LLM/AI -generated recommendations
below is a tight patch that:
- stops using sed
- constructs a percent-encoded SMTP_URL
- edits containers/app.yml via Ruby’s YAML (Psych), so YAML quoting/escaping is handled by a real parser
- deletes the per-key SMTP vars to avoid contradictions
apply with git apply -p0 in the discourse_docker repo.
Patch 1 -
discourse-setup
(write SMTP using Ruby YAML, not sed)
--- a/discourse-setup
+++ b/discourse-setup
@@ -867,6 +867,77 @@ write_smtp_settings() {
local app_yml="containers/app.yml"
[[ -f "$app_yml" ]] || die "Cannot find $app_yml. Did you run bootstrap?"
+ # Build a URL-encoded SMTP_URL using Python stdlib (no shell escaping games)
+ urlencode() {
+ python3 - <<'PY'
+import sys, urllib.parse
+print(urllib.parse.quote(sys.stdin.read().strip(), safe='._~-'))
+PY
+ }
+
+ # IMPORTANT: read vars without backslash mangling
+ # (these come from earlier prompts; just ensure -r is used at prompt time)
+ local addr="$smtp_address"
+ local port="$smtp_port"
+ local user_enc pass_enc
+ user_enc="$(printf '%s' "$smtp_user" | urlencode)"
+ pass_enc="$(printf '%s' "$smtp_password" | urlencode)"
+ local smtp_url="smtp://${user_enc}:${pass_enc}@${addr}:${port}"
+
+ # Use Ruby to safely load/modify/dump YAML (kills 3 layers of escaping)
+ ruby - <<'RUBY' "$app_yml" "$smtp_url"
+require "yaml"
+require "psych"
+path, url = ARGV
+doc = YAML.safe_load(File.read(path), permitted_classes: [], aliases: true) || {}
+
+# Ensure top-level structure is a Hash and has env
+unless doc.is_a?(Hash)
+ abort "containers/app.yml does not parse to a Hash"
+end
+doc["env"] ||= {}
+env = doc["env"]
+
+# Write single-line SMTP_URL; remove per-key vars to avoid conflicts
+env["SMTP_URL"] = url
+%w[DISCOURSE_SMTP_ADDRESS DISCOURSE_SMTP_PORT DISCOURSE_SMTP_USER_NAME DISCOURSE_SMTP_PASSWORD].each { |k| env.delete(k) }
+
+# Dump back. (Psych preserves strings safely quoted as needed.)
+File.write(path, Psych.dump(doc))
+RUBY
+
+ # quick sanity check for the classic "password prefixed by username" failure
+ python3 - <<'PY'
+import re, sys
+y = open("containers/app.yml","r",encoding="utf-8").read()
+m = re.search(r'^\s*SMTP_URL:\s*(?:"|\')?([^\r\n"\']+)', y, re.M)
+assert m, "SMTP_URL missing after write"
+creds = m.group(1).split('@',1)[0].split('://',1)[-1]
+assert ":" in creds, "SMTP_URL creds missing ':'"
+u, p = creds.split(':',1)
+assert not p.startswith(u), "Password appears prefixed by username"
+print("SMTP_URL looks sane.")
+PY
+}
+
- # Write per-key SMTP entries (address/port/username/password)
- # (legacy: performed via sed substitutions)
- # NOTE: historically fragile with special chars
- update_setting_yaml "DISCOURSE_SMTP_ADDRESS" "$smtp_address"
- update_setting_yaml "DISCOURSE_SMTP_PORT" "$smtp_port"
- update_setting_yaml "DISCOURSE_SMTP_USER_NAME" "$smtp_user"
- update_setting_yaml "DISCOURSE_SMTP_PASSWORD" "$smtp_password"
-}
+ # (legacy per-key writes removed in favor of SMTP_URL via YAML)
+}
then Patch 2 -
templates/web.template.yml
(to document the safer path)
--- a/templates/web.template.yml
+++ b/templates/web.template.yml
@@ -68,6 +68,14 @@ params:
DISCOURSE_SMTP_ENABLE_START_TLS: true
#DISCOURSE_NOTIFICATION_EMAIL: noreply@example.com
+ ## Preferred single-line SMTP configuration (set by discourse-setup):
+ ## URL-encode username & password; example:
+ ## SMTP_URL: "smtp://user%40example.com:p%40ss%3Aword@smtp.example.com:587"
+ ##
+ #SMTP_URL:
+
## If you cannot use SMTP_URL, you may set per-key variables instead.
## Beware that editing those lines with shell tools can be fragile if values include
## characters like @, :, /, ", \, or newlines.
why this works (and what it avoids)
- bash layer: we only interpolate simple variables; secrets are passed into Python/Ruby via stdin/argv, not through sed regexes or shell evals.
- sed layer: removed entirely.
- YAML layer: Ruby/Psych handles quoting and escaping properly; no hand-rolled quoting.
- SMTP creds: %-encoding in SMTP_URL is the right place to encode special characters for auth.
if you prefer to keep per-key vars, I can give you a sister patch that uses the same Ruby-YAML approach to set DISCOURSE_SMTP_* directly (still no sed), but the SMTP_URL route is the cleanest because it’s one key, one write, one encoding step.