From 1f54f5b8a4dc427136521014876d64be8fcb3dee Mon Sep 17 00:00:00 2001
From: Miguel Cabrerizo <30386061+doncicuto@users.noreply.github.com>
Date: Tue, 30 Apr 2024 09:31:07 +0200
Subject: [PATCH] fix: Unrecognized Authentication Type Error when SMTP LOGIN
 Auth method is required (#7761)

* fix: poc outlook.com now works login auth

* fix: remove port arg from smtpAuth

* fix: add outlook provider and custom email placeholder

* fix: minor typo in contributing docs

* fix: use zerrors package

* fix: typo for idp and smtp providers

---------

Co-authored-by: Max Peintner <max@caos.ch>
---
 CONTRIBUTING.md                               | 20 +++----
 .../known-smtp-providers-settings.ts          | 18 ++++++
 .../smtp-provider-routing.module.ts           |  1 +
 .../smtp-provider.component.html              |  8 ++-
 .../smtp-provider/smtp-provider.component.ts  |  8 +++
 .../smtp-table/smtp-table.component.html      |  3 +-
 console/src/assets/i18n/en.json               |  4 +-
 console/src/assets/images/smtp/outlook.svg    |  1 +
 .../notification/channels/smtp/channel.go     |  5 +-
 .../notification/channels/smtp/plain_auth.go  | 22 -------
 .../channels/smtp/plain_or_login_auth.go      | 57 +++++++++++++++++++
 11 files changed, 107 insertions(+), 40 deletions(-)
 create mode 100644 console/src/assets/images/smtp/outlook.svg
 delete mode 100644 internal/notification/channels/smtp/plain_auth.go
 create mode 100644 internal/notification/channels/smtp/plain_or_login_auth.go

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6f28dbf042..9c18c920a4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -108,13 +108,13 @@ Please make sure you cover your changes with tests before marking a Pull Request
 
 The code consists of the following parts:
 
-| name            | description                                                     | language                                                                    | where to find                                      |
-| --------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
-| backend         | Service that serves the grpc(-web) and RESTful API              | [go](https://go.dev)                                                        | [API implementation](./internal/api/grpc)          |
-| console         | Frontend the user interacts with after log in             | [Angular](https://angular.io), [Typescript](https://www.typescriptlang.org) | [./console](./console)                             |
+| name            | description                                                        | language                                                                    | where to find                                      |
+| --------------- | ------------------------------------------------------------------ | --------------------------------------------------------------------------- | -------------------------------------------------- |
+| backend         | Service that serves the grpc(-web) and RESTful API                 | [go](https://go.dev)                                                        | [API implementation](./internal/api/grpc)          |
+| console         | Frontend the user interacts with after log in                      | [Angular](https://angular.io), [Typescript](https://www.typescriptlang.org) | [./console](./console)                             |
 | login           | Server side rendered frontend the user interacts with during login | [go](https://go.dev), [go templates](https://pkg.go.dev/html/template)      | [./internal/api/ui/login](./internal/api/ui/login) |
-| API definitions | Specifications of the API                                       | [Protobuf](https://developers.google.com/protocol-buffers)                  | [./proto/zitadel](./proto/zitadel)                 |
-| docs            | Project documentation made with docusaurus                      | [Docusaurus](https://docusaurus.io/)                                        | [./docs](./docs)                                   |
+| API definitions | Specifications of the API                                          | [Protobuf](https://developers.google.com/protocol-buffers)                  | [./proto/zitadel](./proto/zitadel)                 |
+| docs            | Project documentation made with docusaurus                         | [Docusaurus](https://docusaurus.io/)                                        | [./docs](./docs)                                   |
 
 Please validate and test the code before you contribute.
 
@@ -129,12 +129,12 @@ We add the label "good first issue" for problems we think are a good starting po
 
 We are committed to creating a welcoming and inclusive community for all developers, regardless of their gender identity or expression. To achieve this, we are actively working to ensure that our contribution guidelines are gender-neutral and use inclusive language.
 
-**Use gender-neutral pronouns**: 
+**Use gender-neutral pronouns**:
 Don't use gender-specific pronouns unless the person you're referring to is actually that gender.
 In particular, don't use he, him, his, she, or her as gender-neutral pronouns, and don't use he/she or (s)he or other such punctuational approaches. Instead, use the singular they.
 
