From c7f5a91d30a7be3b919847177f3b8cdd92e4af5d Mon Sep 17 00:00:00 2001
From: Ataf Fazledin Ahamed <ataf@openrefactory.com>
Date: Wed, 25 Oct 2023 16:10:14 +0600
Subject: [PATCH] SSL/TLS support and authentication for SMTP (#2940)

* Added SSL/TLS support and authentication for SMTP

* Update timesketch/lib/utils.py

* Update data/timesketch.conf

* Update timesketch/lib/utils.py

* Update timesketch/lib/utils.py

---------

Co-authored-by: Johan Berggren <jberggren@gmail.com>
---
 data/timesketch.conf    |  8 ++++++++
 timesketch/lib/utils.py | 26 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/data/timesketch.conf b/data/timesketch.conf
index be412a30df..7918de6679 100644
--- a/data/timesketch.conf
+++ b/data/timesketch.conf
@@ -311,6 +311,14 @@ EMAIL_RECIPIENTS = []
 # Configuration to construct URLs for resources.
 EXTERNAL_HOST_URL = 'https://localhost'
 
+# SSL/TLS support for emails
+EMAIL_TLS = False
+EMAIL_SSL = False
+
+# Email support for authentication
+EMAIL_AUTH_USERNAME = ""
+EMAIL_AUTH_PASSWORD = ""
+
 #-------------------------------------------------------------------------------
 # Sigma Settings
 
diff --git a/timesketch/lib/utils.py b/timesketch/lib/utils.py
index 6ac665ae04..eb7d00453b 100644
--- a/timesketch/lib/utils.py
+++ b/timesketch/lib/utils.py
@@ -598,6 +598,10 @@ def send_email(subject, body, to_username, use_html=False):
     email_smtp_server = current_app.config.get("EMAIL_SMTP_SERVER")
     email_from_user = current_app.config.get("EMAIL_FROM_ADDRESS", "timesketch")
     email_user_whitelist = current_app.config.get("EMAIL_USER_WHITELIST", [])
+    email_login_username = current_app.config.get("EMAIL_AUTH_USERNAME")
+    email_login_password = current_app.config.get("EMAIL_AUTH_PASSWORD")
+    email_ssl = current_app.config.get("EMAIL_SSL")
+    email_tls = current_app.config.get("EMAIL_TLS")
 
     if not email_enabled:
         raise RuntimeError("Email notifications are not enabled, aborting.")
@@ -626,6 +630,28 @@ def send_email(subject, body, to_username, use_html=False):
     msg.add_header("Content-Type", email_content_type)
     msg.set_payload(body)
 
+    # EMAIL_SSL in timesketch.conf must be set to True
+    if email_ssl:
+        smtp = smtplib.SMTP_SSL(email_smtp_server)
+        if email_login_username and email_login_password:
+            smtp.login(email_login_username, email_login_password)
+        smtp.sendmail(msg["From"], [msg["To"]], msg.as_string())
+        smtp.quit()
+        return
+    # EMAIL_TLS in timesketch.conf must be set to True
+    if email_tls:
+        smtp = smtplib.SMTP(email_smtp_server)
+        smtp.ehlo()
+        smtp.starttls()
+        if email_login_username and email_login_password:
+            smtp.login(email_login_username, email_login_password)
+        smtp.sendmail(msg["From"], [msg["To"]], msg.as_string())
+        smtp.quit()
+        return
+
+    # default - no SSL/TLS configured
     smtp = smtplib.SMTP(email_smtp_server)
+    if email_login_username and email_login_password:
+        smtp.login(email_login_username, email_login_password)
     smtp.sendmail(msg["From"], [msg["To"]], msg.as_string())
     smtp.quit()