You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried the latest snappymail (2.34.1) docker image with mox (https://www.xmox.nl), and noticed SCRAM login is failing. I believe the snappymail sasl/scram client isn't finishing the login transaction.
It looks like you're being logged in, but instead you get back to the login screen. You don't see an error message, just have to login again. The snappymail console has more details:
After the last "S: + ...\r\n" message, the client (snappymail) should be sending a message to finish the continuation, then read the authentication response.
Clients MUST follow the syntax outlined in this specification strictly. It is a syntax error to send a command with missing or extraneous spaces or arguments.
The next paragraph mentions AUTHENTICATE.
In all cases, the client MUST send a complete command (including receiving all command continuation request responses and sending command continuations for the command) before initiating a new command.
If you read only the SASL en SCRAM docs, you would think the protocol messages end after the final client message. The empty line is an IMAP requirement, for continuations.
Describe the bug
I tried the latest snappymail (2.34.1) docker image with mox (https://www.xmox.nl), and noticed SCRAM login is failing. I believe the snappymail sasl/scram client isn't finishing the login transaction.
To Reproduce
Steps to reproduce the behavior:
Mox localserve prints the IMAP protocol messages and shows something like this (with long base64 data replaced with "..."):
After the last "S: + ...\r\n" message, the client (snappymail) should be sending a message to finish the continuation, then read the authentication response.
A transaction should look like this:
See https://datatracker.ietf.org/doc/html/rfc9051#section-2.2.1 and these sentences:
Clients MUST follow the syntax outlined in this specification strictly. It is a syntax error to send a command with missing or extraneous spaces or arguments.
In all cases, the client MUST send a complete command (including receiving all command continuation request responses and sending command continuations for the command) before initiating a new command.
And see the example scram session in the imap4rev2 rfc, https://www.xmox.nl/xr/v0.0.9/rfc/9051.html#L6221
imap4rev1 has similar wording, see https://datatracker.ietf.org/doc/html/rfc3501#section-2.2.1. It doesn't have the scram example.
If you read only the SASL en SCRAM docs, you would think the protocol messages end after the final client message. The empty line is an IMAP requirement, for continuations.
Possible solution
I think a change is needed at https://github.com/the-djmaze/snappymail/blob/v2.34.1/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php#L184. If I add the following, I can log in:
(I'm assuming getResponse throws an exception if the command doesn't return an "OK".)
I've seen a few other issues (now closed) about SCRAM, could be worth tagging those or its reporters in case they've disabled SCRAM after issues.
The text was updated successfully, but these errors were encountered: