This is an automated email from the ASF dual-hosted git repository.

quantranhong1999 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 605a2f6e69ddb1440fb4580fc822702eaddc554a
Author: Felix Auringer <[email protected]>
AuthorDate: Mon May 18 15:52:05 2026 +0200

    refactor(imap): better names and comments for authentication processors
---
 .../imap/processor/AbstractAuthProcessor.java      |  4 ++--
 .../imap/processor/AuthenticateProcessor.java      | 25 ++++++++++++----------
 .../james/imap/processor/LoginProcessor.java       |  7 ++++--
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
index abbeadb195..4bd2cbb633 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
@@ -77,7 +77,7 @@ public abstract class AbstractAuthProcessor<R extends 
ImapRequest> extends Abstr
         this.imapConfiguration = imapConfiguration;
     }
 
-    protected void doAuth(AuthenticationAttempt authenticationAttempt, 
ImapSession session, ImapRequest request, Responder responder, 
HumanReadableText failed) {
+    protected void doPasswordAuth(AuthenticationAttempt authenticationAttempt, 
ImapSession session, ImapRequest request, Responder responder, 
HumanReadableText failed) {
         Preconditions.checkArgument(!authenticationAttempt.isDelegation());
         try {
             boolean authFailure = false;
@@ -118,7 +118,7 @@ public abstract class AbstractAuthProcessor<R extends 
ImapRequest> extends Abstr
         }
     }
 
-    protected void doAuthWithDelegation(AuthenticationAttempt 
authenticationAttempt, ImapSession session, ImapRequest request, Responder 
responder) {
+    protected void doPasswordAuthWithDelegation(AuthenticationAttempt 
authenticationAttempt, ImapSession session, ImapRequest request, Responder 
responder) {
         Preconditions.checkArgument(authenticationAttempt.isDelegation());
         Username givenUser = authenticationAttempt.getAuthenticationId();
         if (givenUser == null) {
diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
index 9ca4adaa99..1f66be3daa 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
@@ -55,7 +55,7 @@ import com.google.common.collect.ImmutableList;
 import reactor.core.publisher.Mono;
 
 /**
- * Processor which handles the AUTHENTICATE command. Only authtype of PLAIN is 
supported ATM.
+ * Processor which handles the AUTHENTICATE command. Supported authentication 
mechanisms are PLAIN, XOAUTH2, and OAUTHBEARER.
  */
 public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateRequest> implements 
CapabilityImplementingProcessor {
     public static final String AUTH_PLAIN = "AUTH=PLAIN";
@@ -85,18 +85,18 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
         if (authType.equalsIgnoreCase(AUTH_TYPE_PLAIN)) {
             // See if AUTH=PLAIN is allowed. See IMAP-304
             if (session.isPlainAuthDisallowed()) {
-                LOGGER.warn("Login attempt over clear channel rejected");
+                LOGGER.warn("Plain authentication rejected because it is 
disabled or not allowed over insecure channel");
                 no(request, responder, HumanReadableText.DISABLED_LOGIN);
             } else {
                 if (request instanceof IRAuthenticateRequest) {
                     IRAuthenticateRequest irRequest = (IRAuthenticateRequest) 
request;
-                    doPlainAuth(irRequest.getInitialClientResponse(), session, 
request, responder);
+                    parseAndDoPlainAuth(irRequest.getInitialClientResponse(), 
session, request, responder);
                 } else {
                     session.executeSafely(() -> {
                         responder.respond(new AuthenticateResponse());
                         responder.flush();
                         session.pushLineHandler((requestSession, data) -> 
Mono.fromRunnable(() -> {
-                            doPlainAuth(extractInitialClientResponse(data), 
requestSession, request, responder);
+                            
parseAndDoPlainAuth(extractInitialClientResponse(data), requestSession, 
request, responder);
                             // remove the handler now
                             requestSession.popLineHandler();
                             responder.flush();
@@ -111,13 +111,13 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
             } else {
                 if (request instanceof IRAuthenticateRequest) {
                     IRAuthenticateRequest irRequest = (IRAuthenticateRequest) 
request;
-                    doOAuth(irRequest.getInitialClientResponse(), session, 
request, responder);
+                    parseAndDoOAuth(irRequest.getInitialClientResponse(), 
session, request, responder);
                 } else {
                     session.executeSafely(() -> {
                         responder.respond(new AuthenticateResponse());
                         responder.flush();
                         session.pushLineHandler((requestSession, data) -> 
Mono.fromRunnable(() -> {
-                            doOAuth(extractInitialClientResponse(data), 
requestSession, request, responder);
+                            
parseAndDoOAuth(extractInitialClientResponse(data), requestSession, request, 
responder);
                             requestSession.popLineHandler();
                             responder.flush();
                         
}).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER).then());
@@ -131,14 +131,14 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
     }
 
     /**
-     * Parse the initialClientResponse and do a PLAIN AUTH with it
+     * Parse the initial client response and start plain authentication.
      */
-    protected void doPlainAuth(String initialClientResponse, ImapSession 
session, ImapRequest request, Responder responder) {
+    protected void parseAndDoPlainAuth(String initialClientResponse, 
ImapSession session, ImapRequest request, Responder responder) {
         AuthenticationAttempt authenticationAttempt = 
parseDelegationAttempt(initialClientResponse);
         if (authenticationAttempt.isDelegation()) {
-            doAuthWithDelegation(authenticationAttempt, session, request, 
responder);
+            doPasswordAuthWithDelegation(authenticationAttempt, session, 
request, responder);
         } else {
-            doAuth(authenticationAttempt, session, request, responder, 
HumanReadableText.AUTHENTICATION_FAILED);
+            doPasswordAuth(authenticationAttempt, session, request, responder, 
HumanReadableText.AUTHENTICATION_FAILED);
         }
         session.stopDetectingCommandInjection();
     }
@@ -201,7 +201,10 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
             .addToContext("authType", request.getAuthType());
     }
 
-    protected void doOAuth(String initialResponse, ImapSession session, 
ImapRequest request, Responder responder) {
+    /**
+     * Parse the initial client response and start oauth authentication.
+     */
+    protected void parseAndDoOAuth(String initialResponse, ImapSession 
session, ImapRequest request, Responder responder) {
         OIDCSASLParser.parse(initialResponse)
             .flatMap(oidcInitialResponseValue -> 
session.oidcSaslConfiguration().map(configure -> 
Pair.of(oidcInitialResponseValue, configure)))
             .ifPresentOrElse(pair -> doOAuth(pair.getLeft(), pair.getRight(), 
session, request, responder),
diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
index b4d20915f9..989a487965 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
@@ -50,14 +50,17 @@ public class LoginProcessor extends 
AbstractAuthProcessor<LoginRequest> implemen
         super(LoginRequest.class, mailboxManager, factory, metricFactory, 
pathConverterFactory);
     }
 
+    /**
+     * Start password authentication if enabled.
+     */
     @Override
     protected void processRequest(LoginRequest request, ImapSession session, 
Responder responder) {
         // check if the login is allowed with LOGIN command. See IMAP-304
         if (session.isPlainAuthDisallowed()) {
-            LOGGER.warn("Login attempt over clear channel rejected");
+            LOGGER.warn("Login rejected because it is disabled or not allowed 
over insecure channel");
             no(request, responder, HumanReadableText.DISABLED_LOGIN);
         } else {
-            doAuth(noDelegation(request.getUserid(), request.getPassword()),
+            doPasswordAuth(noDelegation(request.getUserid(), 
request.getPassword()),
                 session, request, responder, HumanReadableText.INVALID_LOGIN);
         }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to