Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Outbound email password not saved correctly for long passwords like API keys #10506

Open
ExcelsiorEyer opened this issue Aug 21, 2024 · 2 comments
Labels
Area: Emails:Config Issues & PRs related to email configuration Area: Emails Issues & PRs related to all things regarding emails & email module Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Moderate Key function failed, but no or little impact Status: Team Investigating Labels for issues in which the Core Team are investigating / Intend to Investigate Type: Bug Bugs within the core SuiteCRM codebase

Comments

@ExcelsiorEyer
Copy link

Issue

SMTP password for personal outgoing email is not being saved correctly if it is a long password like an API key. Adding debug steps to include/OutboundEmail/OutboundEmail.php seems to indicate that the stored encrypted password is being truncated to 100 chars, causing an incorrect password to be used for authenticating with the SMTP server

Version 7.14.5
Sugar Version 6.5.25 (Build 344)

Possible Fix

Increase the field length of outbound_email.mail_smtppass to a much larger value to allow for the encryption of API keys provided by SMTP providers

Steps to Reproduce the Issue

1. Set the password to be 100 characters for an outbound SMTP email. This will cause the encrypted text to be stored in the database to exceed the 100 character limit
2. Try sending an email to find the SMTP authentication failing

Context

No response

Version

7.14.5

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

MySQL, PHP8.2

Operating System and Version

Ubuntu

@ExcelsiorEyer ExcelsiorEyer added the Type: Bug Bugs within the core SuiteCRM codebase label Aug 21, 2024
@chris001
Copy link
Contributor

Unlike the username field mail_smtpuser which has maxlength=100 on the web form, this password mail_smtppass doesn't have a maxlength on the web form! So it misleads you into believing you can paste in an app password longer than 100 characters, because there is no maxlength. Suite silently fails to save the full app password when the database truncates to the size of the field in the DB, resulting in first 100 characters saved, then SMTP Auth fails, and sending Outgoing Email fails.

@johnM2401 johnM2401 added Status:Fix Proposed A issue that has a PR related to it that provides a possible resolution Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Area: Emails Issues & PRs related to all things regarding emails & email module Area: Emails:Config Issues & PRs related to email configuration Severity: Moderate Key function failed, but no or little impact labels Aug 22, 2024
@ExcelsiorEyer
Copy link
Author

Just to clarify, in my case the actual password is short of 100 characters. So limiting the password to 100 characters on the front end will not solve the problem if the encrypted value were to exceed 100 characters in length.

@johnM2401 johnM2401 removed the Status:Fix Proposed A issue that has a PR related to it that provides a possible resolution label Aug 26, 2024
@gemartin21 gemartin21 added the Status: Team Investigating Labels for issues in which the Core Team are investigating / Intend to Investigate label Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: Emails:Config Issues & PRs related to email configuration Area: Emails Issues & PRs related to all things regarding emails & email module Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Moderate Key function failed, but no or little impact Status: Team Investigating Labels for issues in which the Core Team are investigating / Intend to Investigate Type: Bug Bugs within the core SuiteCRM codebase
Projects
None yet
Development

No branches or pull requests

4 participants