DIGEST-MD5 fixes and improvements #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
singpolyma
commented
May 18, 2022
singpolyma
commented
- Fix a crash due to frozen string literal (and add a test).
- Allow setting non-IMAP digest-uri
- Use SecureRandom for the cnonce
Would crash due to frozen string literals being mutated with gsub!
For example, xmpp uses xmpp/domain-name and domain is often but is not required to be the same as realm.
nevans
added a commit
to nevans/net-imap
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes rubyGH-55): * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes rubyGH-56. * This is a backwards-compatible alternative to the approach in rubyGH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. Additionally: * Adds basic tests for every authenticator (to avoid another rubyGH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes rubyGH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
to ruby/net-imap
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes GH-56. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes GH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
to ruby/net-imap
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * Fixes GH-56: delay loading standard gem dependencies until `#initialize`, and convert the gems to development dependencies. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * Fixes constant resolution for exceptions in DigestMD5Authenticator. * Can register an authenticator type that responds to #call (instead of #new). I was originally going to register deprecated authenticators with a Proc that required the file and issued a warning, but I decided to put everything into the initializer instead. `#authenticator` needed to be updated to safely delegate all args, and I left this in. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
|
FYI, I merged most of your changes with a bunch of updates of my own in some ruby/net-imap branches. I've pushed one PR but I'll send in some others that correspond to all of your other PRs. Once I'm happy with the net-imap PRs, I'll merge all of the changes back into net-sasl. I'll keep your PRs open until then. :) Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.