-**Choose gender-neutral alternatives**: 
-Opt for gender-neutral terms instead of gendered ones whenever possible. 
+**Choose gender-neutral alternatives**:
+Opt for gender-neutral terms instead of gendered ones whenever possible.
 Replace "policeman" with "police officer," "manpower" with "workforce," and "businessman" with "entrepreneur" or "businessperson."
 
 **Avoid ableist language**:
@@ -194,7 +194,7 @@ make core_unit_test
 To test the database-connected gRPC API, run PostgreSQL and CockroachDB, set up a ZITADEL instance and run the tests including integration tests:
 
 ```bash
-export INTEGRATION_DB_FLAVOR="postgres" ZITADEL_MASTERKEY="MasterkeyNeedsToHave32Characters"
+export INTEGRATION_DB_FLAVOR="cockroach" ZITADEL_MASTERKEY="MasterkeyNeedsToHave32Characters"
 docker compose -f internal/integration/config/docker-compose.yaml up --pull always --wait ${INTEGRATION_DB_FLAVOR}
 make core_integration_test
 docker compose -f internal/integration/config/docker-compose.yaml down
diff --git a/console/src/app/modules/smtp-provider/known-smtp-providers-settings.ts b/console/src/app/modules/smtp-provider/known-smtp-providers-settings.ts
index ec6087ea43..c0d8f7e282 100644
--- a/console/src/app/modules/smtp-provider/known-smtp-providers-settings.ts
+++ b/console/src/app/modules/smtp-provider/known-smtp-providers-settings.ts
@@ -53,6 +53,7 @@ export interface ProviderDefaultSettings {
     value: string;
     placeholder: string;
   };
+  senderEmailPlaceholder?: string;
   image?: string;
   routerLinkElement: string;
 }
@@ -102,6 +103,7 @@ export const MailjetDefaultSettings: ProviderDefaultSettings = {
   user: { value: '', placeholder: 'Your Mailjet API key' },
   password: { value: '', placeholder: 'Your Mailjet Secret key' },
   image: './assets/images/smtp/mailjet.svg',
+  senderEmailPlaceholder: 'An authorized domain or email address',
   routerLinkElement: 'mailjet',
 };
 
@@ -114,6 +116,7 @@ export const PostmarkDefaultSettings: ProviderDefaultSettings = {
   user: { value: '', placeholder: 'Your Server API token' },
   password: { value: '', placeholder: 'Your Server API token' },
   image: './assets/images/smtp/postmark.png',
+  senderEmailPlaceholder: 'An authorized domain or email address',
   routerLinkElement: 'postmark',
 };
 
@@ -138,6 +141,7 @@ export const MailchimpDefaultSettings: ProviderDefaultSettings = {
   user: { value: '', placeholder: 'Your Mailchimp primary contact email' },
   password: { value: '', placeholder: 'Your Mailchimp Transactional API key' },
   image: './assets/images/smtp/mailchimp.svg',
+  senderEmailPlaceholder: 'An authorized domain or email address',
   routerLinkElement: 'mailchimp',
 };
 
@@ -153,6 +157,19 @@ export const BrevoDefaultSettings: ProviderDefaultSettings = {
   routerLinkElement: 'brevo',
 };
 
+export const OutlookDefaultSettings: ProviderDefaultSettings = {
+  name: 'outlook.com',
+  requiredTls: true,
+  host: 'smtp-mail.outlook.com',
+  unencryptedPort: 587,
+  encryptedPort: 587,
+  user: { value: '', placeholder: 'Your outlook.com email address' },
+  password: { value: '', placeholder: 'Your outlook.com password' },
+  image: './assets/images/smtp/outlook.svg',
+  senderEmailPlaceholder: 'Your outlook.com email address',
+  routerLinkElement: 'outlook',
+};
+
 export const GenericDefaultSettings: ProviderDefaultSettings = {
   name: 'generic',
   requiredTls: false,
@@ -170,5 +187,6 @@ export const SMTPKnownProviders = [
