FIX (email): Recrate client in case of auth error

Author: RostislavDugin

…s/notifiers/models/email_notifier/dto.go …/notifiers/models/email_notifier/auth.gobackend/internal/features/notifiers/models/email_notifier/dto.go renamed to backend/internal/features/notifiers/models/email_notifier/auth.go backend/internal/features/notifiers/models/email_notifier/dto.go renamed to backend/internal/features/notifiers/models/email_notifier/auth.go

@@ -58,11 +58,10 @@ func (e *EmailNotifier) Validate(encryptor encryption.FieldEncryptor) error {
 
 func (e *EmailNotifier) Send(
 	encryptor encryption.FieldEncryptor,
-	logger *slog.Logger,
+	_ *slog.Logger,
 	heading string,
 	message string,
 ) error {
-	// Decrypt SMTP password if provided
 	var smtpPassword string
 	if e.SMTPPassword != "" {
 		decrypted, err := encryptor.Decrypt(e.NotifierID, e.SMTPPassword)
@@ -72,7 +71,6 @@ func (e *EmailNotifier) Send(
 		smtpPassword = decrypted
 	}
 
-	// Compose email
 	from := e.From
 	if from == "" {
 		from = e.SMTPUser
@@ -81,191 +79,200 @@ func (e *EmailNotifier) Send(
 		}
 	}
 
-	to := []string{e.TargetEmail}
+	emailContent := e.buildEmailContent(heading, message, from)
+	isAuthRequired := e.SMTPUser != "" && smtpPassword != ""
+
+	if e.SMTPPort == ImplicitTLSPort {
+		return e.sendImplicitTLS(emailContent, from, smtpPassword, isAuthRequired)
+	}
+	return e.sendStartTLS(emailContent, from, smtpPassword, isAuthRequired)
+}
+
+func (e *EmailNotifier) HideSensitiveData() {
+	e.SMTPPassword = ""
+}
+
+func (e *EmailNotifier) Update(incoming *EmailNotifier) {
+	e.TargetEmail = incoming.TargetEmail
+	e.SMTPHost = incoming.SMTPHost
+	e.SMTPPort = incoming.SMTPPort
+	e.SMTPUser = incoming.SMTPUser
+	e.From = incoming.From
 
-	// Format the email content
+	if incoming.SMTPPassword != "" {
+		e.SMTPPassword = incoming.SMTPPassword
+	}
+}
+
+func (e *EmailNotifier) EncryptSensitiveData(encryptor encryption.FieldEncryptor) error {
+	if e.SMTPPassword != "" {
+		encrypted, err := encryptor.Encrypt(e.NotifierID, e.SMTPPassword)
+		if err != nil {
+			return fmt.Errorf("failed to encrypt SMTP password: %w", err)
+		}
+		e.SMTPPassword = encrypted
+	}
+	return nil
+}
+
+func (e *EmailNotifier) buildEmailContent(heading, message, from string) []byte {
 	subject := fmt.Sprintf("Subject: %s\r\n", heading)
 	mime := fmt.Sprintf(
 		"MIME-version: 1.0;\nContent-Type: %s; charset=\"%s\";\n\n",
 		MIMETypeHTML,
 		MIMECharsetUTF8,
 	)
-	body := message
 	fromHeader := fmt.Sprintf("From: %s\r\n", from)
 	toHeader := fmt.Sprintf("To: %s\r\n", e.TargetEmail)
+	return []byte(fromHeader + toHeader + subject + mime + message)
+}
 
-	// Combine all parts of the email
-	emailContent := []byte(fromHeader + toHeader + subject + mime + body)
+func (e *EmailNotifier) sendImplicitTLS(
+	emailContent []byte,
+	from string,
+	password string,
+	isAuthRequired bool,
+) error {
+	createClient := func() (*smtp.Client, func(), error) {
+		return e.createImplicitTLSClient()
+	}
 
-	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
-	timeout := DefaultTimeout
+	client, cleanup, err := e.authenticateWithRetry(createClient, password, isAuthRequired)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
 
-	// Determine if authentication is required
-	isAuthRequired := e.SMTPUser != "" && smtpPassword != ""
+	return e.sendEmail(client, from, emailContent)
+}
 
