bpo-45706: Add imaplib.IMAP4.login_plain#29398
Conversation
Adds authentication using PLAIN SASL mechanism. This is a plain-text authentication mechanism which can be used instead of :meth:`IMAP4.login()` when UTF-8 support is required.
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). CLA MissingOur records indicate the following people have not signed the CLA: For legal reasons we need all the people listed to sign the CLA before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. If you have recently signed the CLA, please wait at least one business day You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
|
This PR is stale because it has been open for 30 days with no activity. |
MaxwellDupre
left a comment
There was a problem hiding this comment.
Both tests passed.
Looks ok to me.
| See :RFC:`6855`, page 5. | ||
|
|
||
| It will only work if the server ``CAPABILITY`` response includes | ||
| the phrase ``AUTH=PLAIN``. |
There was a problem hiding this comment.
The module partially supports RFC 3501, which says that AUTH=PLAIN is mandatory. I understand that means advertising it in CAPABILITY is optional, so it might work regardless.
| """ | ||
| return self.authenticate( | ||
| "PLAIN", | ||
| lambda _: "{0}\x00{0}\x00{1}".format(user, password).encode() |
There was a problem hiding this comment.
This sets the authorization identity (authzid) to the user name. Wouldn’t it be better to allow omitting authzid by default, let the server derive it? https://datatracker.ietf.org/doc/html/rfc4616#section-2
f'\x00{user}\x00{password}'.encode('utf-8')|
|
||
| This is a plain-text authentication mechanism that can be used | ||
| instead of :meth:`IMAP4.login()` when UTF-8 support is required. | ||
| See :RFC:`6855`, page 5. |
There was a problem hiding this comment.
Not sure that referring to RFC 6855 is that relevant. All it does is recommend against UTF-8 support with LOGIN, and say that AUTHENTICATE supports UTF-8.
|
This PR is stale because it has been open for 30 days with no activity. |
…in_plain # Conflicts: # Lib/test/test_imaplib.py
The 'MD5 support is not available' note belongs to login_cram_md5, but merging placed it after login_plain, which was inserted between them. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* Use an empty SASL authorization identity (RFC 4616): the previous code sent the user name as authzid, requesting proxy authorization, which many servers reject. * Note that PLAIN is only base64-encoded and requires a TLS connection. * Cite RFC 4616 for the mechanism; RFC 6855 only for UTF-8 support. * Fix the versionadded marker and the documented parameter name. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Documentation build overview
|
RFC 3501 makes the PLAIN mechanism mandatory, so a server may support it without advertising AUTH=PLAIN in its CAPABILITY response. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
serhiy-storchaka
left a comment
There was a problem hiding this comment.
I synchronized the PR branch with main (it was 5 years!), addressed review comments by @vadmium, and made additional changes:
- bytes is accepted as user and password, like in other login/authorization methods.
- NUL is rejected in user and password. It conflicts with the delimiter.
- Polished docs.
With all this it LGTM.
|
Thanks @serhiy-storchaka, @vadmium, @MaxwellDupre for fixes, reviews and support! |
|
You are welcome! |
Adds authentication using PLAIN SASL mechanism.
This is a plaintext authentication mechanism that can be used
instead of
IMAP4.login()when UTF-8 support is required.