feat: add option to not verify ssl certs (#913)

* feat: add option to not verify ssl certs * formatting * update _test_login function * update tests, sort imports
moralmunky · Jun 19, 2024 · 475c9e2 · 475c9e2
1 parent 50b5433
commit 475c9e2
Show file tree

Hide file tree

Showing 33 changed files with 200 additions and 75 deletions.
diff --git a/custom_components/mail_and_packages/__init__.py b/custom_components/mail_and_packages/__init__.py
@@ -18,6 +18,7 @@
     CONF_IMAP_TIMEOUT,
     CONF_PATH,
     CONF_SCAN_INTERVAL,
+    CONF_VERIFY_SSL,
     COORDINATOR,
     DEFAULT_AMAZON_DAYS,
     DEFAULT_AMAZON_FWDS,
@@ -147,7 +148,7 @@ async def update_listener(hass: HomeAssistant, config_entry: ConfigEntry) -> Non
 async def async_migrate_entry(hass, config_entry):
     """Migrate an old config entry."""
     version = config_entry.version
-    new_version = 5
+    new_version = 6
 
     # 1 -> 4: Migrate format
     if version == 1:
@@ -208,6 +209,18 @@ async def async_migrate_entry(hass, config_entry):
             config_entry, data=updated_config, version=new_version
         )
 
+    if version == 5:
+        _LOGGER.debug("Migrating from version %s", version)
+        updated_config = config_entry.data.copy()
+
+        if CONF_VERIFY_SSL not in updated_config:
+            updated_config[CONF_VERIFY_SSL] = True
+
+    if updated_config != config_entry.data:
+        hass.config_entries.async_update_entry(
+            config_entry, data=updated_config, version=new_version
+        )
+
     _LOGGER.debug("Migration complete to version %s", new_version)
 
     return True

diff --git a/custom_components/mail_and_packages/config_flow.py b/custom_components/mail_and_packages/config_flow.py
@@ -29,6 +29,7 @@
     CONF_IMAP_TIMEOUT,
     CONF_PATH,
     CONF_SCAN_INTERVAL,
+    CONF_VERIFY_SSL,
     DEFAULT_ALLOW_EXTERNAL,
     DEFAULT_AMAZON_DAYS,
     DEFAULT_AMAZON_FWDS,
@@ -123,9 +124,9 @@ async def _validate_user_input(user_input: dict) -> tuple:
     return errors, user_input
 
 
-def _get_mailboxes(host: str, port: int, user: str, pwd: str) -> list:
+def _get_mailboxes(host: str, port: int, user: str, pwd: str, verify: bool) -> list:
     """Get list of mailbox folders from mail server."""
-    account = login(host, port, user, pwd)
+    account = login(host, port, user, pwd, verify)
 
     status, folderlist = account.list()
     mailboxes = []
@@ -163,6 +164,7 @@ def _get_default(key: str, fallback_default: Any = None) -> None:
             vol.Required(CONF_PORT, default=_get_default(CONF_PORT, 993)): cv.port,
             vol.Required(CONF_USERNAME, default=_get_default(CONF_USERNAME)): cv.string,
             vol.Required(CONF_PASSWORD, default=_get_default(CONF_PASSWORD)): cv.string,
+            vol.Required(CONF_VERIFY_SSL, default=_get_default(CONF_VERIFY_SSL)): bool,
         }
     )
 
@@ -184,6 +186,7 @@ def _get_default(key: str, fallback_default: Any = None) -> None:
                     data[CONF_PORT],
                     data[CONF_USERNAME],
                     data[CONF_PASSWORD],
+                    data[CONF_VERIFY_SSL],
                 )
             ),
             vol.Required(
@@ -238,7 +241,7 @@ def _get_default(key: str, fallback_default: Any = None) -> None:
 class MailAndPackagesFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
     """Config flow for Mail and Packages."""
 
