/user/forgot_password says it mailed when it didn't

[delanym]

Description

When I try reset my password

• if no SMTP server is setup, gitea will say the admin has not enabled email so you can't reset your password.
• if the SMTP server is setup without TLS, it gives a bullshit message about "A confirmation email has been sent to..."

I had to go to the /admin/config page "SMTP Mailer Configuration" to get the actual issue, as per #7966

Maybe this can be included in #18982

Gitea Version

1.16.4

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Docker compose image: gitea/gitea:1

Database

PostgreSQL

[zeripath]

Emails are sent asynchronously to a queue. It would be highly inappropriate for the user's webpage to be held up waiting for the email to fail to be sent, thus when an email is requested the message says that an email has been sent because it has successfully been placed in a queue.

It's your responsibility as an administrator to check your logs and your configuration.

---

Now... it actually looks like you've got the same problem as in #7966.

If you'd like to deliberately workaround this TLS stuff:

#7966 (comment)

Shows the basics of a PR to do it.

[delanym]

Passing the buck from the admin to the users, and then from the devs to the admin.

[zeripath]

Are you deliberately trying to be rude and inflammatory?

I appreciate that you're annoyed and irritated but ... the logs are there, the documentation is there, the basics of a PR have been provided in the past.

An approach of asking nicely if the solution offered in my comment on #7966 could be implemented or even just proposing the PR would be better.

Shall we start again?

• I don't think we can change the flash message reported to the user about the email being sent. It's at the wrong level and the mail is sent asynchronously from there.
• We're logging the problem and we have a test email button - does that not show the problem?
• The underlying issue is described in Failed to send a testing email to '[email]': gomail: could not send email 1: Auth: unencrypted connection #7966 - I wrote the basics of a PR that would permit this kind of insecure authentication. Would that have worked for you?

[delanym]

I would prefer secure email, but I dont get to make that decision.
Look, the point is, firstly, don't offer an option if its not an option (insecure mail). And don't mislead by spelling out "A confirmation email has been sent". Can easily reword it to "Your request has been processed" or something similar.

Im not a front-end dev - I don't get why waiting for a confirmation is going to hold up the forgot_password page. All I know is I've worked with countless systems that can do these things without issue.

[wxiaoguang]

Email system is a async system.

Even if the Email is posted to your MTA (say: SMTP server), there is still a chance that you won't get it.

So, to debug a complex system, keep in mind that every step could fail, and it always needs logs & tests to see what happens.