node-imap
node-imap copied to clipboard
mscdex
Adding CRAM-MD5 server authentication
Closes #337 by adding support for CRAM-MD5 authentication.
I am unable to run the tests (they currently fail on master as well), but have tested this against my IMAP server which runs CRAM-MD5 authentication (debug log below to show it).
Would love some help figuring out how to provide a test suite for this as well.
Also I was unsure about how I'm sending the challenge response. I tried using #_enqueue but it was adding information to the start of the command; the challenge needs to be send with no leading information.
I noticed this structure:
if (this._curReq.type === 'IDLE' || this._curReq.type === 'NOOP')
prefix = this._curReq.type;
else
prefix = 'A' + (this._tagcount++);
In #_processQueue but that uses the current request type to handle it's munging of the command. The challenge response has no type -- it's literally just the base64 encoded HMAC digest with the username pre-pended with a space, so I'm just writing directly to the socket and leaving this._curReq alone (which seems to be the best case out of all the methods I tried.)
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"[connection] Connected to host","time":"2015-04-03T21:13:48.183Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= '* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready.'","time":"2015-04-03T21:13:48.261Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"=> 'A0 CAPABILITY'","time":"2015-04-03T21:13:48.262Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= '* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5'","time":"2015-04-03T21:13:48.341Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= 'A0 OK Pre-login capabilities listed, post-login capabilities have more.'","time":"2015-04-03T21:13:48.341Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"=> 'A1 AUTHENTICATE CRAM-MD5'","time":"2015-04-03T21:13:48.342Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= '+ PDIzNDc3NTc0MzQ1NDYwMTUuMTQyODA5NjAxMEBtYWlsLnNlbGZhc3NlbWJsZWQub3JnPg=='","time":"2015-04-03T21:13:48.421Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"=> [SECRET RESPONSE COMMENTED OUT]","time":"2015-04-03T21:13:48.421Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= '* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS'","time":"2015-04-03T21:13:48.504Z","v":0}
{"name":"nodemailapp","hostname":"NewOSX","pid":36165,"level":60,"msg":"<= 'A1 OK Logged in'","time":"2015-04-03T21:13:48.504Z","v":0}
Would love to see this get merged. Open to suggestions or improvements to make this happen
LGTM but perhaps a client behavior test via a mock imap server could be done similar to that of the test/test-connection-* tests?
I think we need this feature, is there a work around, or are we still waiting for this to be merged?
Sorry but it is time to close this PR.
It is unsecure:
- https://tools.ietf.org/html/draft-ietf-sasl-crammd5-to-historic-00
- https://tools.ietf.org/html/draft-zeilenga-luis140219-crammd5-to-historic-00
Thanks in advance.
