krjan02/email-oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix imap username error

Browse Source
This commit is contained in:
krjan02 2025-12-10 15:55:29 +01:00
parent 470490fc5b
commit 8668a7c453
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
emailproxy.py
View File

@ -716,7 +716,7 @@ class OAuth2Helper:
pass pass
@staticmethod @staticmethod
def get_oauth2_credentials(username, password, reload_remote_accounts=True): def get_oauth2_credentials(username, password, reload_remote_accounts=True, is_smtp=False):
# noinspection GrazieInspection # noinspection GrazieInspection
"""Using the given username (i.e., email address) and password, reads account details from AppConfig and """Using the given username (i.e., email address) and password, reads account details from AppConfig and
handles OAuth 2.0 token request and renewal, saving the updated details back to AppConfig (or removing them handles OAuth 2.0 token request and renewal, saving the updated details back to AppConfig (or removing them
@ -833,7 +833,7 @@ class OAuth2Helper:
# noinspection PyUnresolvedReferences # noinspection PyUnresolvedReferences
import jwt import jwt
except ImportError: except ImportError:
return (False, '%s: Unable to load jwt, which is a requirement when using certificate ' return (False, '%s: Unable to load jwt, which is a requirement when usiis_smtpng certificate '
'credentials (`jwt_` options). Please run `python -m pip install -r ' 'credentials (`jwt_` options). Please run `python -m pip install -r '
'requirements-core.txt`' % APP_NAME) 'requirements-core.txt`' % APP_NAME)
import uuid import uuid
@ -860,7 +860,7 @@ class OAuth2Helper:
'x5t#S256': base64.urlsafe_b64encode(jwt_certificate_fingerprint).decode('utf-8') 'x5t#S256': base64.urlsafe_b64encode(jwt_certificate_fingerprint).decode('utf-8')
}) })
except (FileNotFoundError, OSError): # catch OSError due to GitHub issue 257 (quoted paths) except (FileNotFoundError, OSError): # catch OSError due to GitHub issue 257 (quoted paths)
return (False, '%s: Unable to create credentials assertion for account %s - please check that ' return (False, '%s: Unable to create credentials assertion for account is_smtp%s - please check that '
'the config file entry\'s `jwt_certificate_path` and `jwt_key_path` values are ' 'the config file entry\'s `jwt_certificate_path` and `jwt_key_path` values are '
'correct' % (APP_NAME, username)) 'correct' % (APP_NAME, username))
@ -961,7 +961,12 @@ class OAuth2Helper:
# send authentication command to server (response checked in ServerConnection) - note: we only support # send authentication command to server (response checked in ServerConnection) - note: we only support
# single-trip authentication (SASL) without actually checking the server's capabilities - improve? # single-trip authentication (SASL) without actually checking the server's capabilities - improve?
if is_smtp:
Log.info("SMTP OAuth", "Modified Username to rewrite_oauth_username in OAuth-Payload!")
oauth2_string = OAuth2Helper.construct_oauth2_string(rewrite_oauth_username, access_token) oauth2_string = OAuth2Helper.construct_oauth2_string(rewrite_oauth_username, access_token)
else:
oauth2_string = OAuth2Helper.construct_oauth2_string(username, access_token)
return True, oauth2_string return True, oauth2_string
except OAuth2Helper.TokenRefreshError as e: except OAuth2Helper.TokenRefreshError as e:
@ -1005,7 +1010,7 @@ class OAuth2Helper:
except Exception as e: except Exception as e:
# note that we don't currently remove cached credentials here, as failures on the initial request are before # note that we don't currently remove cached credentials here, as failures on the initial request are before
# caching happens, and the assumption is that refresh token request exceptions are temporal (e.g., network # caching happens, and the assumption is thatget_oauth2_credentials refresh token request exceptions are temporal (e.g., network
# errors: URLError(OSError(50, 'Network is down'))) - access token 400 Bad Request HTTPErrors with messages # errors: URLError(OSError(50, 'Network is down'))) - access token 400 Bad Request HTTPErrors with messages
# such as 'authorisation code was already redeemed' are caused by our support for simultaneous requests, # such as 'authorisation code was already redeemed' are caused by our support for simultaneous requests,
# and will work from the next request; however, please report an issue if you encounter problems here # and will work from the next request; however, please report an issue if you encounter problems here
@ -1930,6 +1935,7 @@ class SMTPOAuth2ClientConnection(OAuth2ClientConnection):
self.decode_username_and_request_password(str_data[11:]) self.decode_username_and_request_password(str_data[11:])
else: # ...or requested separately else: # ...or requested separately
self.connection_state = self.STATE.AUTH_LOGIN_AWAITING_USERNAME self.connection_state = self.STATE.AUTH_LOGIN_AWAITING_USERNAME
Log.info("Username","Username")
self.send(b'334 %s\r\n' % base64.b64encode(b'Username:')) self.send(b'334 %s\r\n' % base64.b64encode(b'Username:'))
else: else:
@ -2360,7 +2366,7 @@ class SMTPOAuth2ServerConnection(OAuth2ServerConnection):
# ...then, once we have the username and password we can respond to the '334 ' response with credentials # ...then, once we have the username and password we can respond to the '334 ' response with credentials
elif self.client_connection.connection_state is SMTPOAuth2ClientConnection.STATE.XOAUTH2_AWAITING_CONFIRMATION: elif self.client_connection.connection_state is SMTPOAuth2ClientConnection.STATE.XOAUTH2_AWAITING_CONFIRMATION:
if str_data.startswith('334') and self.username and self.password: # '334 ' = 'please send credentials' if str_data.startswith('334') and self.username and self.password: # '334 ' = 'please send credentials'
success, result = OAuth2Helper.get_oauth2_credentials(self.username, self.password) success, result = OAuth2Helper.get_oauth2_credentials(self.username, self.password, True, True)
if success: if success:
# because get_oauth2_credentials blocks, the client could have disconnected, and may no-longer exist # because get_oauth2_credentials blocks, the client could have disconnected, and may no-longer exist
if self.client_connection: if self.client_connection: