+
+ {{.AppName}}
+
+
+
+
+
+`
+
+ t, err := template.New("invite").Parse(tmpl)
+ if err != nil {
+ return fmt.Errorf("failed to parse email template: %w", err)
+ }
+
+ var body bytes.Buffer
+ data := map[string]string{
+ "AppName": appName,
+ "InviteURL": inviteURL,
+ }
+
+ if err := t.Execute(&body, data); err != nil {
+ return fmt.Errorf("failed to execute email template: %w", err)
+ }
+
+ subject := fmt.Sprintf("You've been invited to %s", appName)
+
+ logger.Log().WithField("email", email).Info("Sending invite email")
+ return s.SendEmail(email, subject, body.String())
+}
diff --git a/backend/internal/services/mail_service_test.go b/backend/internal/services/mail_service_test.go
new file mode 100644
index 00000000..56c140ae
--- /dev/null
+++ b/backend/internal/services/mail_service_test.go
@@ -0,0 +1,298 @@
+package services
+
+import (
+ "testing"
+
+ "github.com/Wikid82/charon/backend/internal/models"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+ "gorm.io/driver/sqlite"
+ "gorm.io/gorm"
+ "gorm.io/gorm/logger"
+)
+
+func setupMailTestDB(t *testing.T) *gorm.DB {
+ db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{
+ Logger: logger.Default.LogMode(logger.Silent),
+ })
+ require.NoError(t, err)
+
+ err = db.AutoMigrate(&models.Setting{})
+ require.NoError(t, err)
+
+ return db
+}
+
+func TestMailService_SaveAndGetSMTPConfig(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ config := &SMTPConfig{
+ Host: "smtp.example.com",
+ Port: 587,
+ Username: "user@example.com",
+ Password: "secret123",
+ FromAddress: "noreply@example.com",
+ Encryption: "starttls",
+ }
+
+ // Save config
+ err := svc.SaveSMTPConfig(config)
+ require.NoError(t, err)
+
+ // Retrieve config
+ retrieved, err := svc.GetSMTPConfig()
+ require.NoError(t, err)
+
+ assert.Equal(t, config.Host, retrieved.Host)
+ assert.Equal(t, config.Port, retrieved.Port)
+ assert.Equal(t, config.Username, retrieved.Username)
+ assert.Equal(t, config.Password, retrieved.Password)
+ assert.Equal(t, config.FromAddress, retrieved.FromAddress)
+ assert.Equal(t, config.Encryption, retrieved.Encryption)
+}
+
+func TestMailService_UpdateSMTPConfig(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ // Save initial config
+ config := &SMTPConfig{
+ Host: "smtp.example.com",
+ Port: 587,
+ Username: "user@example.com",
+ Password: "secret123",
+ FromAddress: "noreply@example.com",
+ Encryption: "starttls",
+ }
+ err := svc.SaveSMTPConfig(config)
+ require.NoError(t, err)
+
+ // Update config
+ config.Host = "smtp.newhost.com"
+ config.Port = 465
+ config.Encryption = "ssl"
+ err = svc.SaveSMTPConfig(config)
+ require.NoError(t, err)
+
+ // Verify update
+ retrieved, err := svc.GetSMTPConfig()
+ require.NoError(t, err)
+
+ assert.Equal(t, "smtp.newhost.com", retrieved.Host)
+ assert.Equal(t, 465, retrieved.Port)
+ assert.Equal(t, "ssl", retrieved.Encryption)
+}
+
+func TestMailService_IsConfigured(t *testing.T) {
+ tests := []struct {
+ name string
+ config *SMTPConfig
+ expected bool
+ }{
+ {
+ name: "configured with all fields",
+ config: &SMTPConfig{
+ Host: "smtp.example.com",
+ Port: 587,
+ FromAddress: "noreply@example.com",
+ Encryption: "starttls",
+ },
+ expected: true,
+ },
+ {
+ name: "not configured - missing host",
+ config: &SMTPConfig{
+ Port: 587,
+ FromAddress: "noreply@example.com",
+ },
+ expected: false,
+ },
+ {
+ name: "not configured - missing from address",
+ config: &SMTPConfig{
+ Host: "smtp.example.com",
+ Port: 587,
+ },
+ expected: false,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ err := svc.SaveSMTPConfig(tt.config)
+ require.NoError(t, err)
+
+ result := svc.IsConfigured()
+ assert.Equal(t, tt.expected, result)
+ })
