imap/smtp: Use the user-selected key slot for authentication

Issue #13
4 years ago · 818bdaabc2
parent 79b9a96532
commit 818bdaabc2
3 changed files with 14 additions and 10 deletions
--- a/pkg/imap/backend.go
+++ b/pkg/imap/backend.go
@ -95,7 +95,7 @@ func newIMAPBackend(
 	}
 }

-func (ib *imapBackend) getUser(address, username, password string) (*imapUser, error) {
+func (ib *imapBackend) getUser(address, slot, password string) (*imapUser, error) {
 	ib.usersLocker.Lock()
 	defer ib.usersLocker.Unlock()

@ -104,11 +104,11 @@ func (ib *imapBackend) getUser(address, username, password string) (*imapUser, e
 	if ok {
 		return imapUser, nil
 	}
-	return ib.createUser(address, username, password)
+	return ib.createUser(address, slot, password)
 }

 // createUser require that address MUST be in lowercase.
-func (ib *imapBackend) createUser(address, username, password string) (*imapUser, error) {
+func (ib *imapBackend) createUser(address, slot, password string) (*imapUser, error) {
 	log.WithField("address", address).Debug("Creating new IMAP user")

 	user, err := ib.usersMgr.GetUser(address)
@ -116,7 +116,7 @@ func (ib *imapBackend) createUser(address, username, password string) (*imapUser
 		return nil, err
 	}

-	if err := user.BringOnline(username, password); err != nil {
+	if err := user.BringOnline(slot, password); err != nil {
 		return nil, err
 	}

@ -155,13 +155,16 @@ func (ib *imapBackend) deleteUser(address string) {

 // Login authenticates a user.
 func (ib *imapBackend) Login(_ *imap.ConnInfo, username, password string) (goIMAPBackend.User, error) {
-	imapUser, err := ib.getUser(username, username, password)
+
+	username, slot := users.DecodeLogin(username)
+
+	imapUser, err := ib.getUser(username, slot, password)
 	if err != nil {
 		log.WithError(err).Warn("Cannot get user")
 		return nil, err
 	}

-	if err := imapUser.user.CheckCredentials("main", password); err != nil {
+	if err := imapUser.user.CheckCredentials(slot, password); err != nil {
 		log.WithError(err).Error("Could not check bridge password")
 		if err := imapUser.Logout(); err != nil {
 			log.WithError(err).Warn("Could not logout user after unsuccessful login check")
--- a/pkg/smtp/backend.go
+++ b/pkg/smtp/backend.go
@ -55,6 +55,7 @@ func newSMTPBackend(
 // Login authenticates a user.
 func (sb *smtpBackend) Login(_ *goSMTPBackend.ConnectionState, username, password string) (goSMTPBackend.Session, error) {
 	username = strings.ToLower(username)
+	username, slot := users.DecodeLogin(username)

 	user, err := sb.users.GetUser(username)
 	if err != nil {
@ -62,11 +63,11 @@ func (sb *smtpBackend) Login(_ *goSMTPBackend.ConnectionState, username, passwor
 		return nil, err
 	}

-	if err := user.BringOnline(username, password); err != nil {
+	if err := user.BringOnline(slot, password); err != nil {
 		return nil, err
 	}

-	if err := user.CheckCredentials("main", password); err != nil {
+	if err := user.CheckCredentials(slot, password); err != nil {
 		log.WithError(err).Error("Could not check bridge password")
 		// Apple Mail sometimes generates a lot of requests very quickly. It's good practice
 		// to have a timeout after bad logins so that we can slow those requests down a little bit.
--- a/pkg/users/user.go
+++ b/pkg/users/user.go
@ -374,7 +374,7 @@ func (u *User) UnlockCredentials(slot, password string) error {
 	return u.creds.Unlock(slot, password)
 }

-func (u *User) BringOnline(username, password string) error {
+func (u *User) BringOnline(slot, password string) error {
 	u.lock.Lock()
 	defer u.lock.Unlock()

@ -383,7 +383,7 @@ func (u *User) BringOnline(username, password string) error {
 	}

 	if u.creds.Locked() {
-		if err := u.creds.Unlock("main", password); err != nil {
+		if err := u.creds.Unlock(slot, password); err != nil {
 			return err
 		}
 	}