This is an automated email from the ASF dual-hosted git repository.

Arsnael pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git


The following commit(s) were added to refs/heads/master by this push:
     new 00cad5ee11 JAMES-4207 Do not announce capabilities after authentication
00cad5ee11 is described below

commit 00cad5ee115ab160aac238ccf0db1bc08200306e
Author: Felix Auringer <[email protected]>
AuthorDate: Wed May 20 10:32:50 2026 +0200

    JAMES-4207 Do not announce capabilities after authentication
    
    RFC 5804 states that capabilities must be sent after a SASL security
    layer was negotiated. This is not the case for any of the
    authentication mechanisms offered by James.
---
 .../managesieveserver/netty/ManageSieveChannelUpstreamHandler.java | 7 -------
 .../java/org/apache/james/managesieveserver/AuthenticateTest.java  | 2 --
 2 files changed, 9 deletions(-)

diff --git 
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
 
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
index 7aa3321c2e..e0fec73e86 100644
--- 
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
+++ 
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
@@ -84,7 +84,6 @@ public class ManageSieveChannelUpstreamHandler extends 
ChannelInboundHandlerAdap
             }
 
             Session manageSieveSession = 
ctx.channel().attr(NettyConstants.SESSION_ATTRIBUTE_KEY).get();
-            Session.State statePriorExecution = manageSieveSession.getState();
             String responseString = 
manageSieveProcessor.handleRequest(manageSieveSession, request);
             attachment.resetCumulation();
             attachment.write(responseString);
@@ -98,12 +97,6 @@ public class ManageSieveChannelUpstreamHandler extends 
ChannelInboundHandlerAdap
                 String capabilities = 
manageSieveProcessor.handleRequest(manageSieveSession, "CAPABILITY");
                 attachment.write(capabilities);
             }
-            if (manageSieveSession.getState() == Session.State.AUTHENTICATED &&
-                statePriorExecution != Session.State.AUTHENTICATED) {
-                // RFC-5804 section 1.7 returning capabilities is mandated 
after AUTH
-                String capabilities = 
manageSieveProcessor.handleRequest(manageSieveSession, "CAPABILITY");
-                attachment.write(capabilities);
-            }
         } catch (NotEnoughDataException ex) {
             // Do nothing will keep the cumulation
         }
diff --git 
a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
 
b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
index 7c069ca104..1f59044735 100644
--- 
a/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
+++ 
b/server/protocols/protocols-managesieve/src/test/java/org/apache/james/managesieveserver/AuthenticateTest.java
@@ -159,7 +159,6 @@ class AuthenticateTest {
         this.client.sendCommand(command);
         ManageSieveClient.ServerResponse firstAuthenticationResponse = 
this.client.readResponse();
         
Assertions.assertThat(firstAuthenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK);
-        this.client.readResponse(); // Read capabilities
 
         this.client.sendCommand(command);
         ManageSieveClient.ServerResponse secondAuthenticationResponse = 
this.client.readResponse();
@@ -235,6 +234,5 @@ class AuthenticateTest {
         this.client.sendCommand("AUTHENTICATE \"PLAIN\" \"" + 
Base64.getEncoder().encodeToString(initialClientResponse.getBytes(StandardCharsets.UTF_8))
 + "\"");
         ManageSieveClient.ServerResponse authenticationResponse = 
this.client.readResponse();
         
Assertions.assertThat(authenticationResponse.responseType()).isEqualTo(ManageSieveClient.ResponseType.OK);
-        this.client.readResponse(); // Read capabilities
     }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to