+ }
+}
+
+func TestMailService_GetSMTPConfig_Defaults(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ // Get config without saving anything
+ config, err := svc.GetSMTPConfig()
+ require.NoError(t, err)
+
+ // Should have defaults
+ assert.Equal(t, 587, config.Port)
+ assert.Equal(t, "starttls", config.Encryption)
+ assert.Empty(t, config.Host)
+}
+
+func TestMailService_BuildEmail(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ msg := svc.buildEmail(
+ "sender@example.com",
+ "recipient@example.com",
+ "Test Subject",
+ "Test Body",
+ )
+
+ msgStr := string(msg)
+ assert.Contains(t, msgStr, "From: sender@example.com")
+ assert.Contains(t, msgStr, "To: recipient@example.com")
+ assert.Contains(t, msgStr, "Subject: Test Subject")
+ assert.Contains(t, msgStr, "Content-Type: text/html")
+ assert.Contains(t, msgStr, "Test Body")
+}
+
+func TestMailService_TestConnection_NotConfigured(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ err := svc.TestConnection()
+ assert.Error(t, err)
+ assert.Contains(t, err.Error(), "not configured")
+}
+
+func TestMailService_SendEmail_NotConfigured(t *testing.T) {
+ db := setupMailTestDB(t)
+ svc := NewMailService(db)
+
+ err := svc.SendEmail("test@example.com", "Subject", "You've Been Invited!
+You've been invited to join {{.AppName}}. Click the button below to set up your account:
+ +This invitation link will expire in 48 hours.
+If you didn't expect this invitation, you can safely ignore this email.
++
If the button doesn't work, copy and paste this link into your browser:
+ {{.InviteURL}}
Body
") + assert.Error(t, err) + assert.Contains(t, err.Error(), "not configured") +} + +// TestSMTPConfigSerialization ensures config fields are properly stored +func TestSMTPConfigSerialization(t *testing.T) { + db := setupMailTestDB(t) + svc := NewMailService(db) + + // Test with special characters in password + config := &SMTPConfig{ + Host: "smtp.example.com", + Port: 587, + Username: "user@example.com", + Password: "p@$$w0rd!#$%", + FromAddress: "Charon
+
+
+
+ )
+ }
+
+ if (isValidating) {
+ return (
+
+
+ Invalid Link
++ This invitation link is invalid or incomplete. +
+ +
+
+
+
+ )
+ }
+
+ if (validationError || !validation?.valid) {
+ const errorData = validationError as { response?: { data?: { error?: string } } } | undefined
+ const errorMessage = errorData?.response?.data?.error || 'This invitation has expired or is invalid.'
+
+ return (
+
+
+ Validating invitation...
+
+
+
+
+ )
+ }
+
+ if (accepted) {
+ return (
+
+
+ Invitation Invalid
+{errorMessage}
+ +
+
+
+
+ )
+ }
+
+ return (
+
+
+ Account Created!
++ Your account has been set up successfully. Redirecting to login... +
+
+
+ )
+}
diff --git a/frontend/src/pages/SMTPSettings.tsx b/frontend/src/pages/SMTPSettings.tsx
new file mode 100644
index 00000000..c4289223
--- /dev/null
+++ b/frontend/src/pages/SMTPSettings.tsx
@@ -0,0 +1,233 @@
+import { useState, useEffect } from 'react'
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query'
+import { Card } from '../components/ui/Card'
+import { Button } from '../components/ui/Button'
+import { Input } from '../components/ui/Input'
+import { toast } from '../utils/toast'
+import { getSMTPConfig, updateSMTPConfig, testSMTPConnection, sendTestEmail } from '../api/smtp'
+import type { SMTPConfigRequest } from '../api/smtp'
+import { Mail, Send, CheckCircle2, XCircle, Loader2 } from 'lucide-react'
+
+export default function SMTPSettings() {
+ const queryClient = useQueryClient()
+ const [host, setHost] = useState('')
+ const [port, setPort] = useState(587)
+ const [username, setUsername] = useState('')
+ const [password, setPassword] = useState('')
