Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn when using deprecated SASL mechanisms #62

Merged
merged 1 commit into from
Sep 28, 2022
Merged

Warn when using deprecated SASL mechanisms #62

merged 1 commit into from
Sep 28, 2022

Conversation

nevans
Copy link
Collaborator

@nevans nevans commented Jul 16, 2022
edited
Loading

Mark obolete SASL mechanisms as deprecated (fixes GH-55):

  • This is a backwards-compatible alternative to the approach here: Do not load deprecated SASL mechanisms by default #58. We can still use that incompatible approach in a future version.
  • Warn every time a deprecated mechanism is used.
  • Warnings can be disabled with warn_deprecation: false
  • Fixes Remove needless dependencies #56: delay loading standard gem dependencies until
    #initialize, and convert the gems to development dependencies.

Additionally:

  • Adds basic tests for every authenticator (to avoid another Using PLAIN is broken in ruby 3.1.0 #52!)
  • Fixes a frozen string bug in DigestMD5Authenticator.
  • Fixes constant resolution for exceptions in DigestMD5Authenticator.
  • Can register an authenticator type that responds to #call (instead of
    #new). I was originally going to register deprecated authenticators
    with a Proc that required the file and issued a warning, but I decided
    to put everything into the initializer instead. #authenticator
    needed to be updated to safely delegate all args, and I left this in.

The DIGEST-MD5 bug was originally reported, tested, and fixed by
@singpolyma here: nevans/net-sasl#3.

Co-authored-by: Stephen Paul Weber singpolyma@singpolyma.net

@nevans @singpolyma
Warn when using deprecated SASL mechanisms
d466c2e 
Mark obolete SASL mechanisms as deprecated (fixes GH-55):
* This is a backwards-compatible alternative to the approach in GH-58
  (don't require and add the deprecated authenticators automatically).
  We can use that incompatible approach in a later version.
* Warn every time a deprecated mechanism is used.
* Warnings can be disabled with `warn_deprecation: false`
* Fixes GH-56: delay loading standard gem dependencies until
  `#initialize`, and convert the gems to development dependencies.

Additionally:
* Adds basic tests for every authenticator (to avoid another GH-52!)
* Fixes a frozen string bug in DigestMD5Authenticator.
* Fixes constant resolution for exceptions in DigestMD5Authenticator.
* Can register an authenticator type that responds to #call (instead of
  #new).  I was originally going to register deprecated authenticators
  with a Proc that required the file and issued a warning, but I decided
  to put everything into the initializer instead.  `#authenticator`
  needed to be updated to safely delegate all args, and I left this in.

The DIGEST-MD5 bug was originally reported, tested, and fixed by
@singpolyma here: nevans/net-sasl#3.

Co-authored-by: Stephen Paul Weber <singpolyma@singpolyma.net>
@nevans nevans mentioned this pull request Jul 16, 2022
Closed
@nevans nevans requested review from hsbt and shugo July 16, 2022 21:30
shugo
shugo approved these changes Jul 17, 2022
View reviewed changes
Copy link
Member

@shugo shugo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks fine. thank you!

@hsbt hsbt merged commit b3661bd into master Sep 28, 2022
@hsbt hsbt deleted the deprecation-warning-SASL-mechanisms branch September 28, 2022 08:13
@hsbt hsbt mentioned this pull request Sep 28, 2022
Open
@hsbt
Copy link
Member

hsbt commented Sep 28, 2022

@shugo @nevans Can we release v0.3.0 contained this? I hope to reduce the dependencies from gem i rails.

@shugo
Copy link
Member

shugo commented Sep 28, 2022

@shugo @nevans Can we release v0.3.0 contained this? I hope to reduce the dependencies from gem i rails.

Sure. I've released v0.3.0.

@hsbt
Copy link
Member

hsbt commented Sep 28, 2022

Thanks a lot!

@nevans nevans mentioned this pull request Nov 21, 2022
Open
@nevans nevans added the SASL 🔒 Authentication and authentication mechanisms label Feb 12, 2023
@nevans nevans mentioned this pull request Sep 20, 2023
Draft
37 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shugo shugo shugo approved these changes

@hsbt hsbt Awaiting requested review from hsbt

Assignees
No one assigned
Labels
SASL 🔒 Authentication and authentication mechanisms
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RFC6331: Moving DIGEST-MD5 to Historic
3 participants
@nevans @hsbt @shugo