imap-auth-login: don't check for AUTH=PLAIN before attempting an authentication (!121) · Merge requests · GNOME / gnome-online-accounts

The source project of this merge request has been removed.

Clément Saccoccio requested to merge (removed):no-plain-check into master Feb 12, 2023

When adding an IMAP account the AUTH=PLAIN string was checked in the server CAPABILITY response. The presence of this string would indicate that the AUTHENTICATE PLAIN command is accepted. However, GOA uses the LOGIN command.

This issue caused false negative where it was impossible to connect to some IMAP servers because the "Server does not support PLAIN" even if the LOGIN command was working (see #27 (closed)).

This PR removes the check. I tested it on a server that was rejected by GOA before. I now can add the IMAP account without an issue.

References

A capability name that begins with "AUTH=" indicates that the server supports that particular authentication mechanism as defined in the Simple Authentication and Security Layer (SASL).

RFC 9051 6.1.1. CAPABILITY Command

The AUTHENTICATE command indicates a [SASL] authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the client.

RFC 9051 6.2.2. AUTHENTICATE Command

The LOGIN command identifies the client to the server and carries the plaintext password authenticating this user.

RFC 9051 6.2.3. LOGIN Command

imap-auth-login: don't check for AUTH=PLAIN before attempting an authentication

References

Merge request reports