[PR #1681] [MERGED] Add email verification #1689

New issue

Closed

opened 2026-05-07 01:03:15 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 01:03:15 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/binwiederhier/ntfy/pull/1681
Author: @binwiederhier
Created: 3/30/2026
Status: ✅ Merged
Merged: 3/30/2026
Merged by: @binwiederhier

Base: main ← Head: email-verification

📝 Commits (10+)

61dd788 WIP: Email verification
6aebc5c Refine
3e634e0 Refine
bdea8c3 Refine docs and bump deps
63ec73a Tests
07b3812 Docs, fix generator
4c6225e Docs
e57ef84 Fix limits for anon users
51da5e0 Review
6219784 Bump

📊 Changes

33 files changed (+1221 additions, -209 deletions)

View changed files

📝 cmd/serve.go (+5 -0)
📝 docs/config.md (+22 -1)
📝 docs/install.md (+38 -38)
📝 docs/publish.md (+11 -5)
📝 docs/releases.md (+19 -2)
📝 docs/static/js/config-generator.js (+6 -0)
📝 go.mod (+1 -1)
📝 go.sum (+2 -2)
➕ mail/sender.go (+154 -0)
📝 server/config.go (+2 -0)
📝 server/errors.go (+4 -0)
📝 server/server.go (+36 -6)
📝 server/server.yml (+3 -0)
📝 server/server_account.go (+106 -0)
📝 server/server_middleware.go (+9 -0)
📝 server/server_test.go (+171 -0)
📝 server/smtp_sender.go (+7 -16)
📝 server/types.go (+11 -0)
📝 server/visitor.go (+5 -1)
📝 user/manager.go (+50 -0)

...and 13 more files

📄 Description

Verified email recipients

Adds email address verification for outgoing email notifications, gated behind a new smtp-sender-verify config flag (default false).

What it does

When smtp-sender-verify: true:

Anonymous users cannot send email notifications
Authenticated users must verify email addresses via a code sent to their inbox before those addresses can be used
Users can pass X-Email: yes (or true/1) to send to their first verified address
The "Email addresses" section appears in the web app account settings for adding/removing verified addresses

When smtp-sender-verify is unset or false, email sending works exactly as before — any user can send to any address. The feature is fully backwards compatible.

Changes

New mail package (mail/sender.go): SMTP email sending with SendRaw/Send methods, in-memory verification code storage with background expiry, and Close() for cleanup.

Database: New user_email table (SQLite + PostgreSQL migrations v6→v7) with Emails()/AddEmail()/RemoveEmail() on the user manager.

Server: Three new API endpoints (verify, add, delete email), convertEmailAddress() that enforces verification when the flag is on, ensureEmailsEnabled middleware, rate limiting verification emails against the user's email quota. smtpSender now delegates to mail.Sender.SendRaw() instead of duplicating SMTP auth logic.

Web app: Emails component (mirrors phone numbers), AddEmailDialog with verification code flow, EmailVerificationCodeInvalidError for specific error handling. Section only visible when enable_email_verify is true in the server config.

Config: smtp-sender-verify bool flag with CLI flag, env var (NTFY_SMTP_SENDER_VERIFY), server.yml docs, config generator toggle, and config reference table entry.

