lyrathorpe/legacy-email-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ignore client-supplied POP3 credentials #15

Merged
lyrathorpe merged 1 commits from feat/ignore-pop-credentials into main 2026-06-17 18:16:38 +01:00
Conversation 0 Commits 1 Files Changed 2
+60 -16
lyrathorpe commented 2026-06-17 18:10:05 +01:00
Owner
Copy Link
Copy Source

Accept any POP3 USER/PASS from the client and discard them. The proxy always authenticates to the IMAP backend with the configured BACKEND_IMAP_USER / BACKEND_IMAP_PASS.

Changes

  • handle_user / handle_pass: accept client credentials unconditionally, no validation.
  • authenticate: always use backend credentials; remove the fallback that connected with client-supplied credentials when backend credentials were unset. Raise a clear configuration error when backend credentials are missing.
  • Tests: client credentials are ignored; missing backend credentials are reported.

Closes #14

Accept any POP3 `USER`/`PASS` from the client and discard them. The proxy always authenticates to the IMAP backend with the configured `BACKEND_IMAP_USER` / `BACKEND_IMAP_PASS`. ## Changes - `handle_user` / `handle_pass`: accept client credentials unconditionally, no validation. - `authenticate`: always use backend credentials; remove the fallback that connected with client-supplied credentials when backend credentials were unset. Raise a clear configuration error when backend credentials are missing. - Tests: client credentials are ignored; missing backend credentials are reported. Closes #14
lyrathorpe added 1 commit 2026-06-17 18:10:05 +01:00
feat: ignore client-supplied POP3 credentials
Build and publish container / build (pull_request) Successful in 9m23s
Details
78a3c21ac7 
POP3 clients may be required to send USER/PASS, but the proxy never uses
them. Accept any client credentials blindly and always authenticate to the
IMAP backend with the configured BACKEND_IMAP_USER / BACKEND_IMAP_PASS.

Remove the previous fallback that connected to the backend using
client-supplied credentials when backend credentials were unset; the proxy
now raises a clear configuration error in that case.

Add tests covering that client credentials are ignored and that missing
backend credentials are reported.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lyrathorpe merged commit 9a4bab33e2 into main 2026-06-17 18:16:38 +01:00
lyrathorpe deleted branch feat/ignore-pop-credentials 2026-06-17 18:16:40 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Defect / incorrect behaviour
 ci
CI / build pipeline
 docs
Documentation
 enhancement
Improvement to existing behaviour
 security
Security hardening
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
lyrathorpe
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lyrathorpe/legacy-email-proxy#15
Delete Branch "feat/ignore-pop-credentials"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?