   MailjetDefaultSettings,
   PostmarkDefaultSettings,
   SendgridDefaultSettings,
+  OutlookDefaultSettings,
   GenericDefaultSettings,
 ];
diff --git a/console/src/app/modules/smtp-provider/smtp-provider-routing.module.ts b/console/src/app/modules/smtp-provider/smtp-provider-routing.module.ts
index 849be82a45..3cebddebf3 100644
--- a/console/src/app/modules/smtp-provider/smtp-provider-routing.module.ts
+++ b/console/src/app/modules/smtp-provider/smtp-provider-routing.module.ts
@@ -13,6 +13,7 @@ const types = [
   { path: 'mailjet', component: SMTPProviderComponent },
   { path: 'mailchimp', component: SMTPProviderComponent },
   { path: 'brevo', component: SMTPProviderComponent },
+  { path: 'outlook', component: SMTPProviderComponent },
 ];
 
 const routes: Routes = types.map((value) => {
diff --git a/console/src/app/modules/smtp-provider/smtp-provider.component.html b/console/src/app/modules/smtp-provider/smtp-provider.component.html
index c23b19f66e..b7ae8d8c63 100644
--- a/console/src/app/modules/smtp-provider/smtp-provider.component.html
+++ b/console/src/app/modules/smtp-provider/smtp-provider.component.html
@@ -106,7 +106,13 @@
 
         <cnsl-form-field class="smtp-form-field" label="Sender Address">
           <cnsl-label>{{ 'SETTING.SMTP.SENDERADDRESS' | translate }}</cnsl-label>
-          <input cnslInput name="senderAddress" formControlName="senderAddress" placeholder="sender@example.com" required />
+          <input
+            cnslInput
+            name="senderAddress"
+            formControlName="senderAddress"
+            placeholder="{{ senderEmailPlaceholder }}"
+            required
+          />
         </cnsl-form-field>
 
         <cnsl-form-field class="smtp-form-field" label="Sender Name">
diff --git a/console/src/app/modules/smtp-provider/smtp-provider.component.ts b/console/src/app/modules/smtp-provider/smtp-provider.component.ts
index c3991a55c8..5a60e2e1a4 100644
--- a/console/src/app/modules/smtp-provider/smtp-provider.component.ts
+++ b/console/src/app/modules/smtp-provider/smtp-provider.component.ts
@@ -28,6 +28,7 @@ import {
   MailjetDefaultSettings,
   PostmarkDefaultSettings,
   ProviderDefaultSettings,
+  OutlookDefaultSettings,
   SendgridDefaultSettings,
 } from './known-smtp-providers-settings';
 
@@ -56,6 +57,8 @@ export class SMTPProviderComponent {
   public firstFormGroup!: UntypedFormGroup;
   public secondFormGroup!: UntypedFormGroup;
 
+  public senderEmailPlaceholder = 'sender@example.com';
+
   constructor(
     private service: AdminService,
     private _location: Location,
@@ -91,6 +94,9 @@ export class SMTPProviderComponent {
         case 'brevo':
           this.providerDefaultSetting = BrevoDefaultSettings;
           break;
+        case 'outlook':
+          this.providerDefaultSetting = OutlookDefaultSettings;
+          break;
       }
 
       this.firstFormGroup = this.fb.group({
@@ -106,6 +112,8 @@ export class SMTPProviderComponent {
         password: [this.providerDefaultSetting?.password.value || ''],
       });
 
+      this.senderEmailPlaceholder = this.providerDefaultSetting?.senderEmailPlaceholder || 'sender@example.com';
+
       this.secondFormGroup = this.fb.group({
         senderAddress: ['', [requiredValidator]],
         senderName: ['', [requiredValidator]],
diff --git a/console/src/app/modules/smtp-table/smtp-table.component.html b/console/src/app/modules/smtp-table/smtp-table.component.html
index ba8ac58518..bbb59d451c 100644
--- a/console/src/app/modules/smtp-table/smtp-table.component.html
+++ b/console/src/app/modules/smtp-table/smtp-table.component.html
@@ -11,7 +11,8 @@
     '/instance/smtpprovider/postmark/create',
     '/instance/smtpprovider/sendgrid/create',
     '/instance/smtpprovider/mailchimp/create',
-    '/instance/smtpprovider/brevo/create'
+    '/instance/smtpprovider/brevo/create',
+    '/instance/smtpprovider/outlook/create'
   ]"
   [timestamp]="configsResult?.details?.viewTimestamp"
   [selection]="selection"
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 0a541cf418..008e4e29f1 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -1994,7 +1994,7 @@
     },
     "CREATE": {
       "TITLE": "Add provider",
-      "DESCRIPTION": "Select one ore more of the following providers.",
+      "DESCRIPTION": "Select one or more of the following providers.",
       "STEPPERTITLE": "Create Provider",
       "OIDC": {
         "TITLE": "OIDC Provider",
@@ -2264,7 +2264,7 @@
     },
     "CREATE": {
       "TITLE": "Add SMTP provider",
-      "DESCRIPTION": "Select one ore more of the following providers.",
+      "DESCRIPTION": "Select one or more of the following providers.",
       "STEPS": {
         "TITLE": "Add {{ value }} SMTP Provider",
         "CREATE_DESC_TITLE": "Enter your {{ value }} SMTP settings step by step",
diff --git a/console/src/assets/images/smtp/outlook.svg b/console/src/assets/images/smtp/outlook.svg
new file mode 100644
index 0000000000..99409ecbc3
--- /dev/null
+++ b/console/src/assets/images/smtp/outlook.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="800" width="1200" viewBox="-274.66275 -425.834 2380.4105 2555.004"><path d="M1831.083 894.25a40.879 40.879 0 00-19.503-35.131h-.213l-.767-.426-634.492-375.585a86.175 86.175 0 00-8.517-5.067 85.17 85.17 0 00-78.098 0 86.37 86.37 0 00-8.517 5.067l-634.49 375.585-.766.426c-19.392 12.059-25.337 37.556-13.278 56.948a41.346 41.346 0 0014.257 13.868l634.492 375.585a95.617 95.617 0 008.517 5.068 85.17 85.17 0 0078.098 0 95.52 95.52 0 008.517-5.068l634.492-375.585a40.84 40.84 0 0020.268-35.685z" fill="#0A2767"/><path d="M520.453 643.477h416.38v381.674h-416.38zM1745.917 255.5V80.908c1-43.652-33.552-79.862-77.203-80.908H588.204C544.552 1.046 510 37.256 511 80.908V255.5l638.75 170.333z" fill="#0364B8"/><path d="M511 255.5h425.833v383.25H511z" fill="#0078D4"/><path d="M1362.667 255.5H936.833v383.25L1362.667 1022h383.25V638.75z" fill="#28A8EA"/><path d="M936.833 638.75h425.833V1022H936.833z" fill="#0078D4"/><path d="M936.833 1022h425.833v383.25H936.833z" fill="#0364B8"/><path d="M520.453 1025.151h416.38v346.969h-416.38z" fill="#14447D"/><path d="M1362.667 1022h383.25v383.25h-383.25z" fill="#0078D4"/><linearGradient gradientTransform="matrix(1 0 0 -1 0 1705.333)" y2="1.998" x2="1128.458" y1="811.083" x1="1128.458" gradientUnits="userSpaceOnUse" id="a"><stop offset="0" stop-color="#35b8f1"/><stop offset="1" stop-color="#28a8ea"/></linearGradient><path d="M1811.58 927.593l-.809.426-634.492 356.848c-2.768 1.703-5.578 3.321-8.517 4.769a88.437 88.437 0 01-34.407 8.517l-34.663-20.27a86.706 86.706 0 01-8.517-4.897L447.167 906.003h-.298l-21.036-11.753v722.384c.328 48.196 39.653 87.006 87.849 86.7h1230.914c.724 0 1.363-.341 2.129-.341a107.79 107.79 0 0029.808-6.217 86.066 86.066 0 0011.966-6.217c2.853-1.618 7.75-5.152 7.75-5.152a85.974 85.974 0 0034.833-68.772V894.25a38.323 38.323 0 01-19.502 33.343z" fill="url(#a)"/><path