ngskcloud
/
gcgj-dify-1.7.0
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
deploy/rag-dev
feat/rag-2
deploy/dev
chore/plugin-error
feat/change-user-email-freezes-limit
feat/support-bool-variable-fe
feat/hitl-frontend
deploy/enterprise
feat/enchance-prompt-and-code-fe
build/oauth
feat/oauth
feature/smtp-oauth2-support
feat/human-input
build/plugin-auto-upgrade
test/performance
feat/tool-plugin-oauth
feat/tool-oauth
feat/email-update-frontend
temp-feat-owner-transfer-enterprise-frontend
feat/ownership-transfer-frontend
release/e-3.0.2
feat/plugin-auto-upgrade-fe
refactor/tanstack-form
chore/offline-the-sys-files
feat/rag-pipeline
feat/r2
release/e-3.2.0
wtw/rag-pipeline
feat/add-retrival-field-in-dataset
feat/datasource
e-260
revert-20786-fix/add_postgres_user
feat/webapp-verified-sso-main
fix/app-not-published-error
feat/webapp-verified-sso-260
release/0.15-support
fix/20421
v141-hotfix
fix/20326-tool-invoke-error-instance-account
fix/19933-account-object-has-no-attribute-_current_tenant-when-workflow-uses-workflow-as-tool-node
hotfix/0519
fix/e-legacy-clean-up
QuantumGhost-patch-1
fix/admin-permission
fix/e-admin-permission
feat/model-memory
feat/webapp-auth-api
1.0.0-fix
revert-17133-fix/i16990-text-to-language-settings
e-0156
release/1.1.3-fix1
hotfix/translation-fix
fix/slider-style-error
e-0154
release/0.15.6-alpha-1
cohere/cleanup-free-tenants-logs
release/1.0.1-fix1
release/1.0.0-fix1
chore/auto-dify
fix/rag-infinity-spaces-loop
fix/dataset-admin
fix/expose-debugging-port
dev/plugin-deploy
fix/tool-info
fix/aws-s3-r2-compatible
feat/knowledge-metabase
fix/fail-branch-stream-output-error
release/0.15.3-fix1
feat/14009-feature-request-support-for-retrieving-historical-conversations-without-from-enduser-id
fix/build-error
chore/infrastructure-upgrade
feat/upgrade-unstructured-version-10.2
feat/classnames-sort
feat/upgrade-unstructured-version
fix/version-check
fix/handle-agent-none-value
fix/agent-params-pasring
fix/agent-parallel
feat/knowledge-dark-mode
feat/custom-tool-input
release/0.15.2-fix1
0.15.1-admin-apis
feat/support-docx-image-view
chore/upgrade-next
hotfix/get-property-of-string-type-cause-page-crash
feat/agent-stream-output
feat/workflow-node-dark-mode
fix/not-show-strategy-type
fix/switch-strategy-clean-param
fix/chore-fix
opik-monitoring
provider-gpustack
feat/mecab-japanese-keywords
feat/retry-single-step-debug
revert-12086-feat/parent-child-retrieval
fix/remove-the-retry-index-field
fix/11839
feat/node-execution-retry
feat/support-extractor-tools-update-wip
feat/update-tidb-batchget-endpoint
fix/iteration-thread-pool-error
feat/support-multi-token-count
feat/parent-child-retrieval-api
fix/app-icon-is-missing
feat/support-extractor-tools-update
test/disable_site
build/add-dependabot
feat/support-extractor-tools
fix/docx-extract-image-ssrf
fix/redis-slow-in-gevent
fix/9772-internal-server-error-when-custom-disclaimer-longer-than-64-characters
alert-autofix-89
build/eslint-react-refresh-plugin
build/switch-to-pnpm
revert-9424-feat/update-dataset-clean-rule
fix/external-knowledge-retrieval-issues
feat/login-type-coontrol
feat/external-knowledge-api
feat/rag-external-knowledge-with-api
feat/external-knowledge
fix/notion-table-extract
fix/retrieval-test
fix/tooltip
feat/workflow-add-block-shortcut
feat/update-docs
fix/note-node-zoom-issue
fix/model-runtime-quato-issue
fix/db-lock-timeout
feat/new-tooltip
feat/web-app-sso
chore/optimize-app-workflow-deletion-slow-sql
fix/trace_app_config_app_id_idx
fix/extra-table-tracing-app-config
feat/update-beat-job-time-to-env
fix/index-estimate-error
chore/enterprise-license-status
fix/remove-tsne_position
feat/2p
feat/aws-iam-auth-check
feat/add-flashrank
feat/support-milvus-2.4
feat/add-resource-from-tools
bai
1.7.0
1.6.0
1.5.1
1.5.0
0.15.8
1.3.1
0.15.7
1.3.0
0.15.6
1.2.0
0.15.6-alpha.1
1.1.3
0.15.5
0.10.2-fix1
0.10.0
0.10.0-beta1
0.10.0-beta2
0.10.0-beta3
0.10.1
0.10.2
0.11.0
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.14.2
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.2.1
