Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 542 bytes --]

Hi all,

I recently had to add XOAUTH2 support in smtpmail to access my
two-factor authenticated Gmail account, which turned out to be
surprisingly simple (my hack has about 20 lines of code, I guess it
would about double to do it properly).

It uses oauth2.el, so my plan would be to make smtpmail load that
library on demand, in case the new smtpmail-xoauth2 variables are
configured. I guess the required functionality could be copy-and-pasted,
but that seems a waste.

Is there any interest in a patch?

-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[John Wiegley]

>>>>> "CC" == Cesar Crusius <cesar.crusius@gmail.com> writes:

CC> I recently had to add XOAUTH2 support in smtpmail to access my two-factor
CC> authenticated Gmail account, which turned out to be surprisingly simple
CC> (my hack has about 20 lines of code, I guess it would about double to do
CC> it properly).

CC> It uses oauth2.el, so my plan would be to make smtpmail load that library
CC> on demand, in case the new smtpmail-xoauth2 variables are configured. I
CC> guess the required functionality could be copy-and-pasted, but that seems
CC> a waste.

CC> Is there any interest in a patch?

This sounds useful to me. How will users know to enable the extra behavior?

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Tim Cross]

[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]

I think this would be an excellent extension as it should mean you won't
need to use the 'application' passwords hack, which sort of undermines 2fa
configs anyway.

On 6 January 2018 at 16:32, John Wiegley <johnw@gnu.org> wrote:

> >>>>> "CC" == Cesar Crusius <cesar.crusius@gmail.com> writes:
>
> CC> I recently had to add XOAUTH2 support in smtpmail to access my
> two-factor
> CC> authenticated Gmail account, which turned out to be surprisingly simple
> CC> (my hack has about 20 lines of code, I guess it would about double to
> do
> CC> it properly).
>
> CC> It uses oauth2.el, so my plan would be to make smtpmail load that
> library
> CC> on demand, in case the new smtpmail-xoauth2 variables are configured. I
> CC> guess the required functionality could be copy-and-pasted, but that
> seems
> CC> a waste.
>
> CC> Is there any interest in a patch?
>
> This sounds useful to me. How will users know to enable the extra behavior?
>
> --
> John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
> http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2
>
>


-- 
regards,

Tim

--
Tim Cross

[-- Attachment #2: Type: text/html, Size: 1940 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 463 bytes --]


On Sat 06 Jan 2018 at 05:32, John Wiegley wrote:

> CC> Is there any interest in a patch?
>
> This sounds useful to me. How will users know to enable the extra behavior?

I'm not sure what you mean, but one of the challenges here will be to
document this properly. My plan is to add a new variable
'smtpmail-xoauth2-token' that if non-nil both enables the behavior and
configures the service, and to document it to exhaustion.


-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 363 bytes --]


On Sat 06 Jan 2018 at 06:13, Tim Cross wrote:

> I think this would be an excellent extension as it should mean you won't
> need to use the 'application' passwords hack, which sort of undermines 2fa
> configs anyway.

The application password hack is what triggered my hack - it broke for
me today, and I got a bit fed up with it.

-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 2121 bytes --]


On Sat 06 Jan 2018 at 05:32, John Wiegley wrote:

>>>>>> "CC" == Cesar Crusius <cesar.crusius@gmail.com> writes:
>
> CC> I recently had to add XOAUTH2 support in smtpmail to access my two-factor
> CC> authenticated Gmail account, which turned out to be surprisingly simple
> CC> (my hack has about 20 lines of code, I guess it would about double to do
> CC> it properly).
>
> CC> It uses oauth2.el, so my plan would be to make smtpmail load that library
> CC> on demand, in case the new smtpmail-xoauth2 variables are configured. I
> CC> guess the required functionality could be copy-and-pasted, but that seems
> CC> a waste.
>
> CC> Is there any interest in a patch?
>
> This sounds useful to me. How will users know to enable the extra behavior?

