This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit ddc1be1b8d450a5aa69560103a9528f429a700c1 Author: Felix Auringer <[email protected]> AuthorDate: Mon Dec 1 11:08:37 2025 +0100 refactor(managesieve): only accept unquoted initial client response during continuation --- .../org/apache/james/managesieve/scripts/authenticate.test | 11 ++++++++--- .../org/apache/james/managesieve/scripts/capability.test | 2 +- .../org/apache/james/managesieve/scripts/checkscript.test | 2 +- .../org/apache/james/managesieve/scripts/deletescript.test | 2 +- .../org/apache/james/managesieve/scripts/getscript.test | 2 +- .../org/apache/james/managesieve/scripts/havespace.test | 2 +- .../org/apache/james/managesieve/scripts/listscripts.test | 2 +- .../org/apache/james/managesieve/scripts/putscript.test | 2 +- .../org/apache/james/managesieve/scripts/renamescript.test | 2 +- .../org/apache/james/managesieve/scripts/setactive.test | 2 +- .../org/apache/james/managesieve/scripts/starttls.test | 2 +- .../org/apache/james/managesieve/scripts/unauthenticate.test | 2 +- .../java/org/apache/james/managesieve/core/CoreProcessor.java | 2 +- .../james/managesieve/transcode/ManageSieveProcessor.java | 4 +++- .../org/apache/james/managesieveserver/AuthenticateTest.java | 4 ++-- .../java/org/apache/james/managesieveserver/OIDCTest.java | 8 ++++---- 16 files changed, 29 insertions(+), 22 deletions(-) diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/authenticate.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/authenticate.test index 54c8a6140c..1b03d55e31 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/authenticate.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/authenticate.test @@ -26,14 +26,19 @@ S: NO "Unknown SASL mechanism UNKNOWN" C: AUTHENTICATE "PLAIN" S: \+ "" C: GETSCRIPT toto.sieve -S: NO "ManageSieve syntax is incorrect: quoted authentication data must be supplied" +S: NO "Authentication failed with: Verification of credentials failed" + +C: AUTHENTICATE "PLAIN" +S: \+ "" +C: +S: NO "ManageSieve syntax is incorrect: authentication data must be supplied" C: AUTHENTICATE "PLAIN" S: \+ "" -C: "tin password" +C: tin password S: NO "Authentication failed with: Verification of credentials failed" C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/capability.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/capability.test index 095c34db56..5ae0e4344a 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/capability.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/capability.test @@ -39,7 +39,7 @@ S: OK C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: CAPABILITY diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/checkscript.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/checkscript.test index 768909990c..b2df42bd63 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/checkscript.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/checkscript.test @@ -35,7 +35,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: CHECKSCRIPT {99+} diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/deletescript.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/deletescript.test index be80044cac..6fc30c9620 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/deletescript.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/deletescript.test @@ -25,7 +25,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: DELETESCRIPT "foo" diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/getscript.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/getscript.test index a04c277122..9042c1d925 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/getscript.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/getscript.test @@ -25,7 +25,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: GETSCRIPT "foo" diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/havespace.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/havespace.test index aaa2d3bfe9..2e742f9912 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/havespace.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/havespace.test @@ -28,7 +28,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: HAVESPACE "scriptname" 49 diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/listscripts.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/listscripts.test index 9f048b42f9..f470c37fc0 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/listscripts.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/listscripts.test @@ -22,7 +22,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: LISTSCRIPTS diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/putscript.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/putscript.test index b8048ce22a..e481bfe634 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/putscript.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/putscript.test @@ -40,7 +40,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: PUTSCRIPT "mysievescript" {97+} diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/renamescript.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/renamescript.test index 7b5ff18344..2472f3b81c 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/renamescript.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/renamescript.test @@ -28,7 +28,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: PUTSCRIPT "mysievescript" {99+} diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/setactive.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/setactive.test index c233498a47..e232ef0d60 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/setactive.