nodemailer 6.6.2 → 6.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/smtp-connection/index.js +31 -9
- package/package.json +4 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
2
|
|
|
3
|
+
## 6.6.3 2021-07-14
|
|
4
|
+
|
|
5
|
+
- Do not show passwords in SMTP transaction logs. All passwords used in logging are replaced by `"/* secret */"`
|
|
6
|
+
|
|
3
7
|
## 6.6.1 2021-05-23
|
|
4
8
|
|
|
5
9
|
- Fixed address formatting issue where newlines in an email address, if provided via address object, were not properly removed. Reported by tmazeika (#1289)
|
|
@@ -548,6 +548,16 @@ class SMTPConnection extends EventEmitter {
|
|
|
548
548
|
'\u0000' +
|
|
549
549
|
this._auth.credentials.pass,
|
|
550
550
|
'utf-8'
|
|
551
|
+
).toString('base64'),
|
|
552
|
+
// log entry without passwords
|
|
553
|
+
'AUTH PLAIN ' +
|
|
554
|
+
Buffer.from(
|
|
555
|
+
//this._auth.user+'\u0000'+
|
|
556
|
+
'\u0000' + // skip authorization identity as it causes problems with some servers
|
|
557
|
+
this._auth.credentials.user +
|
|
558
|
+
'\u0000' +
|
|
559
|
+
'/* secret */',
|
|
560
|
+
'utf-8'
|
|
551
561
|
).toString('base64')
|
|
552
562
|
);
|
|
553
563
|
return;
|
|
@@ -945,8 +955,9 @@ class SMTPConnection extends EventEmitter {
|
|
|
945
955
|
* Send a command to the server, append \r\n
|
|
946
956
|
*
|
|
947
957
|
* @param {String} str String to be sent to the server
|
|
958
|
+
* @param {String} logStr Optional string to be used for logging instead of the actual string
|
|
948
959
|
*/
|
|
949
|
-
_sendCommand(str) {
|
|
960
|
+
_sendCommand(str, logStr) {
|
|
950
961
|
if (this._destroyed) {
|
|
951
962
|
// Connection already closed, can't send any more data
|
|
952
963
|
return;
|
|
@@ -961,7 +972,7 @@ class SMTPConnection extends EventEmitter {
|
|
|
961
972
|
{
|
|
962
973
|
tnx: 'client'
|
|
963
974
|
},
|
|
964
|
-
(str || '').toString().replace(/\r?\n$/, '')
|
|
975
|
+
(logStr || str || '').toString().replace(/\r?\n$/, '')
|
|
965
976
|
);
|
|
966
977
|
}
|
|
967
978
|
|
|
@@ -1420,18 +1431,21 @@ class SMTPConnection extends EventEmitter {
|
|
|
1420
1431
|
|
|
1421
1432
|
// Decode from base64
|
|
1422
1433
|
let base64decoded = Buffer.from(challengeString, 'base64').toString('ascii'),
|
|
1423
|
-
|
|
1434
|
+
hmacMD5 = crypto.createHmac('md5', this._auth.credentials.pass);
|
|
1424
1435
|
|
|
1425
|
-
|
|
1436
|
+
hmacMD5.update(base64decoded);
|
|
1426
1437
|
|
|
1427
|
-
let
|
|
1428
|
-
let prepended = this._auth.credentials.user + ' ' + hex_hmac;
|
|
1438
|
+
let prepended = this._auth.credentials.user + ' ' + hmacMD5.digest('hex');
|
|
1429
1439
|
|
|
1430
1440
|
this._responseActions.push(str => {
|
|
1431
1441
|
this._actionAUTH_CRAM_MD5_PASS(str, callback);
|
|
1432
1442
|
});
|
|
1433
1443
|
|
|
1434
|
-
this._sendCommand(
|
|
1444
|
+
this._sendCommand(
|
|
1445
|
+
Buffer.from(prepended).toString('base64'),
|
|
1446
|
+
// hidden hash for logs
|
|
1447
|
+
Buffer.from(this._auth.credentials.user + ' /* secret */').toString('base64')
|
|
1448
|
+
);
|
|
1435
1449
|
}
|
|
1436
1450
|
|
|
1437
1451
|
/**
|
|
@@ -1476,7 +1490,11 @@ class SMTPConnection extends EventEmitter {
|
|
|
1476
1490
|
this._actionAUTHComplete(str, callback);
|
|
1477
1491
|
});
|
|
1478
1492
|
|
|
1479
|
-
this._sendCommand(
|
|
1493
|
+
this._sendCommand(
|
|
1494
|
+
Buffer.from((this._auth.credentials.pass || '').toString(), 'utf-8').toString('base64'),
|
|
1495
|
+
// Hidden pass for logs
|
|
1496
|
+
Buffer.from('/* secret */', 'utf-8').toString('base64')
|
|
1497
|
+
);
|
|
1480
1498
|
}
|
|
1481
1499
|
|
|
1482
1500
|
/**
|
|
@@ -1706,7 +1724,11 @@ class SMTPConnection extends EventEmitter {
|
|
|
1706
1724
|
this._responseActions.push(str => {
|
|
1707
1725
|
this._actionAUTHComplete(str, isRetry, callback);
|
|
1708
1726
|
});
|
|
1709
|
-
this._sendCommand(
|
|
1727
|
+
this._sendCommand(
|
|
1728
|
+
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token(accessToken),
|
|
1729
|
+
// Hidden for logs
|
|
1730
|
+
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token('/* secret */')
|
|
1731
|
+
);
|
|
1710
1732
|
});
|
|
1711
1733
|
}
|
|
1712
1734
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nodemailer",
|
|
3
|
-
"version": "6.6.
|
|
3
|
+
"version": "6.6.3",
|
|
4
4
|
"description": "Easy as cake e-mail sending from your Node.js applications",
|
|
5
5
|
"main": "lib/nodemailer.js",
|
|
6
6
|
"scripts": {
|
|
@@ -20,6 +20,8 @@
|
|
|
20
20
|
},
|
|
21
21
|
"homepage": "https://nodemailer.com/",
|
|
22
22
|
"devDependencies": {
|
|
23
|
+
"@aws-sdk/client-ses": "3.21.0",
|
|
24
|
+
"aws-sdk": "2.945.0",
|
|
23
25
|
"bunyan": "1.8.15",
|
|
24
26
|
"chai": "4.3.4",
|
|
25
27
|
"eslint-config-nodemailer": "1.2.0",
|
|
@@ -31,7 +33,7 @@
|
|
|
31
33
|
"libbase64": "1.2.1",
|
|
32
34
|
"libmime": "5.0.0",
|
|
33
35
|
"libqp": "1.1.0",
|
|
34
|
-
"mocha": "9.0.
|
|
36
|
+
"mocha": "9.0.2",
|
|
35
37
|
"nodemailer-ntlm-auth": "1.0.1",
|
|
36
38
|
"proxy": "1.0.2",
|
|
37
39
|
"proxy-test-server": "1.0.0",
|