0.2.2
0.3.0
0.3.1
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18
0.3.19
0.3.2
0.3.20
0.3.21
0.3.22
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.3
0.3.30
0.3.31
0.3.31-fix1
0.3.31-fix2
0.3.31-fix3
0.3.32
0.3.33
0.3.34
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.10
0.5.11
0.5.11-fix1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.6.0
0.6.0-fix1
0.6.0-preview-workflow.1
0.6.0-preview-workflow.2
0.6.1
0.6.10
0.6.11
0.6.12
0.6.12-fix1
0.6.13
0.6.14
0.6.15
0.6.16
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.0-beta1
0.8.1
0.8.2
0.8.3
0.9.0
0.9.1
0.9.1-fix1
0.9.2
1.0.0
1.0.0-beta.1
1.0.1
1.1.0
1.1.1
1.1.2
1.4.0
1.4.1
1.4.2
1.4.3
v0.8.3-fix1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7e4bbe492'
${ noResults }
gcgj-dify-1.7.0/api/libs/mail/README.md

277 lines
7.3 KiB
Markdown
Raw Blame History

# Email Module
This module provides email functionality for Dify, including SMTP with OAuth 2.0 support for Microsoft Exchange/Outlook.
## Features
- Basic SMTP authentication
- OAuth 2.0 authentication for Microsoft Exchange/Outlook
- Multiple email providers: SMTP, SendGrid, Resend
- TLS/SSL support
- Microsoft Exchange compliance (Basic Auth retirement September 2025)
## Configuration
### Basic SMTP Configuration
```env
MAIL_TYPE=smtp
MAIL_DEFAULT_SEND_FROM=your-email@company.com
SMTP_SERVER=smtp.company.com
SMTP_PORT=587
SMTP_USERNAME=your-email@company.com
SMTP_PASSWORD=your-password
SMTP_USE_TLS=true
SMTP_OPPORTUNISTIC_TLS=true
SMTP_AUTH_TYPE=basic
```
### Microsoft Exchange OAuth 2.0 Configuration
For Microsoft Exchange/Outlook compatibility:
```env
MAIL_TYPE=smtp
MAIL_DEFAULT_SEND_FROM=your-email@company.com
SMTP_SERVER=smtp.office365.com
SMTP_PORT=587
SMTP_USERNAME=your-email@company.com
SMTP_USE_TLS=true
SMTP_OPPORTUNISTIC_TLS=true
SMTP_AUTH_TYPE=oauth2
# Microsoft OAuth 2.0 Settings
MICROSOFT_OAUTH2_CLIENT_ID=your-azure-app-client-id
MICROSOFT_OAUTH2_CLIENT_SECRET=your-azure-app-client-secret
MICROSOFT_OAUTH2_TENANT_ID=your-tenant-id
```
## Microsoft Azure AD App Setup
### 1. Create Azure AD Application
1. Go to [Azure Portal](https://portal.azure.com) → Azure Active Directory → App registrations
2. Click "New registration"
3. Enter application name (e.g., "Dify Email Service")
4. Select "Accounts in this organizational directory only"
5. Click "Register"
### 2. Configure API Permissions
1. Go to "API permissions"
2. Click "Add a permission" → Microsoft Graph
3. Select "Application permissions"
4. Add these permissions:
- `Mail.Send` - Send mail as any user
- `SMTP.Send` - Send email via SMTP AUTH
5. Click "Grant admin consent"
### 3. Create Client Secret
1. Go to "Certificates & secrets"
2. Click "New client secret"
3. Enter description and expiration
4. Copy the secret value (you won't see it again)
### 4. Get Configuration Values
- **Client ID**: Application (client) ID from Overview page
- **Client Secret**: The secret value you just created
- **Tenant ID**: Directory (tenant) ID from Overview page
## Usage Examples
### Basic Usage
The email service is automatically configured based on environment variables. Simply use the mail extension:
```python
from extensions.ext_mail import mail
# Send email
mail_data = {
"to": "recipient@example.com",
"subject": "Test Email",
"html": "<h1>Hello World</h1>"
}
try:
mail._client.send(mail_data)
print("Email sent successfully")
except Exception as e:
print(f"Failed to send email: {e}")
```
### OAuth Token Management
For service accounts using client credentials flow:
```python
from libs.mail.oauth_email import MicrosoftEmailOAuth
# Initialize OAuth client
oauth_client = MicrosoftEmailOAuth(
client_id="your-client-id",
client_secret="your-client-secret",
redirect_uri="", # Not needed for client credentials
tenant_id="your-tenant-id"
)
# Get access token
try:
token_response = oauth_client.get_access_token_client_credentials()
access_token = token_response["access_token"]
print(f"Access token obtained: {access_token[:10]}...")
