This is an automated email from the ASF dual-hosted git repository.

quantranhong1999 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit c1b5ddd40f8bfabdd037675fb08c4aab331af730
Author: Felix Auringer <[email protected]>
AuthorDate: Mon May 18 15:47:30 2026 +0200

    refactor(imap): fail early if OIDC is disabled
---
 .../imap/processor/AuthenticateProcessor.java      | 39 +++++++++++-----------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
index 981f07f160..9ca4adaa99 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
@@ -105,19 +105,24 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
                 }
             }
         } else if (authType.equalsIgnoreCase(AUTH_TYPE_OAUTHBEARER) || 
authType.equalsIgnoreCase(AUTH_TYPE_XOAUTH2)) {
-            if (request instanceof IRAuthenticateRequest) {
-                IRAuthenticateRequest irRequest = (IRAuthenticateRequest) 
request;
-                doOAuth(irRequest.getInitialClientResponse(), session, 
request, responder);
+            if (!session.supportsOAuth()) {
+                LOGGER.warn("OAuth authentication rejected because it is 
disabled");
+                no(request, responder, 
HumanReadableText.UNSUPPORTED_AUTHENTICATION_MECHANISM);
             } else {
-                session.executeSafely(() -> {
-                    responder.respond(new AuthenticateResponse());
-                    responder.flush();
-                    session.pushLineHandler((requestSession, data) -> 
Mono.fromRunnable(() -> {
-                        doOAuth(extractInitialClientResponse(data), 
requestSession, request, responder);
-                        requestSession.popLineHandler();
+                if (request instanceof IRAuthenticateRequest) {
+                    IRAuthenticateRequest irRequest = (IRAuthenticateRequest) 
request;
+                    doOAuth(irRequest.getInitialClientResponse(), session, 
request, responder);
+                } else {
+                    session.executeSafely(() -> {
+                        responder.respond(new AuthenticateResponse());
                         responder.flush();
-                    }).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER).then());
-                });
+                        session.pushLineHandler((requestSession, data) -> 
Mono.fromRunnable(() -> {
+                            doOAuth(extractInitialClientResponse(data), 
requestSession, request, responder);
+                            requestSession.popLineHandler();
+                            responder.flush();
+                        
}).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER).then());
+                    });
+                }
             }
         } else {
             LOGGER.debug("Unsupported authentication mechanism '{}'", 
authType);
@@ -197,14 +202,10 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
     }
 
     protected void doOAuth(String initialResponse, ImapSession session, 
ImapRequest request, Responder responder) {
-        if (!session.supportsOAuth()) {
-            no(request, responder, 
HumanReadableText.UNSUPPORTED_AUTHENTICATION_MECHANISM);
-        } else {
-            OIDCSASLParser.parse(initialResponse)
-                .flatMap(oidcInitialResponseValue -> 
session.oidcSaslConfiguration().map(configure -> 
Pair.of(oidcInitialResponseValue, configure)))
-                .ifPresentOrElse(pair -> doOAuth(pair.getLeft(), 
pair.getRight(), session, request, responder),
-                    () -> manageFailureCount(session, request, responder));
-        }
+        OIDCSASLParser.parse(initialResponse)
+            .flatMap(oidcInitialResponseValue -> 
session.oidcSaslConfiguration().map(configure -> 
Pair.of(oidcInitialResponseValue, configure)))
+            .ifPresentOrElse(pair -> doOAuth(pair.getLeft(), pair.getRight(), 
session, request, responder),
+                () -> manageFailureCount(session, request, responder));
         session.stopDetectingCommandInjection();
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to