+ const [fromAddress, setFromAddress] = useState('')
+ const [encryption, setEncryption] = useState<'none' | 'ssl' | 'starttls'>('starttls')
+ const [testEmail, setTestEmail] = useState('')
+
+ const { data: smtpConfig, isLoading } = useQuery({
+ queryKey: ['smtp-config'],
+ queryFn: getSMTPConfig,
+ })
+
+ useEffect(() => {
+ if (smtpConfig) {
+ setHost(smtpConfig.host || '')
+ setPort(smtpConfig.port || 587)
+ setUsername(smtpConfig.username || '')
+ setPassword(smtpConfig.password || '')
+ setFromAddress(smtpConfig.from_address || '')
+ setEncryption(smtpConfig.encryption || 'starttls')
+ }
+ }, [smtpConfig])
+
+ const saveMutation = useMutation({
+ mutationFn: async () => {
+ const config: SMTPConfigRequest = {
+ host,
+ port,
+ username,
+ password,
+ from_address: fromAddress,
+ encryption,
+ }
+ return updateSMTPConfig(config)
+ },
+ onSuccess: () => {
+ queryClient.invalidateQueries({ queryKey: ['smtp-config'] })
+ toast.success('SMTP settings saved successfully')
+ },
+ onError: (error: unknown) => {
+ const err = error as { response?: { data?: { error?: string } } }
+ toast.error(err.response?.data?.error || 'Failed to save SMTP settings')
+ },
+ })
+
+ const testConnectionMutation = useMutation({
+ mutationFn: testSMTPConnection,
+ onSuccess: (data) => {
+ if (data.success) {
+ toast.success(data.message || 'SMTP connection successful')
+ } else {
+ toast.error(data.error || 'SMTP connection failed')
+ }
+ },
+ onError: (error: unknown) => {
+ const err = error as { response?: { data?: { error?: string } } }
+ toast.error(err.response?.data?.error || 'Failed to test SMTP connection')
+ },
+ })
+
+ const sendTestEmailMutation = useMutation({
+ mutationFn: async () => sendTestEmail({ to: testEmail }),
+ onSuccess: (data) => {
+ if (data.success) {
+ toast.success(data.message || 'Test email sent successfully')
+ setTestEmail('')
+ } else {
+ toast.error(data.error || 'Failed to send test email')
+ }
+ },
+ onError: (error: unknown) => {
+ const err = error as { response?: { data?: { error?: string } } }
+ toast.error(err.response?.data?.error || 'Failed to send test email')
+ },
+ })
+
+ if (isLoading) {
+ return (
+
+
+
+
+
+ 
+
+
+
+
+
+
+
+
+
+
+
+ + Complete your account setup for {validation.email} +
+
+
+ )
+ }
+
+ return (
+
+
+
+
+ {/* Status Indicator */}
+
+
+
+ {/* Test Email */}
+ {smtpConfig?.configured && (
+
+
+ )}
+
+ )
+}
diff --git a/frontend/src/pages/Settings.tsx b/frontend/src/pages/Settings.tsx
index c1d6af5e..1d98a004 100644
--- a/frontend/src/pages/Settings.tsx
+++ b/frontend/src/pages/Settings.tsx
@@ -24,6 +24,17 @@ export default function Settings() {
System
+
+ Email (SMTP)
+
+
void
+ proxyHosts: ProxyHost[]
+}
+
+function InviteModal({ isOpen, onClose, proxyHosts }: InviteModalProps) {
+ const queryClient = useQueryClient()
+ const [email, setEmail] = useState('')
+ const [role, setRole] = useState<'user' | 'admin'>('user')
+ const [permissionMode, setPermissionMode] = useState
+
+
+ Email (SMTP) Settings
++ Configure SMTP settings to enable email notifications and user invitations. +
+ +
+ "
+ />
+
+
+
+ setHost(e.target.value)}
+ placeholder="smtp.gmail.com"
+ />
+ setPort(parseInt(e.target.value) || 587)}
+ placeholder="587"
+ />
+
+
+
+ setUsername(e.target.value)}
+ placeholder="your@email.com"
+ />
+ setPassword(e.target.value)}
+ placeholder="••••••••"
+ helperText="Use app-specific password for Gmail"
+ />
+
+
+ setFromAddress(e.target.value)}
+ placeholder="Charon
+
+
+
+
+
+
+
+
+
+ {smtpConfig?.configured ? (
+ <>
+
+ + Send Test Email +
+
+
+
+ setTestEmail(e.target.value)}
+ placeholder="recipient@example.com"
+ />
+
+
+
+
+ )
+}
+
+interface PermissionsModalProps {
+ isOpen: boolean
