Be more explicit about no auth

dannykopping · dannykopping · commit f7fcaf92a18c · 2024-09-03T10:27:15.000+02:00
Signed-off-by: Danny Kopping &lt;danny@coder.com&gt;
diff --git a/coderd/notifications/dispatch/smtp.go b/coderd/notifications/dispatch/smtp.go
@@ -137,14 +137,20 @@ func (s *SMTPHandler) dispatch(subject, htmlBody, plainBody, to string) Delivery
 
 		// Check for authentication capabilities.
 		if ok, avail := c.Extension("AUTH"); ok {
-			// Ensure the auth mechanisms available are ones we can use.
+			// Ensure the auth mechanisms available are ones we can use, and create a SASL client.
 			auth, err := s.auth(ctx, avail)
 			if err != nil {
 				return true, xerrors.Errorf("determine auth mechanism: %w", err)
 			}
 
-			// If so, use the auth mechanism to authenticate.
-			if auth != nil {
+			if auth == nil {
+				// If we get here, no SASL client (which handles authentication) was returned.
+				// This is expected if auth is supported by the smarthost BUT no authentication details were configured.
+				s.noAuthWarnOnce.Do(func() {
+					s.log.Warn(ctx, "skipping auth; no authentication client created")
+				})
+			} else {
+				// We have a SASL client, use it to authenticate.
 				if err := c.Auth(auth); err != nil {
 					return true, xerrors.Errorf("%T auth: %w", auth, err)
 				}
@@ -434,9 +440,6 @@ func (s *SMTPHandler) auth(ctx context.Context, mechs string) (sasl.Client, erro
 
 	// All auth mechanisms require username, so if one is not defined then don't return an auth client.
 	if username == "" {
-		s.noAuthWarnOnce.Do(func() {
-			s.log.Warn(ctx, "skipping auth; no username configured", slog.F("support_mechanisms", mechs))
-		})
 		// nolint:nilnil // This is a valid response.
 		return nil, nil
 	}