-    VERSION = 5
+    VERSION = 6
     CONNECTION_CLASS = config_entries.CONN_CLASS_CLOUD_POLL
 
     def __init__(self):
@@ -257,6 +260,7 @@ async def async_step_user(self, user_input=None):
                 user_input[CONF_PORT],
                 user_input[CONF_USERNAME],
                 user_input[CONF_PASSWORD],
+                user_input[CONF_VERIFY_SSL],
             )
             if not valid:
                 self._errors["base"] = "communication"
@@ -372,6 +376,7 @@ async def async_step_init(self, user_input=None):
                 user_input[CONF_PORT],
                 user_input[CONF_USERNAME],
                 user_input[CONF_PASSWORD],
+                user_input[CONF_VERIFY_SSL],
             )
             if not valid:
                 self._errors["base"] = "communication"

diff --git a/custom_components/mail_and_packages/const.py b/custom_components/mail_and_packages/const.py
@@ -54,6 +54,7 @@
 CONF_GENERATE_MP4 = "generate_mp4"
 CONF_AMAZON_FWDS = "amazon_fwds"
 CONF_AMAZON_DAYS = "amazon_days"
+CONF_VERIFY_SSL = "verify_ssl"
 
 # Defaults
 DEFAULT_CAMERA_NAME = "Mail USPS Camera"

diff --git a/custom_components/mail_and_packages/helpers.py b/custom_components/mail_and_packages/helpers.py
@@ -11,11 +11,13 @@
 import os
 import quopri
 import re
+import ssl
 import subprocess  # nosec
 import uuid
 from datetime import timezone
 from email.header import decode_header
 from shutil import copyfile, copytree, which
+from ssl import Purpose
 from typing import Any, List, Optional, Type, Union
 
 import aiohttp
@@ -75,6 +77,7 @@
     CONF_FOLDER,
     CONF_GENERATE_MP4,
     CONF_PATH,
+    CONF_VERIFY_SSL,
     DEFAULT_AMAZON_DAYS,
     OVERLAY,
     SENSOR_DATA,
@@ -107,14 +110,20 @@ async def _check_ffmpeg() -> bool:
     return which("ffmpeg")
 
 
-async def _test_login(host: str, port: int, user: str, pwd: str) -> bool:
+async def _test_login(host: str, port: int, user: str, pwd: str, verify: bool) -> bool:
     """Test IMAP login to specified server.
 
     Returns success boolean
     """
-    # Attempt to catch invalid mail server hosts
+    context = ssl.create_default_context()
+    if not verify:
+        context.check_hostname = False
+        context.verify_mode = ssl.CERT_NONE
+    else:
+        context = ssl.create_default_context(purpose=Purpose.SERVER_AUTH)
+    # Catch invalid mail server / host names
     try:
-        account = imaplib.IMAP4_SSL(host, port)
+        account = imaplib.IMAP4_SSL(host=host, port=port, ssl_context=context)
     except Exception as err:
         _LOGGER.error("Error connecting into IMAP Server: %s", str(err))
         return False
@@ -152,12 +161,13 @@ async def process_emails(hass: HomeAssistant, config: ConfigEntry) -> dict:
     pwd = config.get(CONF_PASSWORD)
     folder = config.get(CONF_FOLDER)
     resources = config.get(CONF_RESOURCES)
+    verify_ssl = config.get(CONF_VERIFY_SSL)
 
     # Create the dict container
     data = {}
 
     # Login to email server and select the folder
-    account = login(host, port, user, pwd)
+    account = login(host, port, user, pwd, verify_ssl)
 
     # Do not process if account returns false
     if not account:
@@ -426,15 +436,21 @@ async def fetch(
 
 
 def login(
-    host: str, port: int, user: str, pwd: str
+    host: str, port: int, user: str, pwd: str, verify: bool = True
 ) -> Union[bool, Type[imaplib.IMAP4_SSL]]:
     """Login to IMAP server.
 
