go-mail/smtp/auth_plain.go

package smtp

import (
	"errors"
)

// plainAuth is the type that satisfies the Auth interface for the "SMTP PLAIN" auth
type plainAuth struct {
	identity, username, password string
	host                         string
}

// PlainAuth returns an Auth that implements the PLAIN authentication
// mechanism as defined in RFC 4616. The returned Auth uses the given
// username and password to authenticate to host and act as identity.
// Usually identity should be the empty string, to act as username.
//
// PlainAuth will only send the credentials if the connection is using TLS
// or is connected to localhost. Otherwise authentication will fail with an
// error, without sending the credentials.
func PlainAuth(identity, username, password, host string) Auth {
	return &plainAuth{identity, username, password, host}
}

func (a *plainAuth) Start(server *ServerInfo) (string, []byte, error) {
	// Must have TLS, or else localhost server.
	// Note: If TLS is not true, then we can't trust ANYTHING in ServerInfo.
	// In particular, it doesn't matter if the server advertises PLAIN auth.
	// That might just be the attacker saying
	// "it's ok, you can trust me with your password."
	if !server.TLS && !isLocalhost(server.Name) {
		return "", nil, errors.New("unencrypted connection")
	}
	if server.Name != a.host {
		return "", nil, errors.New("wrong host name")
	}
	resp := []byte(a.identity + "\x00" + a.username + "\x00" + a.password)
	return "PLAIN", resp, nil
}

func (a *plainAuth) Next(fromServer []byte, more bool) ([]byte, error) {
	if more {
		// We've already sent everything.
		return nil, errors.New("unexpected server challenge")
	}
	return nil, nil
}
Fork net/smpt into go-mail As part of #97 we are going to fork the official `net/smtp` package into go-mail to provide us with more flexibility. This commit fulfills the first big step of importing the package into smtp/. Also go-mail's own LoginAuth has been moved from auth/ into smtp/ to be consistent with the stdlib. There are still a couple of open issues (i. e. license adjustments and making golangci-lint happy) but so far all tests already work, which is a good start. 2023-01-10 00:38:42 +01:00			`package smtp`

			`import (`
			`"errors"`
			`)`

			`// plainAuth is the type that satisfies the Auth interface for the "SMTP PLAIN" auth`
			`type plainAuth struct {`
			`identity, username, password string`
			`host string`
			`}`

			`// PlainAuth returns an Auth that implements the PLAIN authentication`
			`// mechanism as defined in RFC 4616. The returned Auth uses the given`
			`// username and password to authenticate to host and act as identity.`
			`// Usually identity should be the empty string, to act as username.`
			`//`
			`// PlainAuth will only send the credentials if the connection is using TLS`
			`// or is connected to localhost. Otherwise authentication will fail with an`
			`// error, without sending the credentials.`
			`func PlainAuth(identity, username, password, host string) Auth {`
			`return &plainAuth{identity, username, password, host}`
			`}`

			`func (a plainAuth) Start(server ServerInfo) (string, []byte, error) {`
			`// Must have TLS, or else localhost server.`
			`// Note: If TLS is not true, then we can't trust ANYTHING in ServerInfo.`
			`// In particular, it doesn't matter if the server advertises PLAIN auth.`
			`// That might just be the attacker saying`
			`// "it's ok, you can trust me with your password."`
			`if !server.TLS && !isLocalhost(server.Name) {`
			`return "", nil, errors.New("unencrypted connection")`
			`}`
			`if server.Name != a.host {`
			`return "", nil, errors.New("wrong host name")`
			`}`
			`resp := []byte(a.identity + "\x00" + a.username + "\x00" + a.password)`
			`return "PLAIN", resp, nil`
			`}`

			`func (a *plainAuth) Next(fromServer []byte, more bool) ([]byte, error) {`
			`if more {`
			`// We've already sent everything.`
			`return nil, errors.New("unexpected server challenge")`
			`}`
			`return nil, nil`
			`}`