AUTH PLAIN sending user twice #14

Closed
adebree opened this Issue Aug 22, 2012 · 4 comments

Projects

None yet

3 participants

@adebree

In simplesmtp/lib/client.js when performing an AUTH PLAIN the user is added twice. This is incorrect, and should be added only once. Line 444 (or 445 :D) should be removed.

        case "PLAIN":
            this._currentAction = this._actionAUTHComplete;
            this.sendCommand("AUTH PLAIN "+new Buffer(
                    this.options.auth.user+"\u0000"+
                    this.options.auth.user+"\u0000"+
                    this.options.auth.pass,"utf-8").toString("base64"));

ps: awesome work on this and nodemailer! thx!

@andris9
Owner

Hi, AUTH PLAIN takes 3 params, user, group and password, so the second username stands for group name. Do you know any SMTP servers that don't support this?

@adebree
@andris9
Owner

Sorry, I remembered incorrectly, the second parameter is not group but the two first params make up authorzation/authentication identity. See http://tools.ietf.org/html/rfc4616#section-2

The mechanism consists of a single message, a string of [UTF-8]
encoded [Unicode] characters, from the client to the server. The
client presents the authorization identity (identity to act as),
followed by a NUL (U+0000) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+0000) character, followed by the clear-text password.

It seems that the first param (authorization identity) can be dropped.

@chekun

this issue cause https://mail.aliyun-inc.com service provider auth failed.
please fix this , currently , i have to edit it locally to use this.
Best regards.

@andris9 andris9 closed this in 210fabf May 9, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment