123456789_123456789_123456789_123456789_123456789_

Class: Net::IMAP::SASL::PlainAuthenticator

Relationships & Source Files
Inherits: Object
Defined in: lib/net/imap/sasl/plain_authenticator.rb

Overview

Authenticator for the “PLAIN::Net::IMAP::SASL mechanism, specified in RFC-4616. See Net::IMAP#authenticate.

PLAIN authentication sends the password in cleartext. RFC-3501 encourages servers to disable cleartext authentication until after TLS has been negotiated. RFC-8314 recommends TLS version 1.2 or greater be used for all traffic, and deprecate cleartext access ASAP. PLAIN can be secured by TLS encryption.

Constant Summary

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.new(username, password, authzid: nil, **) ⇒ authenticator .new(username:, password:, authzid: nil, **) ⇒ authenticator .new(authcid:, password:, authzid: nil, **) ⇒ authenticator

Creates an Authenticator for the “PLAIN::Net::IMAP::SASL mechanism.

Called by Net::IMAP#authenticate and similar methods on other clients.

Parameters

  • #authcid ― Authentication identity that is associated with #password.

    #username ― An alias for #authcid.

  • #password ― A password or passphrase associated with the #authcid.

  • optional #authzid ― Authorization identity to act as or on behalf of.

    When authzid is not set, the server should derive the authorization identity from the authentication identity.

Any other keyword parameters are quietly ignored.

Raises:

  • (ArgumentError)
[ GitHub ] 

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 67



def initialize(user = nil, pass = nil,
               authcid: nil, secret: nil,
               username: nil, password: nil, authzid: nil, **)
  username ||= authcid || user or
    raise ArgumentError, "missing username (authcid)"
  password ||= secret || pass or raise ArgumentError, "missing password"
  raise ArgumentError, "username contains NULL" if username.include?(NULL)
  raise ArgumentError, "password contains NULL" if password.include?(NULL)
  raise ArgumentError, "authzid contains NULL"  if authzid&.include?(NULL)
  @username = username
  @password = password
  @authzid  = authzid
  @done = false
end


  







Instance Attribute Details



  

    #authcid   (readonly)
  



  

    

Alias for #username.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 25



alias authcid username


  








  

    #authzid   (readonly)
  



  

    

Authorization identity: an identity to act as or on behalf of.  The identity form is application protocol specific.  If not provided or left blank, the server derives an authorization identity from the authentication identity. The server is responsible for verifying the client’s credentials and verifying that the identity it associates with the client’s authentication identity is allowed to act as (or on behalf of) the authorization identity.



For example, an administrator or superuser might take on another role:



imap.authenticate "PLAIN", "root", passwd, authzid: "user"


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 42



attr_reader :authzid


  








  

    #done?Boolean  (readonly)
  



  

    

Returns true when the initial client response was sent.



The authentication should not succeed unless this returns true, but it does not indicate success.


  





  


  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 99



def done?; @done end


  








  

    #initial_response?Boolean  (readonly)  



  

    

PLAIN can send an initial client response.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 86



def initial_response?; true end


  








  

    #password   (readonly)
    Also known as: #secret
  



  

    

A password or passphrase that matches the #username.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 28



attr_reader :password


  








  

    #secret   (readonly)
  



  

    

Alias for #password.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 29



alias secret password


  








  

    #username   (readonly)
    Also known as: #authcid
  



  

    

Authentication identity: the identity that matches the #password.



RFC-2831 uses the term username. “Authentication identity” is the generic term used by RFC-4422. RFC-4616 and many later RFCs abbreviate this to #authcid.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 24



attr_reader :username


  







Instance Method Details



  

    #process(data)  
  



  

    

Responds with the client’s credentials.


  



  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/plain_authenticator.rb', line 89



def process(data)
  return "#@authzid\0#@username\0#@password"
ensure
  @done = true
end