Process the final server message response.
| public parseServerFinalMessage ( string $msg ) : boolean | ||
| $msg | string | Final server response. |
| return | boolean | False if authentication failed. |
/**
* Authenticate to the IMAP server.
*
* @param string $method IMAP login method.
*
* @return Horde_Imap_Client_Interaction_Pipeline Pipeline object.
*
* @throws Horde_Imap_Client_Exception
*/
protected function _tryLogin($method)
{
$username = $this->getParam('username');
$password = $this->getParam('password');
switch ($method) {
case 'CRAM-MD5':
case 'CRAM-SHA1':
case 'CRAM-SHA256':
// RFC 2195: CRAM-MD5
// CRAM-SHA1 & CRAM-SHA256 supported by Courier SASL library
$args = array($username, Horde_String::lower(substr($method, 5)), $password);
$cmd = $this->_command('AUTHENTICATE')->add(array($method, new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) use($args) {
return new Horde_Imap_Client_Data_Format_List(base64_encode($args[0] . ' ' . hash_hmac($args[1], base64_decode($ob->token->current()), $args[2], false)));
})));
$cmd->debug = array(null, sprintf('[AUTHENTICATE response (username: %s)]', $username));
break;
case 'DIGEST-MD5':
// RFC 2831/4422; obsoleted by RFC 6331
// Need $args because PHP 5.3 doesn't allow access to $this in
// anonymous functions.
$args = array($username, $password, $this->getParam('hostspec'));
$cmd = $this->_command('AUTHENTICATE')->add(array($method, new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) use($args) {
return new Horde_Imap_Client_Data_Format_List(base64_encode(new Horde_Imap_Client_Auth_DigestMD5($args[0], $args[1], base64_decode($ob->token->current()), $args[2], 'imap')));
}), new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) {
if (strpos(base64_decode($ob->token->current()), 'rspauth=') === false) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Unexpected response from server when authenticating."), Horde_Imap_Client_Exception::SERVER_CONNECT);
}
return new Horde_Imap_Client_Data_Format_List();
})));
$cmd->debug = array(null, sprintf('[AUTHENTICATE Response (username: %s)]', $username), null);
break;
case 'LOGIN':
/* See, e.g., RFC 6855 [5] - LOGIN command does not support
* non-ASCII characters. If we reach this point, treat as an
* authentication failure. */
try {
$username = new Horde_Imap_Client_Data_Format_Astring($username);
$password = new Horde_Imap_Client_Data_Format_Astring($password);
} catch (Horde_Imap_Client_Data_Format_Exception $e) {
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Authentication failed."), Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED);
}
$cmd = $this->_command('LOGIN')->add(array($username, $password));
$cmd->debug = array(sprintf('LOGIN %s [PASSWORD]', $username));
break;
case 'PLAIN':
// RFC 2595/4616 - PLAIN SASL mechanism
$cmd = $this->_authInitialResponse($method, base64_encode(implode("", array($username, $username, $password))), $username);
break;
case 'SCRAM-SHA-1':
$scram = new Horde_Imap_Client_Auth_Scram($username, $password, 'SHA1');
$cmd = $this->_authInitialResponse($method, base64_encode($scram->getClientFirstMessage()));
$cmd->add(new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) use($scram) {
$sr1 = base64_decode($ob->token->current());
return new Horde_Imap_Client_Data_Format_List($scram->parseServerFirstMessage($sr1) ? base64_encode($scram->getClientFinalMessage()) : '*');
}));
$self = $this;
$cmd->add(new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) use($scram, $self) {
$sr2 = base64_decode($ob->token->current());
if (!$scram->parseServerFinalMessage($sr2)) {
/* This means authentication passed, according to the
* server, but the server signature is incorrect.
* This indicates that server verification has failed.
* Immediately disconnect from the server, since this
* is a possible security issue. */
$self->logout();
throw new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Server failed verification check."), Horde_Imap_Client_Exception::LOGIN_SERVER_VERIFICATION_FAILED);
}
return new Horde_Imap_Client_Data_Format_List();
}));
break;
case 'XOAUTH2':
// Google XOAUTH2
$cmd = $this->_authInitialResponse($method, $this->getParam('xoauth2_token'));
/* This is an optional command continuation. XOAUTH2 will return
* error information in continuation response. */
$error_continuation = new Horde_Imap_Client_Interaction_Command_Continuation(function ($ob) {
return new Horde_Imap_Client_Data_Format_List();
});
$error_continuation->optional = true;
$cmd->add($error_continuation);
break;
default:
$e = new Horde_Imap_Client_Exception(Horde_Imap_Client_Translation::r("Unknown authentication method: %s"), Horde_Imap_Client_Exception::SERVER_CONNECT);
$e->messagePrintf(array($method));
throw $e;
}
return $this->_sendCmd($this->_pipeline($cmd));
}
