rethink-public/aiomail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: bytes-token XOAUTH2 + tolerant SEARCH parse (v0.1.1)

Browse Source 
- a token provider (or static token) returning bytes crashed token.encode() in the
  XOAUTH2 path. coerce to str at the source (_resolve_token via _as_str) so both
  the .encode() and SASL-fallback entrypoints get a str.
- client.search() did int(x) on every SEARCH token unguarded; a malformed/non-
  numeric token aborted the whole search. skip non-numeric tokens (log at debug)
  instead of crashing.

verified by execution: bytes static + async-provider tokens authenticate without
crashing (both xoauth2 and SASL-fallback paths); guarded search skips garbage.

Signed-off-by: disqualifier <dev@disqualifier.me>
This commit is contained in:
disqualifier 2026-06-27 21:51:27 -04:00
parent 5f7ed74306
commit ba7ae48a87
4 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@ -4,7 +4,7 @@ build-backend = "hatchling.build"
[project] [project]
name = "aiomail" name = "aiomail"
version = "0.1.0" version = "0.1.1"
description = "async IMAP one-time-code retrieval with password/OAuth2 auth and dynamic matching" description = "async IMAP one-time-code retrieval with password/OAuth2 auth and dynamic matching"
requires-python = ">=3.10" requires-python = ">=3.10"
dependencies = [ dependencies = [

2
src/aiomail/__init__.py
View File

@ -29,4 +29,4 @@ __all__ = [
"DEFAULT_FOLDERS", "DEFAULT_FOLDERS",
] ]
__version__ = "0.1.0" __version__ = "0.1.1"

13
src/aiomail/auth.py
View File

@ -38,6 +38,15 @@ class PasswordAuth:
raise RuntimeError(f"login failed: {result} {data}") raise RuntimeError(f"login failed: {result} {data}")
def _as_str(token) -> str:
"""coerce a token to str (a provider may hand back bytes)
both XOAUTH2 entrypoints downstream need a str (one .encode()s it, the SASL
builder interpolates it), so normalize here rather than crashing on bytes.
"""
return token.decode() if isinstance(token, bytes) else token
def _sasl_xoauth2(user: str, token: str) -> str: def _sasl_xoauth2(user: str, token: str) -> str:
"""build the base64 XOAUTH2 SASL initial-response string""" """build the base64 XOAUTH2 SASL initial-response string"""
raw = f"user={user}\x01auth=Bearer {token}\x01\x01".encode() raw = f"user={user}\x01auth=Bearer {token}\x01\x01".encode()
@ -71,8 +80,8 @@ class OAuth2Auth:
token = await result if hasattr(result, "__await__") else result token = await result if hasattr(result, "__await__") else result
if not token: if not token:
raise RuntimeError("token provider returned an empty token") raise RuntimeError("token provider returned an empty token")
return token return _as_str(token)
return self._token # type: ignore[return-value] return _as_str(self._token) # type: ignore[arg-type]
async def authenticate(self, mail) -> None: async def authenticate(self, mail) -> None:
token = await self._resolve_token() token = await self._resolve_token()

9
src/aiomail/client.py
View File

@ -138,7 +138,14 @@ class IMAPClient:
return [] return []
if result != "OK" or not data or not data[0]: if result != "OK" or not data or not data[0]:
return [] return []
ids = [int(x) for x in data[0].split()] ids = []
for token in data[0].split():
try:
ids.append(int(token))
except (TypeError, ValueError):
# tolerate a malformed/non-numeric token in the SEARCH response
# instead of crashing the whole search
log.debug("skipping non-numeric search token: %r", token)
return sorted(set(ids), reverse=True) return sorted(set(ids), reverse=True)
async def fetch(self, email_id: int, *, icloud: bool = False) -> Optional[email.message.Message]: async def fetch(self, email_id: int, *, icloud: bool = False) -> Optional[email.message.Message]: