feat: add smtp settings

2026-03-12 13:39:48 +01:00 · 2026-03-12 13:39:48 +01:00 · a4f3aa5d6f
commit a4f3aa5d6f
parent c4135308e6
23 changed files with 2424 additions and 152 deletions
--- a/CODE_GUIDELINES.md
+++ b/CODE_GUIDELINES.md
@ -1267,7 +1267,27 @@ mix hex.outdated
 **Mailer and from address:**

 - `Mv.Mailer` (Swoosh) and `Mv.Mailer.mail_from/0` return the configured sender `{name, email}`.
- Config: `config :mv, :mail_from, {"Mila", "noreply@example.com"}` in config.exs. In production, runtime.exs overrides from ENV (`MAIL_FROM_NAME`, `MAIL_FROM_EMAIL`).
+- Sender identity priority: `MAIL_FROM_NAME`/`MAIL_FROM_EMAIL` ENV > Settings `smtp_from_name`/`smtp_from_email` > hardcoded defaults `{"Mila", "noreply@example.com"}`.
+- Access via `Mv.Config.mail_from_name/0` and `Mv.Config.mail_from_email/0`.
+- **Important:** On most SMTP servers the sender email must be the same address as `smtp_username` or an alias owned by that account (e.g. Postfix strict relay). Misconfiguration causes a 553 error.
+
+**SMTP configuration:**
+
+- SMTP can be configured via **ENV variables** (`SMTP_HOST`, `SMTP_PORT`, `SMTP_USERNAME`, `SMTP_PASSWORD`, `SMTP_PASSWORD_FILE`, `SMTP_SSL`) or via **Admin Settings** (database: `smtp_host`, `smtp_port`, `smtp_username`, `smtp_password`, `smtp_ssl`). ENV takes priority (same pattern as OIDC/Vereinfacht).
+- Sender identity is also configurable via ENV (`MAIL_FROM_NAME`, `MAIL_FROM_EMAIL`) or Settings (`smtp_from_name`, `smtp_from_email`).
+- `SMTP_PASSWORD_FILE`: path to a file containing the password (Docker Secrets / Kubernetes secrets pattern); overridden by `SMTP_PASSWORD` when both are set.
+- `SMTP_SSL` values: `tls` (default, port 587), `ssl` (port 465), `none` (port 25).
+- When `SMTP_HOST` ENV is present at boot, `runtime.exs` configures `Swoosh.Adapters.SMTP` automatically.
+- When SMTP is configured only via Settings, `Mv.Mailer.smtp_config/0` builds the adapter config per-send.
+- In test environment, `Swoosh.Adapters.Test` is used regardless of SMTP config.
+- **TLS in OTP 27:** `tls_options: [verify: :verify_none]` (STARTTLS/587) and `sockopts: [verify: :verify_none]` (SSL/465) are set to allow self-signed / internal certs.
+- **Test email:** `Mv.Mailer.send_test_email(to_email)` sends a transactional test email; returns `{:ok, email}` or `{:error, classified_reason}`. Classified errors: `:sender_rejected`, `:auth_failed`, `:recipient_rejected`, `:tls_failed`, `:connection_failed`, `{:smtp_error, message}`. Each shows a specific message in the UI.
+- **Production warning:** When SMTP is not configured in production, a warning is shown in the Settings UI.
+- Access config values via `Mv.Config.smtp_host/0`, `smtp_port/0`, `smtp_username/0`, `smtp_password/0`, `smtp_ssl/0`, `smtp_configured?/0`.
+
+**AshAuthentication senders:**
+
+- `SendPasswordResetEmail` and `SendNewUserConfirmationEmail` use `Mv.Mailer.deliver/1` (not `deliver!/1`). Errors are logged via `Logger.error` and not re-raised so they never crash the caller process.

 **Unified layout (transactional emails):**

@ -1287,7 +1307,11 @@ new()
 |> put_view(MvWeb.EmailsView)
 |> put_layout({MvWeb.EmailLayoutView, "layout.html"})
 |> render_body("template_name.html", %{assigns})
-|> Mailer.deliver!()
+
+case Mailer.deliver(email) do
+  {:ok, _} -> :ok
+  {:error, reason} -> Logger.error("Email delivery failed: #{inspect(reason)}")
+end
 ```

 ### 3.12 Internationalization: Gettext