Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warn when using deprecated SASL mechanisms #62

Merged
merged 1 commit into from
Sep 28, 2022

Conversation

nevans
Copy link
Collaborator

@nevans nevans commented Jul 16, 2022

Mark obolete SASL mechanisms as deprecated (fixes GH-55):

  • This is a backwards-compatible alternative to the approach here: Do not load deprecated SASL mechanisms by default #58. We can still use that incompatible approach in a future version.
  • Warn every time a deprecated mechanism is used.
  • Warnings can be disabled with warn_deprecation: false
  • Fixes Remove needless dependencies #56: delay loading standard gem dependencies until
    #initialize, and convert the gems to development dependencies.

Additionally:

  • Adds basic tests for every authenticator (to avoid another Using PLAIN is broken in ruby 3.1.0 #52!)
  • Fixes a frozen string bug in DigestMD5Authenticator.
  • Fixes constant resolution for exceptions in DigestMD5Authenticator.
  • Can register an authenticator type that responds to #call (instead of
    #new). I was originally going to register deprecated authenticators
    with a Proc that required the file and issued a warning, but I decided
    to put everything into the initializer instead. #authenticator
    needed to be updated to safely delegate all args, and I left this in.

The DIGEST-MD5 bug was originally reported, tested, and fixed by
@singpolyma here: nevans/net-sasl#3.

Co-authored-by: Stephen Paul Weber [email protected]

Mark obolete SASL mechanisms as deprecated (fixes GH-55):
* This is a backwards-compatible alternative to the approach in GH-58
  (don't require and add the deprecated authenticators automatically).
  We can use that incompatible approach in a later version.
* Warn every time a deprecated mechanism is used.
* Warnings can be disabled with `warn_deprecation: false`
* Fixes GH-56: delay loading standard gem dependencies until
  `#initialize`, and convert the gems to development dependencies.

Additionally:
* Adds basic tests for every authenticator (to avoid another GH-52!)
* Fixes a frozen string bug in DigestMD5Authenticator.
* Fixes constant resolution for exceptions in DigestMD5Authenticator.
* Can register an authenticator type that responds to #call (instead of
  #new).  I was originally going to register deprecated authenticators
  with a Proc that required the file and issued a warning, but I decided
  to put everything into the initializer instead.  `#authenticator`
  needed to be updated to safely delegate all args, and I left this in.

The DIGEST-MD5 bug was originally reported, tested, and fixed by
@singpolyma here: nevans/net-sasl#3.

Co-authored-by: Stephen Paul Weber <[email protected]>
Copy link
Member

@shugo shugo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks fine. thank you!

@hsbt hsbt merged commit b3661bd into master Sep 28, 2022
@hsbt hsbt deleted the deprecation-warning-SASL-mechanisms branch September 28, 2022 08:13
@hsbt
Copy link
Member

hsbt commented Sep 28, 2022

@shugo @nevans Can we release v0.3.0 contained this? I hope to reduce the dependencies from gem i rails.

@shugo
Copy link
Member

shugo commented Sep 28, 2022

@shugo @nevans Can we release v0.3.0 contained this? I hope to reduce the dependencies from gem i rails.

Sure. I've released v0.3.0.

@hsbt
Copy link
Member

hsbt commented Sep 28, 2022

Thanks a lot!

@nevans nevans added the SASL 🔒 Authentication and authentication mechanisms label Feb 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SASL 🔒 Authentication and authentication mechanisms
Development

Successfully merging this pull request may close these issues.

RFC6331: Moving DIGEST-MD5 to Historic
3 participants