Now that I made the hack "proper," I think I may take another route
here. SMTP XOAuth2, basically a Gmail-only thing, probably does not
belong in the Emacs main repository. Instead,

1. All that needs to happen in smtpmail.el is for the
   'smtpmail-try-auth-methods' to have the following patch:

diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index 20cbeb5f4e..a33a552cd0 100644
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -547,6 +551,13 @@ The list is in preference order.")
          (not password))
       ;; No mechanism, or no credentials.
       mech)
+     ((eq mech 'xoauth2)
+      (smtpmail-command-or-throw
+       process
+       (concat "AUTH XOAUTH2 "
+        (base64-encode-string
+         (concat "user=" user "\1auth=Bearer " password "\1\1") t))
+       235))
      ((eq mech 'cram-md5)
       (setq ret (smtpmail-command-or-throw process "AUTH CRAM-MD5"))
       (when (eq (car ret) 334)

2. I can create a MELPA package 'auth-source-xoauth2.el' that can then
   be transparently used to provide the XOAuth2 "password" when required.

smtpmail.el should /not/ include xoauth2 in the supported auth methods
by default, as the configuration is non-trivial, and it would likely
immediately break all Gmail configurations using application passwords.

-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[John Wiegley]

>>>>> Cesar Crusius <cesar.crusius@gmail.com> writes:

> 1. All that needs to happen in smtpmail.el is for the
>    'smtpmail-try-auth-methods' to have the following patch:

Could it be done using advice-add in an ELPA package, while also proposing a
general mechanism for hooking into this part of smtpmail?

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 963 bytes --]


On Sun 07 Jan 2018 at 09:08, John Wiegley wrote:

>>>>>> Cesar Crusius <cesar.crusius@gmail.com> writes:
>
>> 1. All that needs to happen in smtpmail.el is for the
>>    'smtpmail-try-auth-methods' to have the following patch:
>
> Could it be done using advice-add in an ELPA package, while also proposing a
> general mechanism for hooking into this part of smtpmail?

I guess so, although it feels a bit strange to advise a function in
'smtpmail.el' from an 'auth-source' package.

A proper generalization of 'smtp-try-auth-method' is easy, of
course.  All you need is to split the test into functions, eg
'smtp-try-plain-auth-method', 'smtp-try-login-auth-method', etc, and
then have 'smtp-try-auth-method' simply call
'smtp-try-<mech>-auth-method.'  Then anybody would be able to define
their own and just add them to the 'smtpmail-auth-supported' list.

Do you think it is work working on a patch like this first?

-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Stefan Monnier]

> A proper generalization of 'smtp-try-auth-method' is easy, of
> course.  All you need is to split the test into functions, eg
> 'smtp-try-plain-auth-method', 'smtp-try-login-auth-method', etc, and
> then have 'smtp-try-auth-method' simply call
> 'smtp-try-<mech>-auth-method.'  Then anybody would be able to define
> their own and just add them to the 'smtpmail-auth-supported' list.

How 'bout just making smtpmail-try-auth-method into a generic function,
so you can do

    (cl-defmethod smtpmail-try-auth-method
        (process (mech (eql xoauth2)) user password)
      ...)


-- Stefan

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Cesar Crusius]

[-- Attachment #1: Type: text/plain, Size: 988 bytes --]


On Sun 07 Jan 2018 at 17:42, Stefan Monnier wrote:

>> A proper generalization of 'smtp-try-auth-method' is easy, of
>> course.  All you need is to split the test into functions, eg
>> 'smtp-try-plain-auth-method', 'smtp-try-login-auth-method', etc, and
>> then have 'smtp-try-auth-method' simply call
>> 'smtp-try-<mech>-auth-method.'  Then anybody would be able to define
>> their own and just add them to the 'smtpmail-auth-supported' list.
>
> How 'bout just making smtpmail-try-auth-method into a generic function,
> so you can do
>
>     (cl-defmethod smtpmail-try-auth-method
>         (process (mech (eql xoauth2)) user password)
>       ...)

Sure, that works too, and is arguably better. I don't see many of those
around, so I assumed that the "hardcoded function name convention" was
the "Emacs way" (see, for example, auth-source itself).

I can probably work on making that happen some time this week if there
are no objections.

-- 
Cesar Crusius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[Stefan Monnier]

> Sure, that works too, and is arguably better. I don't see many of those
> around,

cl-defmethod was introduced in Emacs-25, so it's no surprised that there
aren't many of those around yet.


        Stefan

Re: Any interest in an XOAUTH2 patch for smtpmail (Gmail 2-factor auth)?

[John Wiegley]

>>>>> "SM" == Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> Sure, that works too, and is arguably better. I don't see many of those
>> around,

SM> cl-defmethod was introduced in Emacs-25, so it's no surprised that there
SM> aren't many of those around yet.

Nice, I like the use of cl-defmethod for this.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2