update

2025-05-23 00:06:07 +00:00
parent f058b2d1e7
commit 4905595cbb
7 changed files with 351 additions and 99 deletions
--- a/ts/mail/delivery/smtpserver/security-handler.ts
+++ b/ts/mail/delivery/smtpserver/security-handler.ts
@ -159,13 +159,11 @@ export class SecurityHandler implements ISecurityHandler {
  
  /**
   * Validate authentication credentials
-   * @param session - SMTP session
-   * @param username - Username
-   * @param password - Password
-   * @param method - Authentication method
+   * @param auth - Authentication credentials
   * @returns Promise that resolves to true if authenticated
   */
-  public async authenticate(session: ISmtpSession, username: string, password: string, method: string): Promise<boolean> {
+  public async authenticate(auth: ISmtpAuth): Promise<boolean> {
+    const { username, password } = auth;
    // Get auth options from server
    const options = this.smtpServer.getOptions();
    const authOptions = options.auth;
@ -176,35 +174,14 @@ export class SecurityHandler implements ISecurityHandler {
        SecurityEventType.AUTHENTICATION,
        SecurityLogLevel.WARN,
        'Authentication attempt when auth is disabled',
-        { username, method, sessionId: session.id, ip: session.remoteAddress }
+        { username }
      );
      
      return false;
    }
    
-    // Check if method is supported
-    if (!authOptions.methods.includes(method as any)) {
-      this.logSecurityEvent(
-        SecurityEventType.AUTHENTICATION,
-        SecurityLogLevel.WARN,
-        `Unsupported authentication method: ${method}`,
-        { username, method, sessionId: session.id, ip: session.remoteAddress }
-      );
-      
-      return false;
-    }
-    
-    // Check if TLS is active (should be required for auth)
-    if (!session.useTLS) {
-      this.logSecurityEvent(
-        SecurityEventType.AUTHENTICATION,
-        SecurityLogLevel.WARN,
-        'Authentication attempt without TLS',
-        { username, method, sessionId: session.id, ip: session.remoteAddress }
-      );
-      
-      return false;
-    }
+    // Note: Method validation and TLS requirement checks would need to be done
+    // at the caller level since the interface doesn't include session/method info
    
    try {
      let authenticated = false;
@ -222,7 +199,7 @@ export class SecurityHandler implements ISecurityHandler {
        SecurityEventType.AUTHENTICATION,
        authenticated ? SecurityLogLevel.INFO : SecurityLogLevel.WARN,
        authenticated ? 'Authentication successful' : 'Authentication failed',
-        { username, method, sessionId: session.id, ip: session.remoteAddress }
+        { username }
      );
      
      return authenticated;
@ -232,7 +209,7 @@ export class SecurityHandler implements ISecurityHandler {
        SecurityEventType.AUTHENTICATION,
        SecurityLogLevel.ERROR,
        `Authentication error: ${error instanceof Error ? error.message : String(error)}`,
-        { username, method, sessionId: session.id, ip: session.remoteAddress, error: error instanceof Error ? error.message : String(error) }
+        { username, error: error instanceof Error ? error.message : String(error) }
      );
      
      return false;