From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 9DBCC1F4B4 for ; Sat, 3 Apr 2021 02:24:27 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 0/6] lei auth-related fixes Date: Sat, 3 Apr 2021 02:24:21 +0000 Message-Id: <20210403022427.2430-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Auth failure handling should be more complete, but it's still horrifically slow to test because the dovecot instance I run has rate-limits for auth failures. Perhaps public-inbox-imapd should learn to reject certain username + password combos, since the -imapd instance on public-inbox.org sees a fair amount of automated traffic looking to steal info off leaked credentials. 3/6 is me still learning to use APIs I invent :x Eric Wong (6): URInntps: add URI 5.08 release note lei q: ensure wq workers shutdown on IMAP auth failures lei tag: fix tagging of IMAP inputs lei_auth: rename {net_merge} to {net_merge_continue} net_reader: fix read-only "lei convert" auth failures xt/lei-auth-fail: test more failure cases lib/PublicInbox/LEI.pm | 24 ++++++++---------------- lib/PublicInbox/LeiAuth.pm | 17 ++++++++++------- lib/PublicInbox/LeiTag.pm | 6 +++++- lib/PublicInbox/NetReader.pm | 5 +++-- lib/PublicInbox/URInntps.pm | 1 + t/lei-import-imap.t | 1 + xt/lei-auth-fail.t | 11 +++++++---- 7 files changed, 35 insertions(+), 30 deletions(-)