Skip to content

Use a shared SASL implementation#69

Draft
nevans wants to merge 9 commits intoruby:masterfrom
nevans:sasl/net-imap-fallback
Draft

Use a shared SASL implementation#69
nevans wants to merge 9 commits intoruby:masterfrom
nevans:sasl/net-imap-fallback

Conversation

@nevans
Copy link
Contributor

@nevans nevans commented Oct 9, 2023
edited
Loading

Builds on the following other PRs:

As currently written, this also depends on the following net-imap PRs:

After those PRs are applied, this PR creates an adapter that is compatible with Authenticator and #authenticate and registers it as a generic default for mechanisms that haven't otherwise been added (as subclasses of Authenticator). This adapter then delegates to net-imap's SASL implementation. Every other mechanism supported by net-imap v0.4.1 is added here:

  • ANONYMOUS
  • DIGEST-MD5 (deprecated)
  • EXTERNAL
  • OAUTHBEARER
  • SCRAM-SHA-1 and SCRAM-SHA-256
  • XOAUTH

TODO: Ideally, net-smtp and net-imap should both depend on a shared sasl or net-sasl gem, rather than keep the SASL implementation inside one or the other. See ruby/net-imap#23.

In this PR, the current Net::SMTP::Authenticator implementation is still used by the PLAIN, LOGIN, and CRAM-MD5 mechanisms. PR #70 removes the current authenticators are replaces them with this.

Related issues:

@nevans nevans force-pushed the sasl/net-imap-fallback branch 2 times, most recently from 6bb82aa to a5b654b Compare October 9, 2023 22:14
@nevans nevans mentioned this pull request Oct 9, 2023
Draft
@nevans nevans changed the title Use net-imap SASL implementation Use a shared SASL implementation Oct 9, 2023
@nevans nevans marked this pull request as draft October 9, 2023 22:20
@nevans nevans mentioned this pull request Oct 10, 2023
Draft
@nevans nevans force-pushed the sasl/net-imap-fallback branch 7 times, most recently from dcfc541 to 4913bf4 Compare October 14, 2023 17:06
@nevans nevans mentioned this pull request Oct 14, 2023
Open
@nevans nevans force-pushed the sasl/net-imap-fallback branch 8 times, most recently from 7e8fa6f to 08eff09 Compare October 21, 2023 00:28
@nevans nevans force-pushed the sasl/net-imap-fallback branch 2 times, most recently from 45f893a to 92b67d4 Compare November 9, 2023 15:42
@nevans nevans force-pushed the sasl/net-imap-fallback branch from 92b67d4 to 78e1da8 Compare May 5, 2024 15:49
nevans added 5 commits July 17, 2025 13:54
@nevans
Forward keyword args and block from #authenticate
305d229
@nevans
Add auth keyword arg to start methods
2dd30e5 
This adds a new `auth` keyword param to `Net::SMTP.start` and `#start`
that can be used to pass any arbitrary keyword parameters to
`#authenticate`.  The pre-existing `username`, `secret`, etc keyword
params will retain their existing behavior as positional arguments to
`#authenticate`.
@nevans
Add username keyword param to start
7771a0f 
Although "user" is a reasonable abbreviation, the parameter is more
accurately described as a "username" or an "authentication identity".
They are synonomous here, with "username" winning when both are present.
@nevans
Add keyword parameters to authenticators
02408b1 
Username can be set by args[0], authcid, username, or user.
Secret can be set by args[1], secret, or password.

Since all of the existing authenticators have the same API, it is
sufficient to update `check_args` in the base class.
@nevans
Do not require positional args for #authenticate
0dacb93 
This API is a little bit confusing, IMO.  But it does preserve backward
compatibility, while allowing authenticators that don't allow positional
parameters to work without crashing.  But, authenticators that require
only one parameter—or more than three—will still be inaccessible.
nevans added 4 commits July 17, 2025 13:54
@nevans
Add type keyword arg to #authenticate
00d50b2 
This is convenient for `smtp.start auth: {type:, **etc}`.
@nevans
Add #auth method for SASL authentication
1920c9e 
Although `#authenticate` can be updated to make username and secret
_both_ optional, by placing the mechanism last and making it optional,
it's not possible to use an authenticator with a _single_ positional
parameter or with more than two positional parameters.  By placing
`type` first among positional parameters or as a keyword argument, we
avoid this problem.
@nevans
Drop support for ruby 2.6
dcc6e15 
The net-imap dependency requires 2.7.3, to deal with kwargs.
@nevans
Use net-imap's SASL implementation 🚧[WIP]🚧
0d4d05e 
This commit adds the `net-imap` as a default fallback for mechanisms
that haven't otherwise been added.  In this commit, the original
implementation is still used by `#authenticate` for the `PLAIN`,
`XOAUTH2`, `LOGIN`, and `CRAM-MD5` mechanisms.  Every other mechanism
supported by `net-imap` v0.4.0 is added here:
* `ANONYMOUS`
* `DIGEST-MD5` _(deprecated)_
* `EXTERNAL`
* `OAUTHBEARER`
* `SCRAM-SHA-1` and `SCRAM-SHA-256`

**TODO:** Ideally, `net-smtp` and `net-imap` should both depend on a
shared `sasl` or `net-sasl` gem, rather than keep the SASL
implementation inside one or the other.  See
ruby/net-imap#23.
@nevans nevans force-pushed the sasl/net-imap-fallback branch from 78e1da8 to 0d4d05e Compare July 17, 2025 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Does net-stmp support SASL XOAUTH2? SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports

1 participant

@nevans