diff options
| author | nicholas a. evans <nicholas.evans@gmail.com> | 2021-04-27 17:49:22 -0400 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-05-06 15:20:34 +0900 |
| commit | 912f39b2c34103620c414d11bc4e61ca28018226 (patch) | |
| tree | ddb740d5dff6c3274ea14708bf503344bad1dab0 | |
| parent | 331005812fc288fb27bef542ecfbb2c061d86999 (diff) | |
[ruby/net-imap] Update AUTH=PLAIN to be a little closer to RFC4616
* Add authzid support
* must not contain NULL chars
* improve rdoc
https://github.com/ruby/net-imap/commit/a587fc71b7
| -rw-r--r-- | lib/net/imap/authenticators/plain.rb | 21 | ||||
| -rw-r--r-- | test/net/imap/test_imap_authenticators.rb | 23 |
2 files changed, 41 insertions, 3 deletions
diff --git a/lib/net/imap/authenticators/plain.rb b/lib/net/imap/authenticators/plain.rb index 0829476c51..2b6051c0f2 100644 --- a/lib/net/imap/authenticators/plain.rb +++ b/lib/net/imap/authenticators/plain.rb @@ -4,15 +4,30 @@ # # See RFC4616[https://tools.ietf.org/html/rfc4616] for the specification. class Net::IMAP::PlainAuthenticator + def process(data) - return "\0#{@user}\0#{@password}" + return "#@authzid\0#@username\0#@password" end + NULL = -"\0".b + private - def initialize(user, password) - @user = user + # +username+ is the authentication identity, the identity whose +password+ is + # used. +username+ is referred to as +authcid+ by + # RFC4616[https://tools.ietf.org/html/rfc4616]. + # + # +authzid+ is the authorization identity (identity to act as). It can + # usually be left blank. When +authzid+ is left blank (nil or empty string) + # the server will derive an identity from the credentials and use that as the + # authorization identity. + def initialize(username, password, authzid: nil) + raise ArgumentError, "username contains NULL" if username&.include?(NULL) + raise ArgumentError, "password contains NULL" if password&.include?(NULL) + raise ArgumentError, "authzid contains NULL" if authzid&.include?(NULL) + @username = username @password = password + @authzid = authzid end Net::IMAP.add_authenticator "PLAIN", self diff --git a/test/net/imap/test_imap_authenticators.rb b/test/net/imap/test_imap_authenticators.rb new file mode 100644 index 0000000000..0c7a0a325d --- /dev/null +++ b/test/net/imap/test_imap_authenticators.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require "net/imap" +require "test/unit" + +class IMAPAuthenticatorsTest < Test::Unit::TestCase + + PLAIN = Net::IMAP::PlainAuthenticator + + def test_plain + assert_equal("\0authc\0passwd", + PLAIN.new("authc", "passwd").process(nil)) + assert_equal("authz\0user\0pass", + PLAIN.new("user", "pass", authzid: "authz").process(nil)) + end + + def test_plain_no_null_chars + assert_raise(ArgumentError) { PLAIN.new("bad\0user", "pass") } + assert_raise(ArgumentError) { PLAIN.new("user", "bad\0pass") } + assert_raise(ArgumentError) { PLAIN.new("u", "p", authzid: "bad\0authz") } + end + +end |