-	// Handle different port scenarios
-	if e.SMTPPort == ImplicitTLSPort {
-		// Implicit TLS (port 465)
-		// Set up TLS config
-		tlsConfig := &tls.Config{
-			ServerName: e.SMTPHost,
-		}
+func (e *EmailNotifier) sendStartTLS(
+	emailContent []byte,
+	from string,
+	password string,
+	isAuthRequired bool,
+) error {
+	createClient := func() (*smtp.Client, func(), error) {
+		return e.createStartTLSClient()
+	}
 
-		// Dial with timeout
-		dialer := &net.Dialer{Timeout: timeout}
-		conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
-		if err != nil {
-			return fmt.Errorf("failed to connect to SMTP server: %w", err)
-		}
-		defer func() {
-			_ = conn.Close()
-		}()
+	client, cleanup, err := e.authenticateWithRetry(createClient, password, isAuthRequired)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
 
-		// Create SMTP client
-		client, err := smtp.NewClient(conn, e.SMTPHost)
-		if err != nil {
-			return fmt.Errorf("failed to create SMTP client: %w", err)
-		}
-		defer func() {
-			_ = client.Quit()
-		}()
+	return e.sendEmail(client, from, emailContent)
+}
 
-		// Set up authentication only if credentials are provided
-		if isAuthRequired {
-			if err := e.authenticate(client, smtpPassword); err != nil {
-				return err
-			}
-		}
+func (e *EmailNotifier) createImplicitTLSClient() (*smtp.Client, func(), error) {
+	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
+	tlsConfig := &tls.Config{ServerName: e.SMTPHost}
+	dialer := &net.Dialer{Timeout: DefaultTimeout}
 
-		// Set sender and recipients
-		if err := client.Mail(from); err != nil {
-			return fmt.Errorf("failed to set sender: %w", err)
-		}
-		for _, recipient := range to {
-			if err := client.Rcpt(recipient); err != nil {
-				return fmt.Errorf("failed to set recipient: %w", err)
-			}
-		}
+	conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to connect to SMTP server: %w", err)
+	}
 
-		// Send the email body
-		writer, err := client.Data()
-		if err != nil {
-			return fmt.Errorf("failed to get data writer: %w", err)
-		}
-		_, err = writer.Write(emailContent)
-		if err != nil {
-			return fmt.Errorf("failed to write email content: %w", err)
-		}
-		err = writer.Close()
-		if err != nil {
-			return fmt.Errorf("failed to close data writer: %w", err)
-		}
+	client, err := smtp.NewClient(conn, e.SMTPHost)
+	if err != nil {
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("failed to create SMTP client: %w", err)
+	}
 
-		return nil
-	} else {
-		// STARTTLS (port 587) or other ports
-		// Create a custom dialer with timeout
-		dialer := &net.Dialer{Timeout: timeout}
-		conn, err := dialer.Dial("tcp", addr)
-		if err != nil {
-			return fmt.Errorf("failed to connect to SMTP server: %w", err)
-		}
+	return client, func() { _ = client.Quit() }, nil
+}
 
-		// Create client from connection
-		client, err := smtp.NewClient(conn, e.SMTPHost)
-		if err != nil {
-			return fmt.Errorf("failed to create SMTP client: %w", err)
-		}
-		defer func() {
-			_ = client.Quit()
-		}()
+func (e *EmailNotifier) createStartTLSClient() (*smtp.Client, func(), error) {
+	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
+	dialer := &net.Dialer{Timeout: DefaultTimeout}
 
-		// Send email using the client
-		if err := client.Hello(DefaultHelloName); err != nil {
-			return fmt.Errorf("SMTP hello failed: %w", err)
-		}
+	conn, err := dialer.Dial("tcp", addr)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to connect to SMTP server: %w", err)
+	}
 
-		// Start TLS if available
-		if ok, _ := client.Extension("STARTTLS"); ok {
-			if err := client.StartTLS(&tls.Config{ServerName: e.SMTPHost}); err != nil {
-				return fmt.Errorf("STARTTLS failed: %w", err)
-			}
-		}
+	client, err := smtp.NewClient(conn, e.SMTPHost)
+	if err != nil {
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("failed to create SMTP client: %w", err)
+	}
 
-		// Authenticate only if credentials are provided
-		if isAuthRequired {
-			if err := e.authenticate(client, smtpPassword); err != nil {
-				return err
-			}
-		}
+	if err := client.Hello(DefaultHelloName); err != nil {
+		_ = client.Quit()
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("SMTP hello failed: %w", err)
+	}
 
