auth returns a value which implements the smtp.Auth based on the available auth mechanisms.
(ctx context.Context, mechs string)
| 432 | |
| 433 | // auth returns a value which implements the smtp.Auth based on the available auth mechanisms. |
| 434 | func (s *SMTPHandler) auth(ctx context.Context, mechs string) (sasl.Client, error) { |
| 435 | username := s.cfg.Auth.Username.String() |
| 436 | |
| 437 | // All auth mechanisms require username, so if one is not defined then don't return an auth client. |
| 438 | if username == "" { |
| 439 | // nolint:nilnil // This is a valid response. |
| 440 | return nil, nil |
| 441 | } |
| 442 | |
| 443 | var errs error |
| 444 | list := strings.Split(mechs, " ") |
| 445 | for _, mech := range list { |
| 446 | switch mech { |
| 447 | case sasl.Plain: |
| 448 | password, err := s.password() |
| 449 | if err != nil { |
| 450 | errs = multierror.Append(errs, err) |
| 451 | continue |
| 452 | } |
| 453 | if password == "" { |
| 454 | errs = multierror.Append(errs, xerrors.New("cannot use PLAIN auth, password not defined (see CODER_EMAIL_AUTH_PASSWORD)")) |
| 455 | continue |
| 456 | } |
| 457 | |
| 458 | return sasl.NewPlainClient(s.cfg.Auth.Identity.String(), username, password), nil |
| 459 | case sasl.Login: |
| 460 | if slices.Contains(list, sasl.Plain) { |
| 461 | // Prefer PLAIN over LOGIN. |
| 462 | continue |
| 463 | } |
| 464 | |
| 465 | // Warn that LOGIN is obsolete, but don't do it every time we dispatch a notification. |
| 466 | s.loginWarnOnce.Do(func() { |
| 467 | s.log.Warn(ctx, "LOGIN auth is obsolete and should be avoided (use PLAIN instead): https://www.ietf.org/archive/id/draft-murchison-sasl-login-00.txt") |
| 468 | }) |
| 469 | |
| 470 | password, err := s.password() |
| 471 | if err != nil { |
| 472 | errs = multierror.Append(errs, err) |
| 473 | continue |
| 474 | } |
| 475 | if password == "" { |
| 476 | errs = multierror.Append(errs, xerrors.New("cannot use LOGIN auth, password not defined (see CODER_EMAIL_AUTH_PASSWORD)")) |
| 477 | continue |
| 478 | } |
| 479 | |
| 480 | return sasl.NewLoginClient(username, password), nil |
| 481 | default: |
| 482 | return nil, xerrors.Errorf("unsupported auth mechanism: %q (supported: %v)", mechs, []string{sasl.Plain, sasl.Login}) |
| 483 | } |
| 484 | } |
| 485 | |
| 486 | return nil, errs |
| 487 | } |
| 488 | |
| 489 | // validateFromAddr parses the "from" address and returns two values: |
| 490 | // 1. envelopeFrom: The bare email address for use in the SMTP MAIL FROM command. |