Skip to content

feat: new email auth type: LOGIN#103

Open
exfly wants to merge 1 commit intojordan-wright:masterfrom
exfly:fix/smtp_no_auth_login
Open

feat: new email auth type: LOGIN#103
exfly wants to merge 1 commit intojordan-wright:masterfrom
exfly:fix/smtp_no_auth_login

Conversation

@exfly
Copy link

@exfly exfly commented Mar 11, 2020
edited
Loading

fix: #104

@exfly exfly mentioned this pull request Mar 12, 2020
Open
@jordan-wright
Copy link
Owner

jordan-wright commented May 21, 2020

I'm good adding this, and this is from gomail which is MIT licensed so it should be fine.

All I'd ask is that we please change error messages to appropriately identify this library.

dougnd
dougnd reviewed Jan 31, 2021
View reviewed changes
auth.go
Comment on lines +22 to +36
if !server.TLS {
advertised := false
for _, mechanism := range server.Auth {
if mechanism == "LOGIN" {
advertised = true
break
}
}
if !advertised {
return "", nil, errors.New("gomail: unencrypted connection")
}
}
if server.Name != a.host {
return "", nil, errors.New("gomail: wrong host name")
}
Copy link

@dougnd dougnd Jan 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel I've seen this implementation before (perhaps when perusing gomail when I've needed to implement this myself) but it does not make sense to me. I'd expect something more like:

Suggested change
if !server.TLS {
advertised := false
for _, mechanism := range server.Auth {
if mechanism == "LOGIN" {
advertised = true
break
}
}
if !advertised {
return "", nil, errors.New("gomail: unencrypted connection")
}
}
if server.Name != a.host {
return "", nil, errors.New("gomail: wrong host name")
}
if !server.TLS {
return "", nil, errors.New("unencrypted connection")
}
if server.Name != a.Host {
return "", nil, errors.New("wrong host name")
}
advertised := false
for _, mechanism := range server.Auth {
if mechanism == "LOGIN" {
advertised = true
break
}
}
if !advertised {
return "", nil, errors.New("login auth not supported")
}

I don't see how whether it advertises LOGIN has anything to do with an unencrypted connection. In a comment in the net/smtp source it even mentions:

Note: If TLS is not true, then we can't trust ANYTHING in ServerInfo.

And they use something similar to what I propose above for the smtp.PlainAuth implementation.

Unless I'm missing something?

@PandemiK911 PandemiK911 mentioned this pull request Apr 22, 2021
Closed
@clairmont32
Copy link

clairmont32 commented Jan 12, 2022

Is there anything further that needs to be done for this to be merged? Just poking through PRs after starting to utilize the package and came across this, which seems complete.

@leucos
Copy link
Contributor

leucos commented Jan 12, 2022

Well, this project last commit is 1 yo, and author hasn't committed since last march. I guess nothing will happen on the project ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dougnd dougnd dougnd left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

golang std lib: stmp no auth LOGIN

5 participants

@exfly @jordan-wright @clairmont32 @leucos @dougnd