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/setactive.test @@ -25,7 +25,7 @@ S: NO C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: SETACTIVE "foo" diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test index 39fdbf3f1d..6e1526c13d 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test @@ -25,7 +25,7 @@ S: NO You can't enable two time SSL encryption C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: STARTTLS diff --git a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/unauthenticate.test b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/unauthenticate.test index 92576fdba8..b2da7480c0 100644 --- a/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/unauthenticate.test +++ b/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/unauthenticate.test @@ -28,7 +28,7 @@ S: NO UNAUTHENTICATE command must be issued in authenticated state C: AUTHENTICATE "PLAIN" S: \+ "" -C: "user password" +C: user password S: OK C: GETSCRIPT any diff --git a/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java b/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java index 33cc055fb1..0e44c9c33d 100644 --- a/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java +++ b/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java @@ -239,7 +239,7 @@ public class CoreProcessor implements CoreCommands { SupportedMechanism currentAuthenticationMechanism = session.getChoosedAuthenticationMechanism(); AuthenticationProcessor authenticationProcessor = authenticationProcessorMap.get(currentAuthenticationMechanism); if (Strings.isNullOrEmpty(suppliedData)) { - throw new SyntaxException("quoted authentication data must be supplied"); + throw new SyntaxException("authentication data must be supplied"); } if (suppliedData.equals("*")) { throw new AuthenticationException("authentication aborted by client"); diff --git a/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java b/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java index 83cca6f8a0..391e9203b9 100644 --- a/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java +++ b/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java @@ -115,10 +115,12 @@ public class ManageSieveProcessor { if (arguments.isEmpty()) { return result; } + // Unquote the argument in this case because continuation is not used. + arguments = ParserUtils.unquoteFirst(arguments); } // The authentication is in progress, the mechanism has been chosen, and the arguments contain an initial client response. - return argumentParser.authenticate(session, ParserUtils.unquoteFirst(arguments)); + return argumentParser.authenticate(session, arguments); } else if (command.equalsIgnoreCase(CAPABILITY)) { return argumentParser.capability(session, arguments); } else if (command.equalsIgnoreCase(CHECKSCRIPT)) { diff --git a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java index 05b3a83862..dc25cc5f64 100644 --- a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java +++ b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java @@ -124,7 +124,7 @@ public class AuthenticateTest { Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); String initialClientResponse = "\0" + ManageSieveServerTestSystem.USERNAME.asString() + "\0" + ManageSieveServerTestSystem.PASSWORD; - this.client.sendCommand("\"" + Base64.getEncoder().encodeToString(initialClientResponse.getBytes(StandardCharsets.UTF_8)) + "\""); + this.client.sendCommand(Base64.getEncoder().encodeToString(initialClientResponse.getBytes(StandardCharsets.UTF_8))); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK); } @@ -136,7 +136,7 @@ public class AuthenticateTest { Assertions.assertThat(continuationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.CONTINUATION); Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); - this.client.sendCommand("\"*\""); + this.client.sendCommand("*"); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.NO); Assertions.assertThat(authenticationResponse.explanation()).get().isEqualTo("Authentication failed with: authentication aborted by client"); diff --git a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/OIDCTest.java b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/OIDCTest.java index a07785e77d..87ca3dbffe 100644 --- a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/OIDCTest.java +++ b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/OIDCTest.java @@ -117,7 +117,7 @@ public class OIDCTest { Assertions.assertThat(continuationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.CONTINUATION); Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); - this.client.sendCommand("\"" + VALID_OAUTHBEARER_INITIAL_CLIENT_RESPONSE + "\""); + this.client.sendCommand(VALID_OAUTHBEARER_INITIAL_CLIENT_RESPONSE); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK); } @@ -129,7 +129,7 @@ public class OIDCTest { Assertions.assertThat(continuationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.CONTINUATION); Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); - this.client.sendCommand("\"*\""); + this.client.sendCommand("*"); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.NO); Assertions.assertThat(authenticationResponse.explanation()).get().isEqualTo("Authentication failed with: authentication aborted by client"); @@ -156,7 +156,7 @@ public class OIDCTest { Assertions.assertThat(continuationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.CONTINUATION); Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); - this.client.sendCommand("\"" + VALID_XOAUTH2_INITIAL_CLIENT_RESPONSE + "\""); + this.client.sendCommand(VALID_XOAUTH2_INITIAL_CLIENT_RESPONSE); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK); } @@ -168,7 +168,7 @@ public class OIDCTest { Assertions.assertThat(continuationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.CONTINUATION); Assertions.assertThat(continuationResponse.explanation().get()).isEqualTo(""); - this.client.sendCommand("\"*\""); + this.client.sendCommand("*"); ManageSieveClient.ServerResponse authenticationResponse = this.client.readResponse(); Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.NO); Assertions.assertThat(authenticationResponse.explanation()).get().isEqualTo("Authentication failed with: authentication aborted by client"); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
