Skip to content

🔒 Verify SASL authentication has completed #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nevans merged 1 commit into from
Sep 23, 2023
Merged

🔒 Verify SASL authentication has completed #179

nevans merged 1 commit into from
Sep 23, 2023

Conversation

@nevans
Copy link
Collaborator

@nevans nevans commented Sep 23, 2023
edited
Loading

The client is responsible for raising an error if the command completes successfully but "done?" returns false.

This is needed in order to correctly implement SCRAM-*:

Without this PR, if the server returns OK before sending its final message, then we can't satisfy the following requirement from the RFC:

The client then authenticates the server by computing the
ServerSignature and comparing it to the value sent by the server. If
the two are different, the client MUST consider the authentication
exchange to be unsuccessful, and it might have to drop the
connection.

Note that this PR adds Net::IMAP::SASL::Error (inheriting from StandardError, not from Net::IMAP::Error) and three subclasses: AuthenticationFailed, AuthenticationError, and AuthenticationCancelled.

Note that even EXTERNAL and ANONYMOUS send data (the authorization identity or the anonymous message/email), so even they are not done until process has been called at least once.

@nevans nevans mentioned this pull request Sep 23, 2023
Merged
@nevans nevans changed the title 🔒 Verify SASL authenticators are done 🔒 Verify SASL authentication has completed Sep 23, 2023
@nevans nevans mentioned this pull request Sep 21, 2023
Merged
@nevans
🔒 Verify SASL authenticators are done
0d1750a 
The protocol client is responsible for raising an error if the command
completes successfully but "done?" returns false.
@nevans nevans merged commit 3caf5f2 into master Sep 23, 2023
@nevans nevans deleted the sasl/verify-done branch September 23, 2023 23:50
@nevans nevans mentioned this pull request Sep 25, 2023
Closed
37 tasks
@nevans nevans added the SASL 🔒 Authentication and authentication mechanisms label Sep 27, 2023
@nevans nevans mentioned this pull request Jun 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

SASL 🔒 Authentication and authentication mechanisms

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nevans