $this->executeCommand(\sprintf("EHLO %s\r\n", $this->getLocalDomain()), [250]);
             $this->capabilities = $this->parseCapabilities($response);
         }
 
+        if (!$tlsStarted && $this->getTlsRequirement()) {
+            throw new TransportException('TLS is required but neither TLS or STARTTLS is in use.');
+        }
+
         if (\array_key_exists('AUTH', $this->capabilities)) {
             $this->handleAuth($this->capabilities['AUTH']);
         }
diff --git a/Transport/Smtp/EsmtpTransportFactory.php b/Transport/Smtp/EsmtpTransportFactory.php
@@ -75,6 +75,10 @@ public function create(Dsn $dsn): TransportInterface
             $transport->setPingThreshold((int) $pingThreshold);
         }
 
+        if (null !== ($tlsRequired = $dsn->getOption('tls_required'))) {
+            $transport->setTlsRequirement((bool) $tlsRequired);
+        }
+
         return $transport;
     }
 
diff --git a/composer.json b/composer.json
@@ -1,11 +1,15 @@
 {
-    "name": "symfony/mailer",
+    "name": "ssddanbrown/symfony-mailer",
     "type": "library",
     "description": "Helps sending emails",
     "keywords": [],
     "homepage": "https://symfony.com",
     "license": "MIT",
     "authors": [
+        {
+            "name": "Dan Brown",
+            "homepage": "https://danb.me"
+        },
         {
             "name": "Fabien Potencier",
             "email": "fabien@symfony.com"
@@ -37,6 +41,9 @@
         "symfony/mime": "<6.4",
         "symfony/twig-bridge": "<6.4"
     },
+    "replace": {
+        "symfony/mailer": "^7.0"
+    },
     "autoload": {
         "psr-4": { "Symfony\\Component\\Mailer\\": "" },
         "exclude-from-classmap": [

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,10 @@ public function create(Dsn $dsn): TransportInterface`
`75`	`75`	`$transport->setPingThreshold((int) $pingThreshold);`
`76`	`76`	`}`
`77`	`77`
	`78`	`+ if (null !== ($tlsRequired = $dsn->getOption('tls_required'))) {`
	`79`	`+ $transport->setTlsRequirement((bool) $tlsRequired);`
	`80`	`+ }`
	`81`	`+`
`78`	`82`	`return $transport;`
`79`	`83`	`}`
`80`	`84`