except Exception as e:
print(f"Failed to get OAuth token: {e}")
```
### Custom SMTP Client
For direct SMTP usage with OAuth:
```python
from libs.mail import SMTPClient
# Create SMTP client with OAuth
client = SMTPClient(
server="smtp.office365.com",
port=587,
username="your-email@company.com",
password="", # Not used with OAuth
from_addr="your-email@company.com",
use_tls=True,
opportunistic_tls=True,
oauth_access_token="your-access-token",
auth_type="oauth2"
)
# Send email
mail_data = {
"to": "recipient@example.com",
"subject": "OAuth Test",
"html": "<p>Sent via OAuth 2.0</p>"
}
client.send(mail_data)
```
## Migration from Basic Auth
### Microsoft Exchange Migration
Microsoft is retiring Basic Authentication for Exchange Online in September 2025. Follow these steps to migrate:
1. **Set up Azure AD Application** (see setup instructions above)
2. **Update configuration** to use OAuth 2.0:
```env
SMTP_AUTH_TYPE=oauth2
MICROSOFT_OAUTH2_CLIENT_ID=your-client-id
MICROSOFT_OAUTH2_CLIENT_SECRET=your-client-secret
MICROSOFT_OAUTH2_TENANT_ID=your-tenant-id
```
3. **Test the configuration** before the migration deadline
4. **Remove old password-based settings** once OAuth is working
### Backward Compatibility
The system maintains backward compatibility:
- Existing Basic Auth configurations continue to work
- OAuth settings are optional and only used when `SMTP_AUTH_TYPE=oauth2`
- Gradual migration is supported
## Troubleshooting
### Common OAuth Issues
1. **Token acquisition fails**:
- Verify Client ID and Secret are correct
- Check that admin consent was granted for API permissions
- Ensure Tenant ID is correct
2. **SMTP authentication fails**:
- Verify the access token is valid and not expired
- Check that SMTP.Send permission is granted
- Ensure the user has Send As permissions
3. **Configuration issues**:
- Verify all required environment variables are set
- Check SMTP server and port settings
- Ensure TLS settings match your server requirements
### Testing Token Acquisition
```python
from libs.mail.oauth_email import MicrosoftEmailOAuth
def test_oauth_token():
oauth_client = MicrosoftEmailOAuth(
client_id="your-client-id",
client_secret="your-client-secret",
redirect_uri="",
tenant_id="your-tenant-id"
)
try:
response = oauth_client.get_access_token_client_credentials()
print("✓ OAuth token acquired successfully")
print(f"Token type: {response.get('token_type')}")
print(f"Expires in: {response.get('expires_in')} seconds")
return True
except Exception as e:
print(f"✗ OAuth token acquisition failed: {e}")
return False
if __name__ == "__main__":
test_oauth_token()
```
## Security Considerations
### Token Management
- Access tokens are automatically obtained when needed
- Tokens are not stored permanently
- Client credentials flow is used for service accounts
- Secrets should be stored securely in environment variables
### Network Security
- Always use TLS for SMTP connections (`SMTP_USE_TLS=true`)
- Use opportunistic TLS when supported (`SMTP_OPPORTUNISTIC_TLS=true`)
- Verify SMTP server certificates in production
### Access Control
- Grant minimum required permissions in Azure AD
- Use dedicated service accounts for email sending
- Regularly rotate client secrets
- Monitor access logs for suspicious activity
## Dependencies
The email module uses these internal components:
- `libs.mail.smtp`: Core SMTP client with OAuth support
- `libs.mail.oauth_email`: Microsoft OAuth 2.0 implementation
- `libs.mail.oauth_http_client`: HTTP client abstraction
- `libs.mail.smtp_connection`: SMTP connection management
- `extensions.ext_mail`: Flask extension for email integration
## Testing
The module includes comprehensive tests with proper mocking:
- `tests/unit_tests/libs/mail/test_oauth_email.py`: OAuth functionality tests
- `tests/unit_tests/libs/mail/test_smtp_enhanced.py`: SMTP client tests
Run tests with:
```bash
uv run pytest tests/unit_tests/libs/mail/test_oauth_email.py -v
uv run pytest tests/unit_tests/libs/mail/test_smtp_enhanced.py -v
```
Reference in New Issue View Git Blame Copy Permalink