fix: Unrecognized Authentication Type Error when SMTP LOGIN Auth method is required (#7761)

* fix: poc outlook.com now works login auth * fix: remove port arg from smtpAuth * fix: add outlook provider and custom email placeholder * fix: minor typo in contributing docs * fix: use zerrors package * fix: typo for idp and smtp providers --------- Co-authored-by: Max Peintner <max@caos.ch>
2025-08-11 19:17:32 +00:00 · 2024-04-30 09:31:07 +02:00
parent 2a421a7b8a
commit 1f54f5b8a4
11 changed files with 107 additions and 40 deletions
--- a/internal/notification/channels/smtp/channel.go
+++ b/internal/notification/channels/smtp/channel.go
@@ -152,10 +152,7 @@ func (smtpConfig SMTP) smtpAuth(client *smtp.Client, host string) error {
 		return nil
 	}
 	// Auth
-	auth := unencryptedAuth{
-		smtp.PlainAuth("", smtpConfig.User, smtpConfig.Password, host),
-	}
-	err := client.Auth(auth)
+	err := client.Auth(PlainOrLoginAuth(smtpConfig.User, smtpConfig.Password, host))
 	if err != nil {
 		return zerrors.ThrowInternalf(err, "EMAIL-s9kfs", "could not add smtp auth for user %s", smtpConfig.User)
 	}
--- a/internal/notification/channels/smtp/plain_auth.go
+++ b/internal/notification/channels/smtp/plain_auth.go
@@ -1,22 +0,0 @@
-package smtp
-
-import (
-	"net/smtp"
-)
-
-type unencryptedAuth struct {
-	smtp.Auth
-}
-
-// PlainAuth returns an Auth that implements the PLAIN authentication
-// mechanism as defined in RFC 4616. The returned Auth uses the given
-// username and password to authenticate to host and act as identity.
-// Usually identity should be the empty string, to act as username.
-//
-// This reimplementation allows it to work over non-TLS connections
-
-func (a unencryptedAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
-	s := *server
-	s.TLS = true
-	return a.Auth.Start(&s)
-}
--- a/internal/notification/channels/smtp/plain_or_login_auth.go
+++ b/internal/notification/channels/smtp/plain_or_login_auth.go
@@ -0,0 +1,57 @@
+package smtp
+
+import (
+	"bytes"
+	"net/smtp"
+	"slices"
+
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+// golang net/smtp SMTP AUTH LOGIN or PLAIN Auth Handler
+// Reference: https://gist.github.com/andelf/5118732?permalink_comment_id=4825669#gistcomment-4825669
+
+func PlainOrLoginAuth(username, password, host string) smtp.Auth {
+	return &plainOrLoginAuth{username: username, password: password, host: host}
+}
+
+type plainOrLoginAuth struct {
+	username   string
+	password   string
+	host       string
+	authMethod string
+}
+
+func (a *plainOrLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	if server.Name != a.host {
+		return "", nil, zerrors.ThrowInternal(nil, "SMTP-RRi75", "wrong host name")
+	}
+	if !slices.Contains(server.Auth, "PLAIN") {
+		a.authMethod = "LOGIN"
+		return a.authMethod, nil, nil
+	} else {
+		a.authMethod = "PLAIN"
+		resp := []byte("\x00" + a.username + "\x00" + a.password)
+		return a.authMethod, resp, nil
+	}
+}
+
+func (a *plainOrLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if !more {
+		return nil, nil
+	}
+
+	if a.authMethod == "PLAIN" {
+		// We've already sent everything.
+		return nil, zerrors.ThrowInternal(nil, "SMTP-AAf43", "unexpected server challenge for PLAIN auth method")
+	}
+
+	switch {
+	case bytes.Equal(fromServer, []byte("Username:")):
+		return []byte(a.username), nil
+	case bytes.Equal(fromServer, []byte("Password:")):
+		return []byte(a.password), nil
+	default:
+		return nil, zerrors.ThrowInternal(nil, "SMTP-HjW21", "unexpected server challenge")
+	}
+}