Send test email should not show SMPT user on failure #5322

New Issue

Closed

opened 2026-02-05 09:57:46 +03:00 by OVERLORD · 4 comments

OVERLORD commented 2026-02-05 09:57:46 +03:00

Owner

Copy Link

Originally created by @vnugent on GitHub (Jun 19, 2025).

Describe the Bug

I was trying to configure SMPT to work AWS SES. When Bookstack failing to send a test email due to configuration issue, the exception shows my smtp user. IMO this information may be shown in the server log but not in the frontend.

Steps to Reproduce

1. Log in as an admin
2. Go to Settings -> Maintenance -> Click Send test email

Expected Behaviour

The exception should not expose my smtp user.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

25.05

Originally created by @vnugent on GitHub (Jun 19, 2025). ### Describe the Bug I was trying to configure SMPT to work AWS SES. When Bookstack failing to send a test email due to configuration issue, the exception shows my smtp user. IMO this information may be shown in the server log but not in the frontend. <img width="654" alt="Image" src="https://github.com/user-attachments/assets/45d2f9b9-12a8-40ce-a90c-f8252787a4c0" /> ### Steps to Reproduce 1. Log in as an admin 2. Go to Settings -> Maintenance -> Click Send test email ### Expected Behaviour The exception should not expose my smtp user. ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version 25.05

OVERLORD added the 🐛 Bug label 2026-02-05 09:57:46 +03:00

OVERLORD closed this issue 2026-02-05 09:57:46 +03:00

OVERLORD commented 2026-02-05 09:57:49 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 19, 2025):

Thanks @vnugent,
Can you explain why you expect the desired behaviour?

This feature is specifically there to aid debugging, and would only really be made available to those with relatively high privileged rights.

@ssddanbrown commented on GitHub (Jun 19, 2025): Thanks @vnugent, Can you explain why you expect the desired behaviour? This feature is specifically there to aid debugging, and would only really be made available to those with relatively high privileged rights.

OVERLORD commented 2026-02-05 09:57:50 +03:00

Author

Owner

Copy Link

@tjhart85 commented on GitHub (Jun 20, 2025):

Counter-argument: If you didn't enter your SMTP user correctly, you'll be able to see it here in the error rather than have to delve through logs. I don't see why you'd want to make this information harder to find when it's only showing in the first place because something specifically isn't working

@tjhart85 commented on GitHub (Jun 20, 2025): Counter-argument: If you didn't enter your SMTP user correctly, you'll be able to see it here in the error rather than have to delve through logs. I don't see why you'd want to make this information harder to find when it's only showing in the first place because something specifically _isn't working_

OVERLORD commented 2026-02-05 09:57:52 +03:00

Author

Owner

Copy Link

@vnugent commented on GitHub (Jun 23, 2025):

Bookstack Admin user and Infra/devops person may be 2 different individuals. Generally as a security best practice I would want to minimize / leak any technical information (details about AWS infrastructure in this case) to the web app. Server logs are better place. Though I see your counterpoint.

@vnugent commented on GitHub (Jun 23, 2025): Bookstack Admin user and Infra/devops person may be 2 different individuals. Generally as a security best practice I would want to minimize / leak any technical information (details about AWS infrastructure in this case) to the web app. Server logs are better place. Though I see your counterpoint.

OVERLORD commented 2026-02-05 09:57:54 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 23, 2025):

Maybe, but I expect the authority of a admin user to be relatively high enough not to specifically be seeking trouble, at least relative to what might information might come back from SMTP servers when something is specifically going wrong or incorrectly configured.

I'm going to close this off since this comes down to expectations of what will be shown, and I think the convenience is greater than risk here.

@ssddanbrown commented on GitHub (Jun 23, 2025): Maybe, but I expect the authority of a admin user to be relatively high enough not to specifically be seeking trouble, at least relative to what might information might come back from SMTP servers when something is specifically going wrong or incorrectly configured. I'm going to close this off since this comes down to expectations of what will be shown, and I think the convenience is greater than risk here.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5322