dkim

Author: dmetzner

.dkim/.gitignore

@@ -0,0 +1,6 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
+!readme.md
+!public.key

.dkim/public.key

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva7UBSxlTA1kGKoDjjSp
+5dwwLOKmWJJTkMfu3Vlbwd4HxStIr9OQE+EAINdLjOn3qeUZf6Lrh9ZGs1dcCSjg
+KN37m1r0zDsWBN8XYI7pqo13SmY8TYYcr4mVpgo951Lmk2JccVO5kpocwxASmRKd
+MzOkifhtegxzAYt04IFtQLOK7vyh0DzncWZaxxfb5HtMPRdgTshEiYVHcd+8AXPv
+cE4PuidW95vO3hQ+Y/JmSDSnGbo9ys/AVOGaWK/1YUVIWtlCPTjSxOWkMNRrSJbp
+RmYgm+5SbHARXFWsbAvYf/Wui/W1NNL3vOK8lphbCVx9GctHwzIqJR4tztriJS1U
+rQIDAQAB
+-----END PUBLIC KEY-----

.dkim/readme.md

@@ -0,0 +1,8 @@
+# Dkim Key pair
+
+In order to sign our emails a private key must be created and stored on the server.
+This private key must never be added to the git-history! Ask a product owner in case you need access to the key store.
+
+The corresponding public key must be added to the DNS Dkim entry (Cloudflare).
+
+Note: The private key must be kept valid during deployments.

config/services.yaml

@@ -465,6 +465,12 @@ services:
     tags:
       - { name: monolog.processor }
 
+  # ======== Mails ========
+
+  App\System\Mail\MailerAdapter:
+    class: App\System\Mail\MailerAdapter
+    public: true
+
   # ======== Scratch ========
   App\Project\Scratch\ScratchProgramUpdater:
     class: App\Project\Scratch\ScratchProgramUpdater

deploy.php

@@ -43,6 +43,7 @@
     '.env.prod.local',
     '.env.dev.local',
     'google_cloud_key.json',
+    '.dkim/private.key',
   ]);
 
 // Symfony writable dirs

src/Admin/Tools/SendMailToUser/SendMailToUserController.php

@@ -3,23 +3,20 @@
 namespace App\Admin\Tools\SendMailToUser;
 
 use App\DB\Entity\User\User;
+use App\System\Mail\MailerAdapter;
 use App\User\UserManager;
 use Psr\Log\LoggerInterface;
 use Sonata\AdminBundle\Controller\CRUDController;
-use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
 
 class SendMailToUserController extends CRUDController
 {
-  protected MailerInterface $mailer;
+  protected MailerAdapter $mailer;
   protected UserManager $user_manager;
   protected LoggerInterface $logger;
 
-  public function __construct(MailerInterface $mailer, UserManager $user_manager, LoggerInterface $logger)
+  public function __construct(MailerAdapter $mailer, UserManager $user_manager, LoggerInterface $logger)
   {
     $this->user_manager = $user_manager;
     $this->mailer = $mailer;
@@ -48,22 +45,13 @@ public function sendAction(Request $request): Response
       return new Response('Empty message!');
     }
     $htmlText = str_replace(PHP_EOL, '<br>', $messageText);
-
     $mailTo = $user->getEmail();
-    try {
-      $email = (new TemplatedEmail())
-        ->from(new Address('share@catrob.at'))
-        ->to($mailTo)
-        ->subject($subject)
-        ->htmlTemplate('Admin/Tools/Email/simple_message.html.twig')
-        ->context([
-          ['message' => $htmlText],
-        ])
-      ;
-      $this->mailer->send($email);
-    } catch (TransportExceptionInterface $e) {
-      $this->logger->error("Can't send email to {$mailTo}; Reason ".$e->getMessage());
-    }
+    $this->mailer->send(
+      $mailTo,
+      $subject,
+      'Admin/Tools/Email/simple_message.html.twig',
+      ['message' => $htmlText]
+    );
 
     return new Response('OK - message sent');
   }

src/System/Mail/MailerAdapter.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace App\System\Mail;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Crypto\DkimSigner;
+use Symfony\Component\Mime\Exception\InvalidArgumentException;
+use Symfony\Component\Mime\Message;
+
+class MailerAdapter
+{
+  protected MailerInterface $mailer;
+  protected LoggerInterface $logger;
+
+  public function __construct(MailerInterface $mailer, LoggerInterface $logger)
+  {
+    $this->mailer = $mailer;
+    $this->logger = $logger;
+  }
+
+  public function send(string $to, string $subject, string $template, array $context = []): void
+  {
+    $email = $this->buildEmail($to, $subject, $template, $context);
+    $signedEmail = $this->signEmail($email);
+    $this->sendEmail($signedEmail, $to);
+  }
+
+  protected function buildEmail(string $to, string $subject, string $template, array $context): Message
+  {
+    return (new TemplatedEmail())
+      ->from(new Address('share@catrob.at'))
+      ->to($to)
+      ->subject($subject)
+      ->htmlTemplate($template)
+      ->context($context)
+    ;
+  }
+
+  protected function signEmail(Message $email): Message
+  {
+    try {
+      $signer = new DkimSigner('.dkim/dkim.id_rsa', 'catrob.at', 'sf');
+
+      return $signer->sign($email);
+    } catch (InvalidArgumentException $e) {
+      if ('prod' === $_ENV['APP_ENV']) {
+        $this->logger->error('Private dkim key is missing: '.$e->getMessage());
+      }
+
+      return $email;
+    }
+  }
+
+  protected function sendEmail(Message $email, string $to): void
+  {
+    try {
+      $this->mailer->send($email);
+    } catch (TransportExceptionInterface $e) {
+      $this->logger->error("Can't send email to {$to}; Reason ".$e->getMessage());
+    }
+  }
+}

src/User/EventListener/UserPostPersistNotifier.php

@@ -3,28 +3,26 @@
 namespace App\User\EventListener;
 
 use App\DB\Entity\User\User;
+use App\System\Mail\MailerAdapter;
 use App\User\Achievements\AchievementManager;
 use Doctrine\Persistence\Event\LifecycleEventArgs;
 use Exception;
 use Psr\Log\LoggerInterface;
-use Symfony\Bridge\Twig\Mime\TemplatedEmail;
-use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
 
 class UserPostPersistNotifier
 {
   protected AchievementManager $achievement_manager;
   protected VerifyEmailHelperInterface $verify_email_helper;
-  protected MailerInterface $mailer;
+  protected MailerAdapter $mailer;
   protected LoggerInterface $logger;
   protected TranslatorInterface $translator;
 
   public function __construct(AchievementManager $achievement_manager,
                                 VerifyEmailHelperInterface $verify_email_helper,
-                                MailerInterface $mailer, LoggerInterface $logger,
+                                MailerAdapter $mailer,
+                              LoggerInterface $logger,
                                 TranslatorInterface $translator)
   {
     $this->translator = $translator;
@@ -50,27 +48,20 @@ protected function addVerifiedDeveloperAchievement(User $user): void
 
   protected function sendVerifyEmail(User $user): void
   {
-    try {
-      $signatureComponents = $this->verify_email_helper->generateSignature(
-                'registration_confirmation_route',
-                $user->getId(),
-                $user->getEmail()
-            );
+    $signatureComponents = $this->verify_email_helper->generateSignature(
+      'registration_confirmation_route',
+      $user->getId(),
+      $user->getEmail()
+    );
 
-      $email = (new TemplatedEmail())
-        ->from(new Address('share@catrob.at'))
-        ->to($user->getEmail())
-        ->subject($this->translator->trans('user.verification.email', [], 'catroweb'))
-        ->htmlTemplate('security/registration/confirmation_email.html.twig')
-        ->context([
-          'signedUrl' => $signatureComponents->getSignedUrl(),
-          'user' => $user,
-        ])
-      ;
-
-      $this->mailer->send($email);
-    } catch (TransportExceptionInterface $e) {
-      $this->logger->critical("Can't send verification email to \"".$user->getEmail().'" '.$e->getMessage());
-    }
+    $this->mailer->send(
+      $user->getEmail(),
+      $this->translator->trans('user.verification.email', [], 'catroweb'),
+      'security/registration/confirmation_email.html.twig',
+      [
+        'signedUrl' => $signatureComponents->getSignedUrl(),
+        'user' => $user,
+      ]
+    );
   }
 }

src/User/ResetPassword/PasswordResetRequestedSubscriber.php

@@ -3,28 +3,25 @@
 namespace App\User\ResetPassword;
 
 use App\Api\Services\Base\TranslatorAwareTrait;
+use App\System\Mail\MailerAdapter;
 use App\User\UserManager;
 use Psr\Log\LoggerInterface;
-use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
-use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
 use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
 
 class PasswordResetRequestedSubscriber implements EventSubscriberInterface
 {
   use TranslatorAwareTrait;
-  protected MailerInterface $mailer;
+  protected MailerAdapter $mailer;
   protected UserManager $user_manager;
   protected LoggerInterface $logger;
   protected ResetPasswordHelperInterface $reset_password_helper;
 
   public function __construct(
     UserManager $user_manager,
-    MailerInterface $mailer,
+    MailerAdapter $mailer,
     LoggerInterface $logger,
     ResetPasswordHelperInterface $reset_password_helper,
     TranslatorInterface $translator)
@@ -56,18 +53,12 @@ protected function sendPasswordResetEmail(string $email, string $locale): void
     }
     $mailTo = $user->getEmail();
     try {
-      $email = (new TemplatedEmail())
-        ->from(new Address('share@catrob.at'))
-        ->to($user->getEmail())
-        ->subject($this->__('passwordRecovery.subject', [], $locale))
-        ->htmlTemplate('security/reset_password/email.html.twig')
-        ->context([
-          'resetToken' => $this->reset_password_helper->generateResetToken($user),
-        ])
-      ;
-      $this->mailer->send($email);
-    } catch (TransportExceptionInterface $e) {
-      $this->logger->error("Can't send email to {$mailTo}; Reason ".$e->getMessage());
+      $this->mailer->send(
+        $user->getEmail(),
+        $this->__('passwordRecovery.subject', [], $locale),
+        'security/reset_password/email.html.twig',
+        ['resetToken' => $this->reset_password_helper->generateResetToken($user)]
+      );
     } catch (ResetPasswordExceptionInterface $e) {
       $this->logger->error("Can't create reset token for {$mailTo}; Reason ".$e->getMessage());
     }