d="M1797.017 891.397v44.287l-663.448 456.791-686.87-486.174a.426.426 0 00-.426-.426l-63.023-37.899v-31.938l25.976-.426 54.932 31.512 1.277.426 4.684 2.981s645.563 368.346 647.267 369.197l24.698 14.478c2.129-.852 4.258-1.703 6.813-2.555 1.278-.852 640.879-360.681 640.879-360.681z" fill="#0A2767" opacity=".5"/><path d="M1811.58 927.593l-.809.468-634.492 356.848c-2.768 1.703-5.578 3.321-8.517 4.769a88.96 88.96 0 01-78.098 0 96.578 96.578 0 01-8.517-4.769l-634.49-356.848-.766-.468a38.326 38.326 0 01-20.057-33.343v722.384c.305 48.188 39.616 87.004 87.803 86.7h1229.64c48.188.307 87.5-38.509 87.807-86.696 0-.001 0 0 0 0V894.25a38.33 38.33 0 01-19.504 33.343z" fill="#1490DF"/><path d="M1185.52 1279.629l-9.496 5.323a92.806 92.806 0 01-8.517 4.812 88.173 88.173 0 01-33.47 8.857l241.405 285.479 421.107 101.476a86.785 86.785 0 0026.7-33.343z" opacity=".1"/><path d="M1228.529 1255.442l-52.505 29.51a92.806 92.806 0 01-8.517 4.812 88.173 88.173 0 01-33.47 8.857l113.101 311.838 549.538 74.989a86.104 86.104 0 0034.407-68.815v-9.326z" opacity=".05"/><path d="M514.833 1703.333h1228.316a88.316 88.316 0 0052.59-17.033l-697.089-408.331a86.706 86.706 0 01-8.517-4.897L447.125 906.088h-.298l-20.993-11.838v719.914c-.048 49.2 39.798 89.122 88.999 89.169-.001 0-.001 0 0 0z" fill="#28A8EA"/><path d="M1022 418.722v908.303c-.076 31.846-19.44 60.471-48.971 72.392a73.382 73.382 0 01-28.957 5.962H425.833V383.25H511v-42.583h433.073c43.019.163 77.834 35.035 77.927 78.055z" opacity=".1"/><path d="M979.417 461.305v908.302a69.36 69.36 0 01-6.388 29.808c-11.826 29.149-40.083 48.273-71.54 48.417H425.833V383.25h475.656a71.493 71.493 0 0135.344 8.943c26.104 13.151 42.574 39.883 42.584 69.112z" opacity=".2"/><path d="M979.417 461.305v823.136c-.208 43-34.928 77.853-77.927 78.225H425.833V383.25h475.656a71.493 71.493 0 0135.344 8.943c26.104 13.151 42.574 39.883 42.584 69.112z" opacity=".2"/><path d="M936.833 461.305v823.136c-.046 43.067-34.861 78.015-77.927 78.225H425.833V383.25h433.072c43.062.023 77.951 34.951 77.927 78.013a.589.589 0 01.001.042z" opacity=".2"/><linearGradient gradientTransform="matrix(1 0 0 -1 0 1705.333)" y2="324.259" x2="774.086" y1="1383.074" x1="162.747" gradientUnits="userSpaceOnUse" id="b"><stop offset="0" stop-color="#1784d9"/><stop offset=".5" stop-color="#107ad5"/><stop offset="1" stop-color="#0a63c9"/></linearGradient><path d="M78.055 383.25h780.723c43.109 0 78.055 34.947 78.055 78.055v780.723c0 43.109-34.946 78.055-78.055 78.055H78.055c-43.109 0-78.055-34.947-78.055-78.055V461.305c0-43.108 34.947-78.055 78.055-78.055z" fill="url(#b)"/><path d="M243.96 710.631a227.05 227.05 0 0189.17-98.495 269.56 269.56 0 01141.675-35.515 250.91 250.91 0 01131.114 33.683 225.014 225.014 0 0186.742 94.109 303.751 303.751 0 0130.405 138.396 320.567 320.567 0 01-31.299 144.783 230.37 230.37 0 01-89.425 97.388 260.864 260.864 0 01-136.011 34.578 256.355 256.355 0 01-134.01-34.067 228.497 228.497 0 01-87.892-94.28 296.507 296.507 0 01-30.745-136.735 329.29 329.29 0 0130.276-143.845zm95.046 231.227a147.386 147.386 0 0050.163 64.812 131.028 131.028 0 0078.353 23.591 137.244 137.244 0 0083.634-24.358 141.156 141.156 0 0048.715-64.812 251.594 251.594 0 0015.543-90.404 275.198 275.198 0 00-14.649-91.554 144.775 144.775 0 00-47.182-67.537 129.58 129.58 0 00-82.91-25.55 135.202 135.202 0 00-80.184 23.804 148.626 148.626 0 00-51.1 65.365 259.759 259.759 0 00-.341 186.728z" fill="#FFF"/><path d="M1362.667 255.5h383.25v383.25h-383.25z" fill="#50D9FF"/></svg>
\ No newline at end of file
diff --git a/internal/notification/channels/smtp/channel.go b/internal/notification/channels/smtp/channel.go
index 3524634765..88f5bb7f6b 100644
--- a/internal/notification/channels/smtp/channel.go
+++ b/internal/notification/channels/smtp/channel.go
@@ -152,10 +152,7 @@ func (smtpConfig SMTP) smtpAuth(client *smtp.Client, host string) error {
 		return nil
 	}
 	// Auth
-	auth := unencryptedAuth{
-		smtp.PlainAuth("", smtpConfig.User, smtpConfig.Password, host),
-	}
-	err := client.Auth(auth)
+	err := client.Auth(PlainOrLoginAuth(smtpConfig.User, smtpConfig.Password, host))
 	if err != nil {
 		return zerrors.ThrowInternalf(err, "EMAIL-s9kfs", "could not add smtp auth for user %s", smtpConfig.User)
 	}
diff --git a/internal/notification/channels/smtp/plain_auth.go b/internal/notification/channels/smtp/plain_auth.go
deleted file mode 100644
index 76fde3ec8f..0000000000
--- a/internal/notification/channels/smtp/plain_auth.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package smtp
-
-import (
-	"net/smtp"
-)
-
-type unencryptedAuth struct {
-	smtp.Auth
-}
-
-// PlainAuth returns an Auth that implements the PLAIN authentication
-// mechanism as defined in RFC 4616. The returned Auth uses the given
-// username and password to authenticate to host and act as identity.
-// Usually identity should be the empty string, to act as username.
-//
-// This reimplementation allows it to work over non-TLS connections
-
-func (a unencryptedAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
-	s := *server
-	s.TLS = true
-	return a.Auth.Start(&s)
-}
diff --git a/internal/notification/channels/smtp/plain_or_login_auth.go b/internal/notification/channels/smtp/plain_or_login_auth.go
new file mode 100644
index 0000000000..8e9ca56e00
--- /dev/null
+++ b/internal/notification/channels/smtp/plain_or_login_auth.go
@@ -0,0 +1,57 @@
+package smtp
+
+import (
+	"bytes"
+	"net/smtp"
+	"slices"
+
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+// golang net/smtp SMTP AUTH LOGIN or PLAIN Auth Handler
+// Reference: https://gist.github.com/andelf/5118732?permalink_comment_id=4825669#gistcomment-4825669
+
+func PlainOrLoginAuth(username, password, host string) smtp.Auth {
+	return &plainOrLoginAuth{username: username, password: password, host: host}
+}
+
+type plainOrLoginAuth struct {
+	username   string
+	password   string
+	host       string
+	authMethod string
+}
+
+func (a *plainOrLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	if server.Name != a.host {
+		return "", nil, zerrors.ThrowInternal(nil, "SMTP-RRi75", "wrong host name")
+	}
+	if !slices.Contains(server.Auth, "PLAIN") {
+		a.authMethod = "LOGIN"
+		return a.authMethod, nil, nil
+	} else {
+		a.authMethod = "PLAIN"
+		resp := []byte("\x00" + a.username + "\x00" + a.password)
+		return a.authMethod, resp, nil
+	}
+}
+
+func (a *plainOrLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if !more {
+		return nil, nil
+	}
+
+	if a.authMethod == "PLAIN" {
+		// We've already sent everything.
+		return nil, zerrors.ThrowInternal(nil, "SMTP-AAf43", "unexpected server challenge for PLAIN auth method")
+	}
+
+	switch {
+	case bytes.Equal(fromServer, []byte("Username:")):
+		return []byte(a.username), nil
+	case bytes.Equal(fromServer, []byte("Password:")):
+		return []byte(a.password), nil
+	default:
+		return nil, zerrors.ThrowInternal(nil, "SMTP-HjW21", "unexpected server challenge")
+	}
+}