keyserver/src/email/email.js

/**
 * Mailvelope - secure email with OpenPGP encryption for Webmail
 * Copyright (C) 2016 Mailvelope GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License version 3
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

'use strict';

const log = require('winston');
const util = require('../service/util');
const openpgp = require('openpgp');
const nodemailer = require('nodemailer');

/**
 * A simple wrapper around Nodemailer to send verification emails
 */
class Email {
  /**
   * Create an instance of the reusable nodemailer SMTP transport.
   * @param {string}  host       SMTP server's hostname: 'smtp.gmail.com'
   * @param {Object}  auth       Auth credential: { user:'user@gmail.com', pass:'pass' }
   * @param {Object}  sender     message 'FROM' field: { name:'Your Support', email:'noreply@exmple.com' }
   * @param {string}  port       (optional) SMTP server's SMTP port. Defaults to 465.
   * @param {boolean} tls        (optional) if TSL should be used. Defaults to true.
   * @param {boolean} starttls   (optional) force STARTTLS to prevent downgrade attack. Defaults to true.
   * @param {boolean} pgp        (optional) if outgoing emails are encrypted to the user's public key.
   */
  init({host, port = 465, auth, tls, starttls, pgp, sender}) {
    this._transporter = nodemailer.createTransport({
      host,
      port,
      auth,
      secure: (tls !== undefined) ? util.isTrue(tls) : true,
      requireTLS: (starttls !== undefined) ? util.isTrue(starttls) : true,
    });
    this._usePGPEncryption = util.isTrue(pgp);
    this._sender = sender;
  }

  /**
   * Send the verification email to the user using a template.
   * @param {Object} template   the email template function to use
   * @param {Object} userId     recipient user id object: { name:'Jon Smith', email:'j@smith.com', publicKeyArmored:'...' }
   * @param {string} keyId      key id of public key
   * @param {Object} origin     origin of the server
   * @yield {Object}            reponse object containing SMTP info
   */
  async send({template, userId, keyId, origin, publicKeyArmored}) {
    const compiled = template({
      name: userId.name,
      baseUrl: util.url(origin),
      keyId,
      nonce: userId.nonce
    });
    if (this._usePGPEncryption && publicKeyArmored) {
      compiled.text = await this._pgpEncrypt(compiled.text, publicKeyArmored);
    }
    const sendOptions = {
      from: {name: this._sender.name, address: this._sender.email},
      to: {name: userId.name, address: userId.email},
      subject: compiled.subject,
      text: compiled.text
    };
    return this._sendHelper(sendOptions);
  }

  /**
   * Encrypt the message body using OpenPGP.js
   * @param  {string} plaintext          the plaintext message body
   * @param  {string} publicKeyArmored   the recipient's public key
   * @return {string}                    the encrypted PGP message block
   */
  async _pgpEncrypt(plaintext, publicKeyArmored) {
    const ciphertext = await openpgp.encrypt({
      message: openpgp.message.fromText(plaintext),
      publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,
    });
    return ciphertext.data;
  }

  /**
   * A generic method to send an email message via nodemailer.
   * @param {Object} sendoptions object: { from: ..., to: ..., subject: ..., text: ... }
   * @yield {Object}           reponse object containing SMTP info
   */
  async _sendHelper(sendOptions) {
    try {
      const info = await this._transporter.sendMail(sendOptions);
      if (!this._checkResponse(info)) {
        log.warn('email', 'Message may not have been received.', info);
      }
      return info;
    } catch (error) {
      log.error('email', 'Sending message failed.', error);
      util.throw(500, 'Sending email to user failed');
    }
  }

  /**
   * Check if the message was sent successfully according to SMTP
   * reply codes: http://www.supermailer.de/smtp_reply_codes.htm
   * @param  {Object} info   info object return from nodemailer
   * @return {boolean}       if the message was received by the user
   */
  _checkResponse(info) {
    return /^2/.test(info.response);
  }
}

module.exports = Email;
Design class architecture and HTTP api 2016-05-26 11:45:32 +00:00			`/**`
			`* Mailvelope - secure email with OpenPGP encryption for Webmail`
			`* Copyright (C) 2016 Mailvelope GmbH`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License version 3`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`'use strict';`

Use winston instead of npmlog 2017-08-18 10:01:34 +00:00			`const log = require('winston');`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`const util = require('../service/util');`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`const openpgp = require('openpgp');`
Unified mongo and email style 2016-06-08 12:01:30 +00:00			`const nodemailer = require('nodemailer');`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00
Design class architecture and HTTP api 2016-05-26 11:45:32 +00:00			`/**`
			`* A simple wrapper around Nodemailer to send verification emails`
			`*/`
			`class Email {`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`/**`
			`* Create an instance of the reusable nodemailer SMTP transport.`
Add STARTTLS flag to SMTP config 2016-06-02 11:00:22 +00:00			`* @param {string} host SMTP server's hostname: 'smtp.gmail.com'`
			`* @param {Object} auth Auth credential: { user:'user@gmail.com', pass:'pass' }`
			`* @param {Object} sender message 'FROM' field: { name:'Your Support', email:'noreply@exmple.com' }`
			`* @param {string} port (optional) SMTP server's SMTP port. Defaults to 465.`
			`* @param {boolean} tls (optional) if TSL should be used. Defaults to true.`
			`* @param {boolean} starttls (optional) force STARTTLS to prevent downgrade attack. Defaults to true.`
Use nodemailer-openpgp plugin to encrypt verification emails 2016-06-02 14:19:54 +00:00			`* @param {boolean} pgp (optional) if outgoing emails are encrypted to the user's public key.`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`*/`
Fix eslint errors 2017-08-15 08:03:06 +00:00			`init({host, port = 465, auth, tls, starttls, pgp, sender}) {`
Rebase onto dev/pgp-inline, fix unit tests 2019-02-08 16:04:28 +00:00			`this._transporter = nodemailer.createTransport({`
Use ES6 destructuring (not available in node v4) 2017-01-21 11:51:33 +00:00			`host,`
			`port,`
			`auth,`
			`secure: (tls !== undefined) ? util.isTrue(tls) : true,`
			`requireTLS: (starttls !== undefined) ? util.isTrue(starttls) : true,`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`});`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`this._usePGPEncryption = util.isTrue(pgp);`
Use ES6 destructuring (not available in node v4) 2017-01-21 11:51:33 +00:00			`this._sender = sender;`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`}`

