JAMES-1930 Refactor Auth plain parsing
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/0175e31a Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/0175e31a Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/0175e31a Branch: refs/heads/master Commit: 0175e31af0aae97f8ec56ddcf0c6eaeb010b302e Parents: 200460c Author: Benoit Tellier <[email protected]> Authored: Thu Feb 9 11:28:53 2017 +0700 Committer: Antoine Duprat <[email protected]> Committed: Tue Feb 14 11:29:30 2017 +0100 ---------------------------------------------------------------------- .../imap/processor/AuthenticateProcessor.java | 67 ++++++++++++++++---- 1 file changed, 54 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/0175e31a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java ---------------------------------------------------------------------- diff --git a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java index 12eeb98..1abc69d 100644 --- a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java +++ b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java @@ -37,6 +37,8 @@ import org.apache.james.imap.message.request.IRAuthenticateRequest; import org.apache.james.imap.message.response.AuthenticateResponse; import org.apache.james.mailbox.MailboxManager; +import com.google.common.base.Optional; + /** * Processor which handles the AUTHENTICATE command. Only authtype of PLAIN is supported ATM. * @@ -101,16 +103,21 @@ public class AuthenticateProcessor extends AbstractAuthProcessor<AuthenticateReq * @param responder */ protected void doPlainAuth(String initialClientResponse, ImapSession session, String tag, ImapCommand command, Responder responder) { - String pass = null; - String user = null; + AuthPlainAttempt authPlainAttempt = parseDelegationAttempt(initialClientResponse); + // Authenticate user + doAuth(authPlainAttempt.getAuthenticationId(), authPlainAttempt.getPassword(), session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED); + } + + private AuthPlainAttempt parseDelegationAttempt(String initialClientResponse) { + String token2; try { String userpass = new String(Base64.decodeBase64(initialClientResponse)); StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0"); - String authorize_id = authTokenizer.nextToken(); // Authorization Identity - user = authTokenizer.nextToken(); // Authentication Identity + String token1 = authTokenizer.nextToken(); // Authorization Identity + token2 = authTokenizer.nextToken(); // Authentication Identity try { - pass = authTokenizer.nextToken(); // Password + return delegation(token1, token2, authTokenizer.nextToken()); } catch (java.util.NoSuchElementException _) { // If we got here, this is what happened. RFC 2595 // says that "the client may leave the authorization @@ -127,19 +134,17 @@ public class AuthenticateProcessor extends AbstractAuthProcessor<AuthenticateReq // elements, leading to the exception we just // caught. So we need to move the user to the // password, and the authorize_id to the user. - pass = user; - user = authorize_id; - } - - authTokenizer = null; + return noDelegation(token1, token2); + } finally { + authTokenizer = null; + } } catch (Exception e) { // Ignored - this exception in parsing will be dealt // with in the if clause below + return noDelegation(null, null); } - // Authenticate user - doAuth(user, pass, session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED); } - + /** * @see org.apache.james.imap.processor.CapabilityImplementingProcessor * #getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession) @@ -156,4 +161,40 @@ public class AuthenticateProcessor extends AbstractAuthProcessor<AuthenticateReq return Collections.unmodifiableList(caps); } + private static AuthPlainAttempt delegation(String authorizeId, String authenticationId, String password) { + return new AuthPlainAttempt(Optional.of(authorizeId), authenticationId, password); + } + + private static AuthPlainAttempt noDelegation(String authenticationId, String password) { + return new AuthPlainAttempt(Optional.<String>absent(), authenticationId, password); + } + + private static class AuthPlainAttempt { + private final Optional<String> authorizeId; + private final String authenticationId; + private final String password; + + private AuthPlainAttempt(Optional<String> authorizeId, String authenticationId, String password) { + this.authorizeId = authorizeId; + this.authenticationId = authenticationId; + this.password = password; + } + + public boolean isDelegation() { + return authorizeId.isPresent(); + } + + public Optional<String> getAuthorizeId() { + return authorizeId; + } + + public String getAuthenticationId() { + return authenticationId; + } + + public String getPassword() { + return password; + } + } + } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