     Returns account object
     """
+    context = ssl.create_default_context()
+    if not verify:
+        context.check_hostname = False
+        context.verify_mode = ssl.CERT_NONE
+    else:
+        context = ssl.create_default_context(purpose=Purpose.SERVER_AUTH)
     # Catch invalid mail server / host names
     try:
-        account = imaplib.IMAP4_SSL(host, port)
+        account = imaplib.IMAP4_SSL(host=host, port=port, ssl_context=context)
 
     except Exception as err:
         _LOGGER.error("Network error while connecting to server: %s", str(err))

diff --git a/custom_components/mail_and_packages/strings.json b/custom_components/mail_and_packages/strings.json
@@ -18,7 +18,8 @@
           "host": "Host",
           "password": "Password",
           "port": "Port",
-          "username": "Username"
+          "username": "Username",
+          "verify_ssl": "Verify SSL Cert"
         },
         "description": "Please enter the connection information of your mail server.",
         "title": "Mail and Packages (Step 1 of 2)"
@@ -66,7 +67,8 @@
           "host": "Host",
           "password": "Password",
           "port": "Port",
-          "username": "Username"
+          "username": "Username",
+          "verify_ssl": "Verify SSL Cert"
         },
         "description": "Please enter the connection information of your mail server.",
         "title": "Mail and Packages (Step 1 of 2)"

diff --git a/custom_components/mail_and_packages/translations/ca.json b/custom_components/mail_and_packages/translations/ca.json
@@ -18,7 +18,8 @@
                     "host": "Amfitrió",
                     "password": "Contrasenya",
                     "port": "Port",
-                    "username": "Nom d'usuari"
+                    "username": "Nom d'usuari",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Introduïu la informació de connexió del vostre servidor de correu.",
                 "title": "Correu i paquets (pas 1 de 2)"
@@ -67,7 +68,8 @@
                     "host": "Amfitrió",
                     "password": "Contrasenya",
                     "port": "Port",
-                    "username": "Nom d'usuari"
+                    "username": "Nom d'usuari",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Introduïu la informació de connexió del vostre servidor de correu.",
                 "title": "Correu i paquets (pas 1 de 2)"

diff --git a/custom_components/mail_and_packages/translations/de.json b/custom_components/mail_and_packages/translations/de.json
@@ -18,7 +18,8 @@
                     "host": "Host",
                     "password": "Passwort",
                     "port": "Port",
-                    "username": "Nutzername"
+                    "username": "Nutzername",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Bitte geben Sie die Verbindungsinformationen Ihres Mailservers ein.",
                 "title": "Briefe und Pakete (Schritt 1 von 2)"
@@ -67,7 +68,8 @@
                     "host": "Host",
                     "password": "Passwort",
                     "port": "Port",
-                    "username": "Nutzername"
+                    "username": "Nutzername",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Bitte geben Sie die Verbindungsinformationen Ihres Mailservers ein.",
                 "title": "Briefe und Pakete (Schritt 1 von 2)"

diff --git a/custom_components/mail_and_packages/translations/en.json b/custom_components/mail_and_packages/translations/en.json
@@ -18,7 +18,8 @@
                     "host": "Host",
                     "password": "Password",
                     "port": "Port",
-                    "username": "Username"
+                    "username": "Username",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Please enter the connection information of your mail server.",
                 "title": "Mail and Packages (Step 1 of 2)"
@@ -67,7 +68,8 @@
                     "host": "Host",
                     "password": "Password",
                     "port": "Port",
-                    "username": "Username"
+                    "username": "Username",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Please enter the connection information of your mail server.",
                 "title": "Mail and Packages (Step 1 of 2)"

diff --git a/custom_components/mail_and_packages/translations/es.json b/custom_components/mail_and_packages/translations/es.json
@@ -18,7 +18,8 @@
                     "host": "Anfitrión",
                     "password": "Contraseña",
                     "port": "Puerto",
-                    "username": "Nombre de usuario"
+                    "username": "Nombre de usuario",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Ingrese la información de conexión de su servidor de correo.",
                 "title": "Correo y paquetes (Paso 1 de 2)"
@@ -67,7 +68,8 @@
                     "host": "Anfitrión",
                     "password": "Contraseña",
                     "port": "Puerto",
-                    "username": "Nombre de usuario"
+                    "username": "Nombre de usuario",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Ingrese la información de conexión de su servidor de correo.",
                 "title": "Correo y paquetes (Paso 1 de 2)"

diff --git a/custom_components/mail_and_packages/translations/es_419.json b/custom_components/mail_and_packages/translations/es_419.json
@@ -18,7 +18,8 @@
                     "host": "Anfitrión",
                     "password": "Contraseña",
                     "port": "Puerto",
-                    "username": "Nombre de usuario"
+                    "username": "Nombre de usuario",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Ingrese la información de conexión de su servidor de correo.",
                 "title": "Correo y paquetes (Paso 1 de 2)"
@@ -67,7 +68,8 @@
                     "host": "Anfitrión",
                     "password": "Contraseña",
                     "port": "Puerto",
-                    "username": "Nombre de usuario"
+                    "username": "Nombre de usuario",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Ingrese la información de conexión de su servidor de correo.",
                 "title": "Correo y paquetes (Paso 1 de 2)"

diff --git a/custom_components/mail_and_packages/translations/fi.json b/custom_components/mail_and_packages/translations/fi.json
@@ -18,7 +18,8 @@
                     "host": "isäntä",
                     "password": "Salasana",
                     "port": "portti",
-                    "username": "Käyttäjätunnus"
+                    "username": "Käyttäjätunnus",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Anna sähköpostipalvelimesi yhteydetiedot.",
                 "title": "Posti ja paketit (vaihe 1/2)"
@@ -67,7 +68,8 @@
                     "host": "isäntä",
                     "password": "Salasana",
                     "port": "portti",
-                    "username": "Käyttäjätunnus"
+                    "username": "Käyttäjätunnus",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Anna sähköpostipalvelimesi yhteydetiedot.",
                 "title": "Posti ja paketit (vaihe 1/2)"

diff --git a/custom_components/mail_and_packages/translations/fr.json b/custom_components/mail_and_packages/translations/fr.json
@@ -18,7 +18,8 @@
                     "host": "Hôte",
                     "password": "Mot de passe",
                     "port": "Port",
-                    "username": "Nom d'utilisateur"
+                    "username": "Nom d'utilisateur",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Veuillez saisir les informations de connexion de votre serveur de messagerie.",
                 "title": "Courrier et colis (étape 1 sur 2)"
@@ -67,7 +68,8 @@
                     "host": "Hôte",
                     "password": "Mot de passe",
                     "port": "Port",
-                    "username": "Nom d'utilisateur"
+                    "username": "Nom d'utilisateur",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Veuillez saisir les informations de connexion de votre serveur de messagerie.",
                 "title": "Courrier et colis (étape 1 sur 2)"

diff --git a/custom_components/mail_and_packages/translations/hu.json b/custom_components/mail_and_packages/translations/hu.json
@@ -18,7 +18,8 @@
                     "host": "Házigazda",
                     "password": "Jelszó",
                     "port": "Kikötő",
-                    "username": "Felhasználónév"
+                    "username": "Felhasználónév",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Kérjük, adja meg a levelezőszerver csatlakozási adatait.",
                 "title": "Levél és csomagok (1. lépés a 2-ből)"
@@ -67,7 +68,8 @@
                     "host": "Házigazda",
                     "password": "Jelszó",
                     "port": "Kikötő",
-                    "username": "Felhasználónév"
+                    "username": "Felhasználónév",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Kérjük, adja meg a levelezőszerver csatlakozási adatait.",
                 "title": "Levél és csomagok (1. lépés a 2-ből)"

diff --git a/custom_components/mail_and_packages/translations/it.json b/custom_components/mail_and_packages/translations/it.json
@@ -18,7 +18,8 @@
                     "host": "Ospite",
                     "password": "Parola d'ordine",
                     "port": "Porta",
-                    "username": "Nome utente"
+                    "username": "Nome utente",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Inserisci le informazioni di connessione del tuo server di posta.",
                 "title": "Posta e pacchi (passaggio 1 di 2)"
@@ -67,7 +68,8 @@
                     "host": "Ospite",
                     "password": "Parola d'ordine",
                     "port": "Porta",
-                    "username": "Nome utente"
+                    "username": "Nome utente",
+                    "verify_ssl": "Verify SSL Cert"
                 },
                 "description": "Inserisci le informazioni di connessione del tuo server di posta.",
                 "title": "Posta e pacchi (passaggio 1 di 2)"