First working prototype of the keyserver 2016-05-27 17:57:48 +00:00			`/**`
Simplify email.js 2016-05-31 14:48:18 +00:00			`* Send the verification email to the user using a template.`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`* @param {Object} template the email template function to use`
			`* @param {Object} userId recipient user id object: { name:'Jon Smith', email:'j@smith.com', publicKeyArmored:'...' }`
Fix keyId in email links 2016-06-09 09:38:00 +00:00			`* @param {string} keyId key id of public key`
Simplify email.js 2016-05-31 14:48:18 +00:00			`* @param {Object} origin origin of the server`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`* @yield {Object} reponse object containing SMTP info`
First working prototype of the keyserver 2016-05-27 17:57:48 +00:00			`*/`
Add upload, update and removal for single user IDs (emails) 2019-02-14 17:11:37 +00:00			`async send({template, userId, keyId, origin, publicKeyArmored}) {`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`const compiled = template({`
			`name: userId.name,`
			`baseUrl: util.url(origin),`
			`keyId,`
			`nonce: userId.nonce`
			`});`
Add upload, update and removal for single user IDs (emails) 2019-02-14 17:11:37 +00:00			`if (this._usePGPEncryption && publicKeyArmored) {`
			`compiled.text = await this._pgpEncrypt(compiled.text, publicKeyArmored);`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`}`
			`const sendOptions = {`
			`from: {name: this._sender.name, address: this._sender.email},`
			`to: {name: userId.name, address: userId.email},`
			`subject: compiled.subject,`
			`text: compiled.text`
Implement email.sendVerifyRemove Write email.js unit tests 2016-05-30 13:36:32 +00:00			`};`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`return this._sendHelper(sendOptions);`
			`}`

			`/**`
			`* Encrypt the message body using OpenPGP.js`
Fix typo in email docs 2017-08-19 09:17:33 +00:00			`* @param {string} plaintext the plaintext message body`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`* @param {string} publicKeyArmored the recipient's public key`
			`* @return {string} the encrypted PGP message block`
			`*/`
			`async _pgpEncrypt(plaintext, publicKeyArmored) {`
			`const ciphertext = await openpgp.encrypt({`
Rebase onto dev/pgp-inline, fix unit tests 2019-02-08 16:04:28 +00:00			`message: openpgp.message.fromText(plaintext),`
			`publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`});`
			`return ciphertext.data;`
Implement email.sendVerifyRemove Write email.js unit tests 2016-05-30 13:36:32 +00:00			`}`

Cleanup email module 2016-05-30 08:48:17 +00:00			`/**`
			`* A generic method to send an email message via nodemailer.`
Rebase onto dev/pgp-inline, fix unit tests 2019-02-08 16:04:28 +00:00			`* @param {Object} sendoptions object: { from: ..., to: ..., subject: ..., text: ... }`
Cleanup email module 2016-05-30 08:48:17 +00:00			`* @yield {Object} reponse object containing SMTP info`
			`*/`
Send email message with PGP inline not PGP/MIME * Use OpenPGP.js directly instead of nodemailer-openpgp plugin * Use native ES6 string templates instead of nodemailer template engine 2017-08-19 09:06:36 +00:00			`async _sendHelper(sendOptions) {`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`try {`
Rebase onto dev/pgp-inline, fix unit tests 2019-02-08 16:04:28 +00:00			`const info = await this._transporter.sendMail(sendOptions);`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`if (!this._checkResponse(info)) {`
Cleanup email module 2016-05-30 08:48:17 +00:00			`log.warn('email', 'Message may not have been received.', info);`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`}`
			`return info;`
Fix eslint errors 2017-08-15 08:03:06 +00:00			`} catch (error) {`
Use ES6 destructuring (not available in node v4) 2017-01-21 11:51:33 +00:00			`log.error('email', 'Sending message failed.', error);`
Cleanup email module 2016-05-30 08:48:17 +00:00			`util.throw(500, 'Sending email to user failed');`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`}`
			`}`

			`/**`
			`* Check if the message was sent successfully according to SMTP`
			`* reply codes: http://www.supermailer.de/smtp_reply_codes.htm`
Use nodemailer template engine 2016-05-29 15:51:10 +00:00			`* @param {Object} info info object return from nodemailer`
			`* @return {boolean} if the message was received by the user`
Implement Email DAO for sending verification mails 2016-05-29 14:47:45 +00:00			`*/`
			`_checkResponse(info) {`
			`return /^2/.test(info.response);`
First working prototype of the keyserver 2016-05-27 17:57:48 +00:00			`}`
			`}`

Fix eslint errors 2017-08-15 08:03:06 +00:00			`module.exports = Email;`