Tests: User manager tests for email CRUD + duplicate detection (SQLite + PostgreSQL), server tests covering verified address, bool value resolution, anonymous rejection, no-verified-emails, and backwards compatibility.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/binwiederhier/ntfy/pull/1681 **Author:** [@binwiederhier](https://github.com/binwiederhier) **Created:** 3/30/2026 **Status:** ✅ Merged **Merged:** 3/30/2026 **Merged by:** [@binwiederhier](https://github.com/binwiederhier) **Base:** `main` ← **Head:** `email-verification` --- ### 📝 Commits (10+) - [`61dd788`](https://github.com/binwiederhier/ntfy/commit/61dd788dace82b2e32ebbe0fac39b81edb086298) WIP: Email verification - [`6aebc5c`](https://github.com/binwiederhier/ntfy/commit/6aebc5c67749ccdc97a8ca4c8cf7f12b14dd2dd8) Refine - [`3e634e0`](https://github.com/binwiederhier/ntfy/commit/3e634e0a5a5e5bfc7b6de8d0735661cd8aca1b8a) Refine - [`bdea8c3`](https://github.com/binwiederhier/ntfy/commit/bdea8c314f83f528de0ab41b587a9ea0961405ee) Refine docs and bump deps - [`63ec73a`](https://github.com/binwiederhier/ntfy/commit/63ec73a31944c0c16454b9f99d09a954e8fea351) Tests - [`07b3812`](https://github.com/binwiederhier/ntfy/commit/07b381254905eed83a5a073d59ecb446d8d30996) Docs, fix generator - [`4c6225e`](https://github.com/binwiederhier/ntfy/commit/4c6225e311c97f91c16e59c97a0164a039eca530) Docs - [`e57ef84`](https://github.com/binwiederhier/ntfy/commit/e57ef84f13951b32074588c7784283fd70bb65b7) Fix limits for anon users - [`51da5e0`](https://github.com/binwiederhier/ntfy/commit/51da5e0f77b2210319ce83239ec8d7312c89dc66) Review - [`6219784`](https://github.com/binwiederhier/ntfy/commit/6219784aae11ca2ea81ed5b4db809ab159126ee1) Bump ### 📊 Changes **33 files changed** (+1221 additions, -209 deletions) <details> <summary>View changed files</summary> 📝 `cmd/serve.go` (+5 -0) 📝 `docs/config.md` (+22 -1) 📝 `docs/install.md` (+38 -38) 📝 `docs/publish.md` (+11 -5) 📝 `docs/releases.md` (+19 -2) 📝 `docs/static/js/config-generator.js` (+6 -0) 📝 `go.mod` (+1 -1) 📝 `go.sum` (+2 -2) ➕ `mail/sender.go` (+154 -0) 📝 `server/config.go` (+2 -0) 📝 `server/errors.go` (+4 -0) 📝 `server/server.go` (+36 -6) 📝 `server/server.yml` (+3 -0) 📝 `server/server_account.go` (+106 -0) 📝 `server/server_middleware.go` (+9 -0) 📝 `server/server_test.go` (+171 -0) 📝 `server/smtp_sender.go` (+7 -16) 📝 `server/types.go` (+11 -0) 📝 `server/visitor.go` (+5 -1) 📝 `user/manager.go` (+50 -0) _...and 13 more files_ </details> ### 📄 Description ## Verified email recipients Adds email address verification for outgoing email notifications, gated behind a new `smtp-sender-verify` config flag (default `false`). ### What it does When `smtp-sender-verify: true`: - Anonymous users cannot send email notifications - Authenticated users must verify email addresses via a code sent to their inbox before those addresses can be used - Users can pass `X-Email: yes` (or `true`/`1`) to send to their first verified address - The "Email addresses" section appears in the web app account settings for adding/removing verified addresses When `smtp-sender-verify` is unset or `false`, email sending works exactly as before — any user can send to any address. The feature is fully backwards compatible. ### Changes **New `mail` package** (`mail/sender.go`): SMTP email sending with `SendRaw`/`Send` methods, in-memory verification code storage with background expiry, and `Close()` for cleanup. **Database**: New `user_email` table (SQLite + PostgreSQL migrations v6→v7) with `Emails()`/`AddEmail()`/`RemoveEmail()` on the user manager. **Server**: Three new API endpoints (verify, add, delete email), `convertEmailAddress()` that enforces verification when the flag is on, `ensureEmailsEnabled` middleware, rate limiting verification emails against the user's email quota. `smtpSender` now delegates to `mail.Sender.SendRaw()` instead of duplicating SMTP auth logic. **Web app**: `Emails` component (mirrors phone numbers), `AddEmailDialog` with verification code flow, `EmailVerificationCodeInvalidError` for specific error handling. Section only visible when `enable_email_verify` is true in the server config. **Config**: `smtp-sender-verify` bool flag with CLI flag, env var (`NTFY_SMTP_SENDER_VERIFY`), server.yml docs, config generator toggle, and config reference table entry. **Tests**: User manager tests for email CRUD + duplicate detection (SQLite + PostgreSQL), server tests covering verified address, bool value resolution, anonymous rejection, no-verified-emails, and backwards compatibility. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>