bpo-45706: Add imaplib.IMAP4.login_plain #29398
Conversation
Adds authentication using PLAIN SASL mechanism. This is a plain-text authentication mechanism which can be used instead of :meth:`IMAP4.login()` when UTF-8 support is required.
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). CLA MissingOur records indicate the following people have not signed the CLA: For legal reasons we need all the people listed to sign the CLA before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. If you have recently signed the CLA, please wait at least one business day You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
|
This PR is stale because it has been open for 30 days with no activity. |
| See :RFC:`6855`, page 5. | ||
|
|
||
| It will only work if the server ``CAPABILITY`` response includes | ||
| the phrase ``AUTH=PLAIN``. |
There was a problem hiding this comment.
The module partially supports RFC 3501, which says that AUTH=PLAIN is mandatory. I understand that means advertising it in CAPABILITY is optional, so it might work regardless.
| """ | ||
| return self.authenticate( | ||
| "PLAIN", | ||
| lambda _: "{0}\x00{0}\x00{1}".format(user, password).encode() |
There was a problem hiding this comment.
This sets the authorization identity (authzid) to the user name. Wouldn’t it be better to allow omitting authzid by default, let the server derive it? https://datatracker.ietf.org/doc/html/rfc4616#section-2
f'\x00{user}\x00{password}'.encode('utf-8')|
|
||
| This is a plain-text authentication mechanism that can be used | ||
| instead of :meth:`IMAP4.login()` when UTF-8 support is required. | ||
| See :RFC:`6855`, page 5. |
There was a problem hiding this comment.
Not sure that referring to RFC 6855 is that relevant. All it does is recommend against UTF-8 support with LOGIN, and say that AUTHENTICATE supports UTF-8.
Adds authentication using PLAIN SASL mechanism.
This is a plain-text authentication mechanism that can be used
instead of :meth:
IMAP4.login()when UTF-8 support is required.https://bugs.python.org/issue45706