♻️ SASL LOGIN: Add "#done?" [🚧 WIP]

The client should raise an error if the command completes successfully
but "done?" returns false.

also moved to sasl dir and SASL module.

move login

login

Author: nevans

lib/net/imap.rb

@@ -987,7 +987,7 @@ def starttls(options = {}, verify = true)
     #
     #   For +DIGEST-MD5+ see SASL::DigestMD5Authenticator.
     #
-    #   For +LOGIN+, see LoginAuthenticator.
+    #   For +LOGIN+, see SASL::LoginAuthenticator.
     #
     #   For +CRAM-MD5+, see SASL::CramMD5Authenticator.
     #

lib/net/imap/authenticators.rb

@@ -67,6 +67,6 @@ def authenticators
 require_relative "sasl/xoauth2_authenticator"
 
 # deprecated
-require_relative "authenticators/login"
+require_relative "sasl/login_authenticator"
 require_relative "sasl/cram_md5_authenticator"
 require_relative "sasl/digest_md5_authenticator"

lib/net/imap/authenticators/login.rb

@@ -33,7 +33,7 @@ module SASL
       #
       #   For +DIGEST-MD5+ see SASL::DigestMD5Authenticator.
       #
-      #   For +LOGIN+, see LoginAuthenticator.
+      #   For +LOGIN+, see SASL::LoginAuthenticator.
       #
       #   For +CRAM-MD5+, see SASL::CramMD5Authenticator.
       #

lib/net/imap/sasl/authenticator.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Net
+  class IMAP < Protocol
+    module SASL
+
+      # Authenticator for the "+LOGIN+" SASL mechanism.  See Net::IMAP#authenticate.
+      #
+      # +LOGIN+ authentication sends the password in cleartext.
+      # RFC3501[https://tools.ietf.org/html/rfc3501] encourages servers to disable
+      # cleartext authentication until after TLS has been negotiated.
+      # RFC8314[https://tools.ietf.org/html/rfc8314] recommends TLS version 1.2 or
+      # greater be used for all traffic, and deprecate cleartext access ASAP.  +LOGIN+
+      # can be secured by TLS encryption.
+      #
+      # == Deprecated
+      #
+      # The {SASL mechanisms
+      # registry}[https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml]
+      # marks "LOGIN" as obsoleted in favor of "PLAIN".  It is included here for
+      # compatibility with existing servers.  See
+      # {draft-murchison-sasl-login}[https://www.iana.org/go/draft-murchison-sasl-login]
+      # for both specification and deprecation.
+      class LoginAuthenticator
+        def process(data)
+          case @state
+          when STATE_USER
+            @state = STATE_PASSWORD
+            @user
+          when STATE_PASSWORD
+            @state = STATE_DONE
+            @password
+          when STATE_DONE
+            raise ResponseParseError, data
+          end
+        end
+
+        def done?; @state == STATE_DONE end
+
+        private
+
+        STATE_USER     = :USER
+        STATE_PASSWORD = :PASSWORD
+        STATE_DONE     = :DONE
+
+        def initialize(user, password, warn_deprecation: true, **_ignored)
+          if warn_deprecation
+            warn "WARNING: LOGIN SASL mechanism is deprecated. Use PLAIN instead."
+          end
+          @user = user
+          @password = password
+          @state = STATE_USER
+        end
+
+        Net::IMAP.add_authenticator "LOGIN", self
+      end
+    end
+
+    LoginAuthenticator = SASL::LoginAuthenticator # :nodoc:
+    deprecate_constant :LoginAuthenticator
+
+  end
+end

lib/net/imap/sasl/login_authenticator.rb

@@ -91,7 +91,7 @@ def login(*args, warn_deprecation: false, **kwargs, &block)
   end
 
   def test_login_authenticator_matches_mechanism
-    assert_kind_of(Net::IMAP::LoginAuthenticator, login("n", "p"))
+    assert_kind_of(Net::IMAP::SASL::LoginAuthenticator, login("n", "p"))
   end
 
   def test_login_authenticator_deprecated