This is an automated email from the ASF dual-hosted git repository.
Arsnael pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 00cad5ee11 JAMES-4207 Do not announce capabilities after authentication
00cad5ee11 is described below
commit 00cad5ee115ab160aac238ccf0db1bc08200306e
Author: Felix Auringer <[email protected]>
AuthorDate: Wed May 20 10:32:50 2026 +0200
JAMES-4207 Do not announce capabilities after authentication
RFC 5804 states that capabilities must be sent after a SASL security
layer was negotiated. This is not the case for any of the
authentication mechanisms offered by James.
---
.../managesieveserver/netty/ManageSieveChannelUpstreamHandler.java | 7 -------
.../java/org/apache/james/managesieveserver/AuthenticateTest.java | 2 --
2 files changed, 9 deletions(-)
diff --git
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
index 7aa3321c2e..e0fec73e86 100644
---
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
+++
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
@@ -84,7 +84,6 @@ public class ManageSieveChannelUpstreamHandler extends
ChannelInboundHandlerAdap
}
Session manageSieveSession =
ctx.channel().attr(NettyConstants.SESSION_ATTRIBUTE_KEY).get();
- Session.State statePriorExecution = manageSieveSession.getState();
String responseString =
manageSieveProcessor.handleRequest(manageSieveSession, request);
attachment.resetCumulation();
attachment.write(responseString);
@@ -98,12 +97,6 @@ public class ManageSieveChannelUpstreamHandler extends
ChannelInboundHandlerAdap
String capabilities =
manageSieveProcessor.handleRequest(manageSieveSession, "CAPABILITY");
attachment.write(capabilities);
}
- if (manageSieveSession.getState() == Session.State.AUTHENTICATED &&
- statePriorExecution != Session.State.AUTHENTICATED) {
- // RFC-5804 section 1.7 returning capabilities is mandated
after AUTH
- String capabilities =
manageSieveProcessor.handleRequest(manageSieveSession, "CAPABILITY");
- attachment.write(capabilities);
- }
} catch (NotEnoughDataException ex) {
// Do nothing will keep the cumulation
}
diff --git
a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
index 7c069ca104..1f59044735 100644
---
a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
+++
b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
@@ -159,7 +159,6 @@ class AuthenticateTest {
this.client.sendCommand(command);
ManageSieveClient.ServerResponse firstAuthenticationResponse =
this.client.readResponse();
Assertions.assertThat(firstAuthenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK);
- this.client.readResponse(); // Read capabilities
this.client.sendCommand(command);
ManageSieveClient.ServerResponse secondAuthenticationResponse =
this.client.readResponse();
@@ -235,6 +234,5 @@ class AuthenticateTest {
this.client.sendCommand("AUTHENTICATE \"PLAIN\" \"" +
Base64.getEncoder().encodeToString(initialClientResponse.getBytes(StandardCharsets.UTF_8))
+ "\"");
ManageSieveClient.ServerResponse authenticationResponse =
this.client.readResponse();
Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK);
- this.client.readResponse(); // Read capabilities
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]