From 1e9378b429ba1d2d05b5d9086b278b3a0a8745c1 Mon Sep 17 00:00:00 2001 From: Trenton Holmes Date: Wed, 13 Apr 2022 13:35:42 -0700 Subject: [PATCH] Implements a fallback to AUTH=PLAIN in the event of a UnicodeEncodeError during a normal login --- src/paperless_mail/mail.py | 25 ++++++++- src/paperless_mail/tests/test_mail.py | 77 ++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 4 deletions(-) diff --git a/src/paperless_mail/mail.py b/src/paperless_mail/mail.py index 4dd1f3a1f..4f41126cf 100644 --- a/src/paperless_mail/mail.py +++ b/src/paperless_mail/mail.py @@ -3,6 +3,7 @@ import tempfile from datetime import date from datetime import timedelta from fnmatch import fnmatch +from imaplib import IMAP4 import magic import pathvalidate @@ -145,7 +146,7 @@ class MailAccountHandler(LoggingMixin): else: raise NotImplementedError( - "Unknwown correspondent selector", + "Unknown correspondent selector", ) # pragma: nocover def handle_mail_account(self, account): @@ -164,6 +165,26 @@ class MailAccountHandler(LoggingMixin): try: M.login(account.username, account.password) + + except UnicodeEncodeError: + try: + # rfc2595 section 6 - PLAIN SASL mechanism + client: IMAP4 = M.client + encoded = ( + b"\0" + + account.username.encode("utf8") + + b"\0" + + account.password.encode("utf8") + ) + # Assumption is the server supports AUTH=PLAIN capability + # Could check the list with client.capability(), but then what? + # We're failing anyway then + client.authenticate("PLAIN", lambda x: encoded) + + # Need to transition out of AUTH state to SELECTED + M.folder.set("INBOX") + except Exception: + raise MailError(f"Error while authenticating account {account}") except Exception: raise MailError(f"Error while authenticating account {account}") @@ -184,7 +205,7 @@ class MailAccountHandler(LoggingMixin): return total_processed_files - def handle_mail_rule(self, M, rule): + def handle_mail_rule(self, M: MailBox, rule): self.log("debug", f"Rule {rule}: Selecting folder {rule.folder}") diff --git a/src/paperless_mail/tests/test_mail.py b/src/paperless_mail/tests/test_mail.py index 85f20c2d0..352c3f369 100644 --- a/src/paperless_mail/tests/test_mail.py +++ b/src/paperless_mail/tests/test_mail.py @@ -17,6 +17,7 @@ from documents.tests.utils import DirectoriesMixin from imap_tools import EmailAddress from imap_tools import FolderInfo from imap_tools import MailboxFolderSelectError +from imap_tools import MailboxLoginError from imap_tools import MailMessage from imap_tools import MailMessageFlags from paperless_mail import tasks @@ -44,6 +45,14 @@ class BogusFolderManager: self.current_folder = new_folder +class BogusClient(object): + def authenticate(self, mechanism, authobject): + # authobject must be a callable object + auth_bytes = authobject(None) + if auth_bytes != b"\x00admin\x00w57\xc3\xa4\xc3\xb6\xc3\xbcw4b6huwb6nhu": + raise MailboxLoginError("BAD", "OK") + + class BogusMailBox(ContextManager): def __enter__(self): return self @@ -55,10 +64,14 @@ class BogusMailBox(ContextManager): self.messages: List[MailMessage] = [] self.messages_spam: List[MailMessage] = [] self.folder = BogusFolderManager() + self.client = BogusClient() def login(self, username, password): - if not (username == "admin" and password == "secret"): - raise Exception() + # This will raise a UnicodeEncodeError if the password is not ASCII only + password.encode("ascii") + # Otherwise, check for correct values + if username != "admin" or password not in {"secret"}: + raise MailboxLoginError("BAD", "OK") def fetch(self, criteria, mark_seen, charset=""): msg = self.messages @@ -821,6 +834,66 @@ class TestMail(DirectoriesMixin, TestCase): self.assertEqual(len(self.bogus_mailbox.messages), 2) self.assertEqual(self.async_task.call_count, 5) + def test_auth_plain_fallback(self): + """ + GIVEN: + - Mail account with password containing non-ASCII characters + THEN: + - Should still authenticate to the mail account + """ + account = MailAccount.objects.create( + name="test", + imap_server="", + username="admin", + # Note the non-ascii characters here + password="w57äöüw4b6huwb6nhu", + ) + + _ = MailRule.objects.create( + name="testrule", + account=account, + action=MailRule.AttachmentAction.MARK_READ, + ) + + self.assertEqual(len(self.bogus_mailbox.messages), 3) + self.assertEqual(self.async_task.call_count, 0) + self.assertEqual(len(self.bogus_mailbox.fetch("UNSEEN", False)), 2) + + self.mail_account_handler.handle_mail_account(account) + + self.assertEqual(self.async_task.call_count, 2) + self.assertEqual(len(self.bogus_mailbox.fetch("UNSEEN", False)), 0) + self.assertEqual(len(self.bogus_mailbox.messages), 3) + + def test_auth_plain_fallback_fails_still(self): + """ + GIVEN: + - Mail account with password containing non-ASCII characters + - Incorrect password alue + THEN: + - Should raise a MailError for the account + """ + account = MailAccount.objects.create( + name="test", + imap_server="", + username="admin", + # Note the non-ascii characters here + # Passes the check in login, not in authenticate + password="réception", + ) + + _ = MailRule.objects.create( + name="testrule", + account=account, + action=MailRule.AttachmentAction.MARK_READ, + ) + + self.assertRaises( + MailError, + self.mail_account_handler.handle_mail_account, + account, + ) + class TestManagementCommand(TestCase): @mock.patch(