mirror of
https://github.com/strapi/strapi.git
synced 2026-05-03 16:22:30 +00:00
Schero D.
c4cea991dd
* feat(email-nodemailer): improve provider with new features and tests - Remove lodash dependency, use native destructuring - Add verify() method for SMTP configuration testing - Add isIdle() method for connection pool status - Add close() method for graceful shutdown - Add unit tests (11 tests) - Expand documentation with OAuth2, DKIM, pooling, calendar events - Fix package description from "Strapi 3" to "Strapi" * feat(email): add connection verification support in admin UI - Add verify endpoint to test SMTP connection without sending email - Add EmailProvider interface with optional verify, isIdle, close methods - Add "Test connection" button in Email Settings when provider supports it - Show connection status badge (Connected/Error) after verification - Add translations for new UI elements * feat(email): add RFC-compliant email address parsing utilities - Add parseEmailAddress() supporting RFC 5322, 2047, 6531 - Add formatEmailAddress() with automatic encoding - Parse sender name and email separately in Settings UI - Support Base64/Quoted-Printable encoded names (RFC 2047) - Support comments in parentheses (RFC 5322) - Support quoted strings with special characters - Add comprehensive test suite (40+ tests) - Export utilities from @strapi/provider-email-nodemailer/utils * feat(email-nodemailer): add custom headers support and upgrade to nodemailer v7 - Add explicit `headers` field to SendOptions interface, allowing custom SMTP headers to be passed in send() calls. This enables use cases with specialized SMTP servers that require custom headers (e.g. X-Priority, X-Mailer, business-specific headers). - Upgrade nodemailer from 6.10.1 to 7.0.13 (includes security fix for stack overflow DoS in address parser, DNS cache leak fix, REQUIRETLS support, and increased data URI size limit). - Upgrade @types/nodemailer from 6.4.7 to 7.0.9. Closes #23190 Closes #24949 * feat(email-nodemailer): add advanced email features Add typed support for advanced Nodemailer features that no other headless CMS currently offers: - priority: Set email priority (high/normal/low) via X-Priority header - dsn: Delivery Status Notifications for bounce/success tracking - icalEvent: Calendar event invitations (meeting requests) - list: RFC 2369 List-* headers (enables one-click unsubscribe in Gmail/Outlook for newsletters) - envelope: Custom SMTP envelope for bounce handling - amp: AMP4Email content for interactive emails All features are opt-in and fully backward-compatible. Transport-level features (DKIM, connection pooling, rate limiting, OAuth2, proxy) are already supported through providerOptions pass-through. * docs(email-nodemailer): comprehensive README with all features documented - Add feature overview table at the top - Document all new send() options: list (unsubscribe), dsn, envelope, amp - Add examples for newsletters, bounce handling, AMP4Email, DSN - Document transport-level features: rate limiting, proxy, requireTLS - Update send options table with all supported fields * feat(email-nodemailer): add per-message OAuth2 authentication support Enable sending emails on behalf of different users through a single OAuth2-configured transporter. Each send() call can include user- specific auth credentials (user, refreshToken, accessToken), allowing multi-user email sending without creating separate transporters. Useful for applications where admins or team members need to send emails from their own accounts via a shared OAuth2 client. * feat(email): add provider capabilities to Email Settings UI - Extend EmailProvider interface with optional getCapabilities() - Add ProviderCapabilities type to shared types - Implement getCapabilities() in Nodemailer provider (transport, auth, features) - Extend getSettings controller to return capabilities and isIdle - Add Capabilities section in Admin UI showing SMTP server, encryption, authentication, pool status, and feature badges (DKIM, pool, rate limiting, OAuth2, requireTLS) - Add translations for en and de - Disable import/no-unresolved for email admin (match sibling packages) * fix(email): show Connected/Error badge next to Test connection button * chore: update yarn.lock after rebase on develop * security(email-nodemailer): upgrade to nodemailer 8.0.1 and harden provider - Upgrade nodemailer from 7.0.13 to 8.0.1 (improved socket cleanup, DNS fallback hardening, TLS error handling, standardized error codes) - Upgrade @types/nodemailer from 7.0.9 to 7.0.10 - Remove dangerous ...rest spread that allowed arbitrary property injection into sendMail options (only explicitly allowlisted fields are now forwarded) - Remove auth.user from getCapabilities() and ProviderCapabilities type to prevent credential/username leakage via admin API - Simplify admin UI auth display to show only auth type, not username - Replace (message as any) casts with (message as Record<string, unknown>) - Add comprehensive security tests: no-rest-spread injection test, credential leak prevention test, per-field forwarding tests * fix(email): restore auth.user in capabilities for admin visibility Keep the SMTP username visible in getCapabilities() and the admin Settings UI so administrators can verify which account is configured. * feat(email-nodemailer): expose all nodemailer message options Forward every nodemailer SendMailOptions field through the provider: - sender, inReplyTo, references (threading & on-behalf-of) - alternatives, watchHtml (content variants) - messageId, date, xMailer (metadata control) - textEncoding, encoding, normalizeHeaderKey (encoding) - dkim per-message, attachDataUrls (signing & embedding) - disableUrlAccess, disableFileAccess (security flags) - raw (pre-built MIME passthrough) - proxy detection in getCapabilities() All fields are explicitly allowlisted - no rest-spread. * docs(email-nodemailer): update README with all message options Add documentation for newly supported fields: sender, inReplyTo, references, alternatives, watchHtml, messageId, date, xMailer, textEncoding, encoding, dkim per-message, disableUrlAccess, disableFileAccess, raw MIME, attachDataUrls. Expand field table with categories and add code examples for threading, on-behalf-of, per-message DKIM, alternative content, and raw MIME passthrough. * feat(email-nodemailer): add RFC 5321 email normalization and expand RFC coverage - Add normalizeEmail() that lowercases email addresses per RFC 5321 section 2.4 (domain is case-insensitive, local part treated as case-insensitive in practice by all major providers) - parseEmailAddress() now returns normalized lowercase emails - formatEmailAddress() now normalizes email before formatting - Export normalizeEmail from utils - Expand RFC standards table: add RFC 5321, 2369, 3461, 6376, 6532 - Add normalization examples to README - Add 10 new tests for email normalization * fix(email-nodemailer): fix 7 bugs in provider and email utilities - Fix extractComments: unmatched ')' no longer causes negative depth - Fix parseMultipleEmailAddresses: replace broken prevChar escape tracking with boolean flag - Fix encodeRfc2047Base64: split long names into <=75 char chunks per RFC 2047 - Fix isValidEmail: reject consecutive/leading/trailing dots in local part - Fix isValidEmail: enforce RFC 5321 length limits (local<=64, domain<=255, total<=320) - Fix send(): replace || with ?? for text/html fallback (empty string is a valid value) - Fix send(): replace || with ?? for from/replyTo fallback (empty string is a valid value) * style(email-nodemailer): fix prettier formatting in tests and README --------- Co-authored-by: Bassel Kanso <basselkanso82@gmail.com>