+ onClose: () => void
+ user: User | null
+ proxyHosts: ProxyHost[]
+}
+
+function PermissionsModal({ isOpen, onClose, user, proxyHosts }: PermissionsModalProps) {
+ const queryClient = useQueryClient()
+ const [permissionMode, setPermissionMode] = useState
+
+
+
+
+
+
+
+
+
+
+
+ {inviteResult ? (
+
+
+
+ ) : (
+ <>
+ setEmail(e.target.value)}
+ placeholder="user@example.com"
+ />
+
+
+
+
+ {!inviteResult.emailSent && (
+
+
+ {inviteResult.emailSent ? (
+ + An invitation email has been sent to the user. +
+ ) : ( ++ Email was not sent. Share the invite link manually. +
+ )} +
+
+
+ )}
+
+
+
+
+
+
+ + Expires: {new Date(inviteResult.expiresAt).toLocaleString()} +
+
+
+
+
+
+ {role === 'user' && (
+ <>
+
+
+
+
+
+ + {permissionMode === 'allow_all' + ? 'User can access all hosts EXCEPT those selected below' + : 'User can ONLY access hosts selected below'} +
+
+
+
+
+ )}
+
+
+ {proxyHosts.length === 0 ? (
+
+ No proxy hosts configured
+ ) : ( + proxyHosts.map((host) => ( + + )) + )} +
+
+
+
+
+ )}
+
+
+ )
+}
+
+export default function UsersPage() {
+ const queryClient = useQueryClient()
+ const [inviteModalOpen, setInviteModalOpen] = useState(false)
+ const [permissionsModalOpen, setPermissionsModalOpen] = useState(false)
+ const [selectedUser, setSelectedUser] = useState
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ + {permissionMode === 'allow_all' + ? 'User can access all hosts EXCEPT those selected below' + : 'User can ONLY access hosts selected below'} +
+
+
+
+
+
+ {proxyHosts.length === 0 ? (
+
+ No proxy hosts configured
+ ) : ( + proxyHosts.map((host) => ( + + )) + )} +
+
+
+
+
+
+ )
+ }
+
+ return (
+
+
+
+
+ setInviteModalOpen(false)}
+ proxyHosts={proxyHosts}
+ />
+
+ {
+ setPermissionsModalOpen(false)
+ setSelectedUser(null)
+ }}
+ user={selectedUser}
+ proxyHosts={proxyHosts}
+ />
+
+ )
+}
diff --git a/frontend/src/pages/__tests__/AcceptInvite.test.tsx b/frontend/src/pages/__tests__/AcceptInvite.test.tsx
new file mode 100644
index 00000000..2e8b4f39
--- /dev/null
+++ b/frontend/src/pages/__tests__/AcceptInvite.test.tsx
@@ -0,0 +1,208 @@
+import { render, screen, waitFor } from '@testing-library/react'
+import userEvent from '@testing-library/user-event'
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
+import { MemoryRouter, Route, Routes } from 'react-router-dom'
+import { vi, describe, it, expect, beforeEach } from 'vitest'
+import AcceptInvite from '../AcceptInvite'
+import * as usersApi from '../../api/users'
+
+// Mock APIs
+vi.mock('../../api/users', () => ({
+ validateInvite: vi.fn(),
+ acceptInvite: vi.fn(),
+ listUsers: vi.fn(),
+ getUser: vi.fn(),
+ createUser: vi.fn(),
+ inviteUser: vi.fn(),
+ updateUser: vi.fn(),
+ deleteUser: vi.fn(),
+ updateUserPermissions: vi.fn(),
+}))
+
+// Mock react-router-dom navigate
+const mockNavigate = vi.fn()
+vi.mock('react-router-dom', async () => {
+ const actual = await vi.importActual('react-router-dom')
+ return {
+ ...actual,
+ useNavigate: () => mockNavigate,
+ }
+})
+
+const createQueryClient = () =>
+ new QueryClient({
+ defaultOptions: {
+ queries: { retry: false },
+ mutations: { retry: false },
+ },
+ })
+
+const renderWithProviders = (initialRoute: string = '/accept-invite?token=test-token') => {
+ const queryClient = createQueryClient()
+ return render(
+
+
+
+
+
+
+ User Management
+
+
+
+
+
+ | User | +Role | +Status | +Permissions | +Enabled | +Actions | +
|---|---|---|---|---|---|
|
+
+
+ {user.name || '(No name)'} +{user.email} + |
+ + + {user.role} + + | +
+ {user.invite_status === 'pending' ? (
+
+ |
+ + + {user.permission_mode === 'deny_all' ? 'Whitelist' : 'Blacklist'} + + | +
+ |
+
+
+ {user.role !== 'admin' && (
+
+ )}
+
+
+ |
+