-		if err := client.Mail(from); err != nil {
-			return fmt.Errorf("failed to set sender: %w", err)
+	if ok, _ := client.Extension("STARTTLS"); ok {
+		if err := client.StartTLS(&tls.Config{ServerName: e.SMTPHost}); err != nil {
+			_ = client.Quit()
+			_ = conn.Close()
+			return nil, nil, fmt.Errorf("STARTTLS failed: %w", err)
 		}
+	}
 
-		for _, recipient := range to {
-			if err := client.Rcpt(recipient); err != nil {
-				return fmt.Errorf("failed to set recipient: %w", err)
-			}
-		}
+	return client, func() { _ = client.Quit() }, nil
+}
 
-		writer, err := client.Data()
-		if err != nil {
-			return fmt.Errorf("failed to get data writer: %w", err)
-		}
+func (e *EmailNotifier) authenticateWithRetry(
+	createClient func() (*smtp.Client, func(), error),
+	password string,
+	isAuthRequired bool,
+) (*smtp.Client, func(), error) {
+	client, cleanup, err := createClient()
+	if err != nil {
+		return nil, nil, err
+	}
 
-		_, err = writer.Write(emailContent)
-		if err != nil {
-			return fmt.Errorf("failed to write email content: %w", err)
-		}
+	if !isAuthRequired {
+		return client, cleanup, nil
+	}
 
-		err = writer.Close()
-		if err != nil {
-			return fmt.Errorf("failed to close data writer: %w", err)
-		}
+	// Try PLAIN auth first
+	plainAuth := smtp.PlainAuth("", e.SMTPUser, password, e.SMTPHost)
+	if err := client.Auth(plainAuth); err == nil {
+		return client, cleanup, nil
+	}
+
+	// PLAIN auth failed, connection may be closed - recreate and try LOGIN auth
+	cleanup()
 
-		return client.Quit()
+	client, cleanup, err = createClient()
+	if err != nil {
+		return nil, nil, err
 	}
-}
 
-func (e *EmailNotifier) HideSensitiveData() {
-	e.SMTPPassword = ""
+	loginAuth := &loginAuth{username: e.SMTPUser, password: password}
+	if err := client.Auth(loginAuth); err != nil {
+		cleanup()
+		return nil, nil, fmt.Errorf("SMTP authentication failed: %w", err)
+	}
+
+	return client, cleanup, nil
 }
 
-func (e *EmailNotifier) Update(incoming *EmailNotifier) {
-	e.TargetEmail = incoming.TargetEmail
-	e.SMTPHost = incoming.SMTPHost
-	e.SMTPPort = incoming.SMTPPort
-	e.SMTPUser = incoming.SMTPUser
-	e.From = incoming.From
+func (e *EmailNotifier) sendEmail(client *smtp.Client, from string, content []byte) error {
+	if err := client.Mail(from); err != nil {
+		return fmt.Errorf("failed to set sender: %w", err)
+	}
 
-	if incoming.SMTPPassword != "" {
-		e.SMTPPassword = incoming.SMTPPassword
+	if err := client.Rcpt(e.TargetEmail); err != nil {
+		return fmt.Errorf("failed to set recipient: %w", err)
 	}
-}
 
-func (e *EmailNotifier) EncryptSensitiveData(encryptor encryption.FieldEncryptor) error {
-	if e.SMTPPassword != "" {
-		encrypted, err := encryptor.Encrypt(e.NotifierID, e.SMTPPassword)
-		if err != nil {
-			return fmt.Errorf("failed to encrypt SMTP password: %w", err)
-		}
-		e.SMTPPassword = encrypted
+	writer, err := client.Data()
+	if err != nil {
+		return fmt.Errorf("failed to get data writer: %w", err)
 	}
-	return nil
-}
 
-func (e *EmailNotifier) authenticate(client *smtp.Client, password string) error {
-	// Try PLAIN auth first (most common)
-	plainAuth := smtp.PlainAuth("", e.SMTPUser, password, e.SMTPHost)
-	if err := client.Auth(plainAuth); err == nil {
-		return nil
+	if _, err = writer.Write(content); err != nil {
+		return fmt.Errorf("failed to write email content: %w", err)
 	}
 
-	// If PLAIN fails, try LOGIN auth (required by Office 365 and some providers)
-	loginAuth := &loginAuth{e.SMTPUser, password}
-	if err := client.Auth(loginAuth); err != nil {
-		return fmt.Errorf("SMTP authentication failed: %w", err)
+	if err = writer.Close(); err != nil {
+		return fmt.Errorf("failed to close data writer: %w", err)
 	}
 
 	return nil