Drop Server.AuthDisabled

emersion · emersion · commit 1f305868a3de · 2024-03-28T16:44:46.000+01:00
This is the default for servers not implementing AuthSession now.
diff --git a/conn.go b/conn.go
@@ -141,11 +141,7 @@ func (c *Conn) handle(cmd string, arg string) {
 		c.writeResponse(221, EnhancedCode{2, 0, 0}, "Bye")
 		c.Close()
 	case "AUTH":
-		if c.server.AuthDisabled {
-			c.protocolError(500, EnhancedCode{5, 5, 2}, "Syntax error, AUTH command unrecognized")
-		} else {
-			c.handleAuth(arg)
-		}
+		c.handleAuth(arg)
 	case "STARTTLS":
 		c.handleStartTLS()
 	default:
@@ -207,7 +203,7 @@ func (c *Conn) Conn() net.Conn {
 
 func (c *Conn) authAllowed() bool {
 	_, isTLS := c.TLSConnectionState()
-	return !c.server.AuthDisabled && (isTLS || c.server.AllowInsecureAuth)
+	return isTLS || c.server.AllowInsecureAuth
 }
 
 // protocolError writes errors responses and closes the connection once too many
diff --git a/server.go b/server.go
@@ -59,10 +59,6 @@ type Server struct {
 	// Should be used only if backend supports it.
 	EnableDSN bool
 
-	// If set, the AUTH command will not be advertised and authentication
-	// attempts will be rejected. This setting overrides AllowInsecureAuth.
-	AuthDisabled bool
-
 	// The server backend.
 	Backend Backend
 
diff --git a/server_test.go b/server_test.go
@@ -25,6 +25,8 @@ type message struct {
 }
 
 type backend struct {
+	authDisabled bool
+
 	messages []*message
 	anonmsgs []*message
 
@@ -70,10 +72,16 @@ type session struct {
 var _ smtp.AuthSession = (*session)(nil)
 
 func (s *session) AuthMechanisms() []string {
+	if s.backend.authDisabled {
+		return nil
+	}
 	return []string{sasl.Plain}
 }
 
 func (s *session) Auth(mech string) (sasl.Server, error) {
+	if s.backend.authDisabled {
+		return nil, smtp.ErrAuthUnsupported
+	}
 	return sasl.NewPlainServer(func(identity, username, password string) error {
 		if identity != "" && identity != username {
 			return errors.New("Invalid identity")
@@ -217,7 +225,7 @@ type serverConfigureFunc func(*smtp.Server)
 
 var (
 	authDisabled = func(s *smtp.Server) {
-		s.AuthDisabled = true
+		s.Backend.(*backend).authDisabled = true
 	}
 )
 
@@ -698,7 +706,7 @@ func TestServer_authDisabled(t *testing.T) {
 
 	io.WriteString(c, "AUTH PLAIN\r\n")
 	scanner.Scan()
-	if scanner.Text() != "500 5.5.2 Syntax error, AUTH command unrecognized" {
+	if scanner.Text() != "502 5.7.0 Authentication not supported" {
 		t.Fatal("Invalid AUTH response with auth disabled:", scanner.Text())
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,8 @@ type message struct {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`type backend struct {`
	`28`	`+ authDisabled bool`
	`29`	`+`
`28`	`30`	`messages []*message`
`29`	`31`	`anonmsgs []*message`
`30`	`32`
`@@ -70,10 +72,16 @@ type session struct {`
`70`	`72`	`var _ smtp.AuthSession = (*session)(nil)`
`71`	`73`
`72`	`74`	`func (s *session) AuthMechanisms() []string {`
	`75`	`+ if s.backend.authDisabled {`
	`76`	`+ return nil`
	`77`	`+ }`
`73`	`78`	`return []string{sasl.Plain}`
`74`	`79`	`}`
`75`	`80`
`76`	`81`	`func (s *session) Auth(mech string) (sasl.Server, error) {`
	`82`	`+ if s.backend.authDisabled {`
	`83`	`+ return nil, smtp.ErrAuthUnsupported`
	`84`	`+ }`
`77`	`85`	`return sasl.NewPlainServer(func(identity, username, password string) error {`
`78`	`86`	`if identity != "" && identity != username {`
`79`	`87`	`return errors.New("Invalid identity")`
`@@ -217,7 +225,7 @@ type serverConfigureFunc func(*smtp.Server)`
`217`	`225`
`218`	`226`	`var (`
`219`	`227`	`authDisabled = func(s *smtp.Server) {`
`220`		`- s.AuthDisabled = true`
	`228`	`+ s.Backend.(*backend).authDisabled = true`
`221`	`229`	`}`
`222`	`230`	`)`
`223`	`231`
`@@ -698,7 +706,7 @@ func TestServer_authDisabled(t *testing.T) {`
`698`	`706`
`699`	`707`	`io.WriteString(c, "AUTH PLAIN\r\n")`
`700`	`708`	`scanner.Scan()`
`701`		`- if scanner.Text() != "500 5.5.2 Syntax error, AUTH command unrecognized" {`
	`709`	`+ if scanner.Text() != "502 5.7.0 Authentication not supported" {`
`702`	`710`	`t.Fatal("Invalid AUTH response with auth disabled:", scanner.Text())`
`703`	`711`	`}`
`704`	`712`	`}`