This is an automated email from the ASF dual-hosted git repository.

quantranhong1999 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 61f9840a1025401c02b0a84be0fe81673f42a99b
Author: Felix Auringer <[email protected]>
AuthorDate: Mon May 18 12:38:52 2026 +0200

    refactor(imap): move oauth methods to its plain auth counterparts
---
 .../imap/processor/AbstractAuthProcessor.java      | 20 +++++++++++
 .../imap/processor/AuthenticateProcessor.java      | 41 ++++++----------------
 2 files changed, 31 insertions(+), 30 deletions(-)

diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
index 4bd2cbb633..69cb152ea5 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java
@@ -27,6 +27,8 @@ import org.apache.james.imap.api.message.request.ImapRequest;
 import org.apache.james.imap.api.message.response.StatusResponseFactory;
 import org.apache.james.imap.api.process.ImapSession;
 import org.apache.james.imap.main.PathConverter;
+import org.apache.james.jwt.OidcJwtTokenVerifier;
+import org.apache.james.jwt.OidcSASLConfiguration;
 import org.apache.james.mailbox.Authorizator;
 import org.apache.james.mailbox.DefaultMailboxes;
 import org.apache.james.mailbox.MailboxManager;
@@ -39,6 +41,7 @@ import 
org.apache.james.mailbox.exception.UserDoesNotExistException;
 import org.apache.james.mailbox.model.MailboxConstants;
 import org.apache.james.mailbox.model.MailboxPath;
 import org.apache.james.metrics.api.MetricFactory;
+import org.apache.james.protocols.api.OIDCSASLParser;
 import org.apache.james.util.AuditTrail;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -191,6 +194,23 @@ public abstract class AbstractAuthProcessor<R extends 
ImapRequest> extends Abstr
         }
     }
 
+    protected void doOAuth(OIDCSASLParser.OIDCInitialResponse 
oidcInitialResponse, OidcSASLConfiguration oidcSASLConfiguration,
+                         ImapSession session, ImapRequest request, Responder 
responder) {
+        new 
OidcJwtTokenVerifier(oidcSASLConfiguration).validateToken(oidcInitialResponse.getToken())
+            .ifPresentOrElse(authenticatedUser -> {
+                Username associatedUser = 
Username.of(oidcInitialResponse.getAssociatedUser());
+                if (!associatedUser.equals(authenticatedUser)) {
+                    doAuthWithDelegation(() -> getMailboxManager()
+                            .withExtraAuthorizator(withAdminUsers())
+                            .authenticate(authenticatedUser)
+                            .as(associatedUser),
+                        session, request, responder, authenticatedUser, 
associatedUser);
+                } else {
+                    authSuccess(authenticatedUser, session, request, 
responder);
+                }
+            }, () -> manageFailureCount(session, request, responder));
+    }
+
     protected void provisionInbox(ImapSession session, MailboxManager 
mailboxManager, MailboxSession mailboxSession) throws MailboxException {
         MailboxPath inboxPath = 
pathConverterFactory.forSession(session).buildFullPath(MailboxConstants.INBOX);
         if (Mono.from(mailboxManager.mailboxExists(inboxPath, 
mailboxSession)).block()) {
diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
index 1f66be3daa..2988064e82 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
@@ -39,8 +39,6 @@ import org.apache.james.imap.main.PathConverter;
 import org.apache.james.imap.message.request.AuthenticateRequest;
 import org.apache.james.imap.message.request.IRAuthenticateRequest;
 import org.apache.james.imap.message.response.AuthenticateResponse;
-import org.apache.james.jwt.OidcJwtTokenVerifier;
-import org.apache.james.jwt.OidcSASLConfiguration;
 import org.apache.james.mailbox.MailboxManager;
 import org.apache.james.metrics.api.MetricFactory;
 import org.apache.james.protocols.api.OIDCSASLParser;
@@ -143,6 +141,17 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
         session.stopDetectingCommandInjection();
     }
 
+    /**
+     * Parse the initial client response and start oauth authentication.
+     */
+    protected void parseAndDoOAuth(String initialResponse, ImapSession 
session, ImapRequest request, Responder responder) {
+        OIDCSASLParser.parse(initialResponse)
+            .flatMap(oidcInitialResponseValue -> 
session.oidcSaslConfiguration().map(configure -> 
Pair.of(oidcInitialResponseValue, configure)))
+            .ifPresentOrElse(pair -> doOAuth(pair.getLeft(), pair.getRight(), 
session, request, responder),
+                () -> manageFailureCount(session, request, responder));
+        session.stopDetectingCommandInjection();
+    }
+
     private AuthenticationAttempt parseDelegationAttempt(String 
initialClientResponse) {
         try {
             String userpass = new 
String(Base64.getDecoder().decode(initialClientResponse));
@@ -201,34 +210,6 @@ public class AuthenticateProcessor extends 
AbstractAuthProcessor<AuthenticateReq
             .addToContext("authType", request.getAuthType());
     }
 
-    /**
-     * Parse the initial client response and start oauth authentication.
-     */
-    protected void parseAndDoOAuth(String initialResponse, ImapSession 
session, ImapRequest request, Responder responder) {
-        OIDCSASLParser.parse(initialResponse)
-            .flatMap(oidcInitialResponseValue -> 
session.oidcSaslConfiguration().map(configure -> 
Pair.of(oidcInitialResponseValue, configure)))
-            .ifPresentOrElse(pair -> doOAuth(pair.getLeft(), pair.getRight(), 
session, request, responder),
-                () -> manageFailureCount(session, request, responder));
-        session.stopDetectingCommandInjection();
-    }
-
-    private void doOAuth(OIDCSASLParser.OIDCInitialResponse 
oidcInitialResponse, OidcSASLConfiguration oidcSASLConfiguration,
-                         ImapSession session, ImapRequest request, Responder 
responder) {
-        new 
OidcJwtTokenVerifier(oidcSASLConfiguration).validateToken(oidcInitialResponse.getToken())
-            .ifPresentOrElse(authenticatedUser -> {
-                Username associatedUser = 
Username.of(oidcInitialResponse.getAssociatedUser());
-                if (!associatedUser.equals(authenticatedUser)) {
-                    doAuthWithDelegation(() -> getMailboxManager()
-                            .withExtraAuthorizator(withAdminUsers())
-                            .authenticate(authenticatedUser)
-                            .as(associatedUser),
-                        session, request, responder, authenticatedUser, 
associatedUser);
-                } else {
-                    oauthSuccess(authenticatedUser, session, request, 
responder);
-                }
-            }, () -> manageFailureCount(session, request, responder));
-    }
-
     private static String extractInitialClientResponse(byte[] data) {
         // cut of the CRLF
         return new String(data, 0, data.length - 2, StandardCharsets.US_ASCII);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to