From 6d3640a16684765da23052ee7a2e264a70db5992 Mon Sep 17 00:00:00 2001
From: Winni Neessen <wn@neessen.net>
Date: Sat, 16 Nov 2024 21:38:29 +0100
Subject: [PATCH] Fix auth type auto-discovery and add test cases

Refactor the auth type initialization to prevent incorrect assignments and handle empty supported lists. Added comprehensive test cases to verify auto-discovery selection of the strongest authentication method and ensure robustness against empty or invalid input.
---
 client.go      |  5 ++++-
 client_test.go | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/client.go b/client.go
index f92c991..e61bfad 100644
--- a/client.go
+++ b/client.go
@@ -1100,7 +1100,7 @@ func (c *Client) auth() error {
 			return fmt.Errorf("server does not support SMTP AUTH")
 		}
 
-		authType := c.smtpAuthType
+		var authType SMTPAuthType
 		if c.smtpAuthType == SMTPAuthAutoDiscover {
 			discoveredType, err := c.authTypeAutoDiscover(smtpAuthType)
 			if err != nil {
@@ -1182,6 +1182,9 @@ func (c *Client) auth() error {
 }
 
 func (c *Client) authTypeAutoDiscover(supported string) (SMTPAuthType, error) {
+	if supported == "" {
+		return "", ErrNoSupportedAuthDiscovered
+	}
 	preferList := []SMTPAuthType{SMTPAuthSCRAMSHA256PLUS, SMTPAuthSCRAMSHA256, SMTPAuthSCRAMSHA1PLUS, SMTPAuthSCRAMSHA1,
 		SMTPAuthXOAUTH2, SMTPAuthCramMD5, SMTPAuthPlain, SMTPAuthLogin}
 	if !c.isEncrypted {
diff --git a/client_test.go b/client_test.go
index 5138c17..97289b8 100644
--- a/client_test.go
+++ b/client_test.go
@@ -2514,6 +2514,42 @@ func TestClient_auth(t *testing.T) {
 	})
 }
 
+func TestClient_authTypeAutoDiscover(t *testing.T) {
+	tests := []struct {
+		supported  string
+		tls        bool
+		expect     SMTPAuthType
+		shouldFail bool
+	}{
+		{"LOGIN SCRAM-SHA-256 SCRAM-SHA-1 SCRAM-SHA-256-PLUS SCRAM-SHA-1-PLUS", true, SMTPAuthSCRAMSHA256PLUS, false},
+		{"LOGIN SCRAM-SHA-256 SCRAM-SHA-1 SCRAM-SHA-256-PLUS SCRAM-SHA-1-PLUS", false, SMTPAuthSCRAMSHA256, false},
+		{"LOGIN PLAIN SCRAM-SHA-1 SCRAM-SHA-1-PLUS", true, SMTPAuthSCRAMSHA1PLUS, false},
+		{"LOGIN PLAIN SCRAM-SHA-1 SCRAM-SHA-1-PLUS", false, SMTPAuthSCRAMSHA1, false},
+		{"LOGIN XOAUTH2 SCRAM-SHA-1-PLUS", false, SMTPAuthXOAUTH2, false},
+		{"PLAIN LOGIN CRAM-MD5", false, SMTPAuthCramMD5, false},
+		{"CRAM-MD5", false, SMTPAuthCramMD5, false},
+		{"PLAIN", true, SMTPAuthPlain, false},
+		{"LOGIN PLAIN", true, SMTPAuthPlain, false},
+		{"LOGIN PLAIN", false, "no secure mechanism", true},
+		{"", false, "supported list empty", true},
+	}
+	for _, tt := range tests {
+		t.Run("AutoDiscover selects the strongest auth type: "+string(tt.expect), func(t *testing.T) {
+			client := &Client{smtpAuthType: SMTPAuthAutoDiscover, isEncrypted: tt.tls}
+			authType, err := client.authTypeAutoDiscover(tt.supported)
+			if err != nil && !tt.shouldFail {
+				t.Fatalf("failed to auto discover auth type: %s", err)
+			}
+			if tt.shouldFail && err == nil {
+				t.Fatal("expected auto discover to fail")
+			}
+			if !tt.shouldFail && authType != tt.expect {
+				t.Errorf("expected strongest auth type: %s, got: %s", tt.expect, authType)
+			}
+		})
+	}
+}
+
 func TestClient_Send(t *testing.T) {
 	message := testMessage(t)
 	t.Run("connect and send email", func(t *testing.T) {