fix: bytes-token XOAUTH2 + tolerant SEARCH parse (v0.1.1)

- a token provider (or static token) returning bytes crashed token.encode() in the XOAUTH2 path. coerce to str at the source (_resolve_token via _as_str) so both the .encode() and SASL-fallback entrypoints get a str. - client.search() did int(x) on every SEARCH token unguarded; a malformed/non- numeric token aborted the whole search. skip non-numeric tokens (log at debug) instead of crashing. verified by execution: bytes static + async-provider tokens authenticate without crashing (both xoauth2 and SASL-fallback paths); guarded search skips garbage. Signed-off-by: disqualifier <dev@disqualifier.me>
2026-06-27 21:51:27 -04:00 · 2026-06-27 21:51:27 -04:00 · ba7ae48a87
commit ba7ae48a87
parent 5f7ed74306
4 changed files with 21 additions and 5 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@ -4,7 +4,7 @@ build-backend = "hatchling.build"

 [project]
 name = "aiomail"
-version = "0.1.0"
+version = "0.1.1"
 description = "async IMAP one-time-code retrieval with password/OAuth2 auth and dynamic matching"
 requires-python = ">=3.10"
 dependencies = [
--- a/src/aiomail/init.py
+++ b/src/aiomail/init.py
@ -29,4 +29,4 @@ __all__ = [
    "DEFAULT_FOLDERS",
 ]

-__version__ = "0.1.0"
+__version__ = "0.1.1"
--- a/src/aiomail/auth.py
+++ b/src/aiomail/auth.py
@ -38,6 +38,15 @@ class PasswordAuth:
            raise RuntimeError(f"login failed: {result} {data}")


+def _as_str(token) -> str:
+    """coerce a token to str (a provider may hand back bytes)
+
+    both XOAUTH2 entrypoints downstream need a str (one .encode()s it, the SASL
+    builder interpolates it), so normalize here rather than crashing on bytes.
+    """
+    return token.decode() if isinstance(token, bytes) else token
+
+
 def _sasl_xoauth2(user: str, token: str) -> str:
    """build the base64 XOAUTH2 SASL initial-response string"""
    raw = f"user={user}\x01auth=Bearer {token}\x01\x01".encode()
@ -71,8 +80,8 @@ class OAuth2Auth:
            token = await result if hasattr(result, "__await__") else result
            if not token:
                raise RuntimeError("token provider returned an empty token")
-            return token
-        return self._token  # type: ignore[return-value]
+            return _as_str(token)
+        return _as_str(self._token)  # type: ignore[arg-type]

    async def authenticate(self, mail) -> None:
        token = await self._resolve_token()
--- a/src/aiomail/client.py
+++ b/src/aiomail/client.py
@ -138,7 +138,14 @@ class IMAPClient:
            return []
        if result != "OK" or not data or not data[0]:
            return []
-        ids = [int(x) for x in data[0].split()]
+        ids = []
+        for token in data[0].split():
+            try:
+                ids.append(int(token))
+            except (TypeError, ValueError):
+                # tolerate a malformed/non-numeric token in the SEARCH response
+                # instead of crashing the whole search
+                log.debug("skipping non-numeric search token: %r", token)
        return sorted(set(ids), reverse=True)

    async def fetch(self, email_id: int, *, icloud: bool = False) -> Optional[email.message.Message]: