Added POP3 authentication.

Author: Rustam Aliyev

modules/core/osgi.bnd

@@ -6,7 +6,7 @@ Export-Package: \
 	com.elasticinbox.core,\
 	com.elasticinbox.core.model,\
 	com.elasticinbox.core.utils,\
-	com.elasticinbox.core.account.validator,\
+	com.elasticinbox.core.account.*,\
 	com.elasticinbox.core.message,\
 	com.elasticinbox.core.message.id,\
 	com.elasticinbox.core.blob,\

modules/core/src/main/java/com/elasticinbox/core/account/authenticator/AllowAllAuthenticator.java

@@ -0,0 +1,54 @@
+/**
+ * Copyright (c) 2011-2012 Optimax Software Ltd.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *  * Neither the name of Optimax Software, ElasticInbox, nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.elasticinbox.core.account.authenticator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.elasticinbox.core.model.Mailbox;
+
+/**
+ * Authenticator which allows all users without checking password
+ * 
+ * @author Rustam Aliyev
+ */
+public final class AllowAllAuthenticator implements IAuthenticator
+{
+	private static final Logger logger = LoggerFactory
+			.getLogger(AllowAllAuthenticator.class);
+
+	@Override
+	public Mailbox authenticate(String username, String password)
+	{
+		Mailbox mailbox = new Mailbox(username);
+		logger.debug("Authenticated " + mailbox.getId());
+		return mailbox;
+	}
+
+}

modules/core/src/main/java/com/elasticinbox/core/account/authenticator/AuthenticationException.java

@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) 2011-2012 Optimax Software Ltd.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *  * Neither the name of Optimax Software, ElasticInbox, nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.elasticinbox.core.account.authenticator;
+
+public class AuthenticationException extends Exception
+{
+	private static final long serialVersionUID = 1L;
+
+	public AuthenticationException(String message)
+    {
+        super(message);
+    }
+}

modules/core/src/main/java/com/elasticinbox/core/account/authenticator/AuthenticatorFactory.java

@@ -0,0 +1,45 @@
+/**
+ * Copyright (c) 2011-2012 Optimax Software Ltd.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *  * Neither the name of Optimax Software, ElasticInbox, nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.elasticinbox.core.account.authenticator;
+
+/**
+ * Creates account authenticator
+ * 
+ * @author Rustam Aliyev
+ */
+public class AuthenticatorFactory
+{
+	private AuthenticatorFactory() {
+		// ensure non-instantiability
+	}
+
+	public static IAuthenticator getAuthenticator() {
+		return new AllowAllAuthenticator();
+	}
+}

modules/core/src/main/java/com/elasticinbox/core/account/authenticator/IAuthenticator.java

@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2011-2012 Optimax Software Ltd.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *  * Neither the name of Optimax Software, ElasticInbox, nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.elasticinbox.core.account.authenticator;
+
+import com.elasticinbox.core.model.Mailbox;
+
+public interface IAuthenticator
+{
+	public enum AccountStatus {
+		ACTIVE, BLOCKED, NOT_FOUND
+	}
+
+	/**
+	 * Authenticate user with provided username/password pair.
+	 * 
+	 * @param username
+	 * @param password
+	 * @return
+	 */
+	public Mailbox authenticate(String username, String password) throws AuthenticationException;
+}

modules/core/src/main/java/com/elasticinbox/core/account/validator/DummyValidator.java

@@ -38,14 +38,15 @@
  * 
  * @author Rustam Aliyev
  */
-final class DummyValidator implements IValidator
+public final class DummyValidator implements IValidator
 {
 	private static final Logger logger = LoggerFactory
 			.getLogger(DummyValidator.class);
 
 	@Override
-	public AccountStatus getAccountStatus(Mailbox mailbox)
+	public AccountStatus getAccountStatus(String username)
 	{
+		Mailbox mailbox = new Mailbox(username);
 		logger.debug("Validating " + mailbox.getId());
 		return AccountStatus.ACTIVE;
 	}

modules/core/src/main/java/com/elasticinbox/core/account/validator/IValidator.java

@@ -28,13 +28,11 @@
 
 package com.elasticinbox.core.account.validator;
 
-import com.elasticinbox.core.model.Mailbox;
-
 public interface IValidator
 {
 	public enum AccountStatus {
 		ACTIVE, BLOCKED, NOT_FOUND
 	}
 
-	public AccountStatus getAccountStatus(Mailbox mailbox);
+	public AccountStatus getAccountStatus(String username);
 }

modules/lmtp/src/main/java/com/elasticinbox/lmtp/server/api/handler/ValidRcptHandler.java

@@ -7,19 +7,16 @@
 import com.elasticinbox.core.account.validator.IValidator;
 import com.elasticinbox.core.account.validator.IValidator.AccountStatus;
 import com.elasticinbox.core.account.validator.ValidatorFactory;
-import com.elasticinbox.core.model.Mailbox;
 
 public class ValidRcptHandler extends AbstractValidRcptHandler
 {
-	IValidator validator = ValidatorFactory.getValidator();
+	private IValidator validator = ValidatorFactory.getValidator();
 
 	@Override
 	protected boolean isValidRecipient(SMTPSession session, MailAddress recipient)
 	{
-		Mailbox mailbox = new Mailbox(recipient.toString());
-		AccountStatus status = validator.getAccountStatus(mailbox);
-		session.getLogger().debug("Validated account (" + mailbox.getId() + 
-				") status is " + status.toString());
+		AccountStatus status = validator.getAccountStatus(recipient.toString());
+		session.getLogger().debug("Validated account (" + recipient +  ") status is " + status);
 
 		return status.equals(AccountStatus.ACTIVE) ? true : false;
 	}

modules/pop3/src/main/java/com/elasticinbox/pop3/POP3ProxyServer.java

@@ -59,10 +59,6 @@ public void start() throws Exception
 	{
 		Logger logger = new POP3ProtocolLogger();
 
-//		POP3ProtocolHandlerChain chain = new POP3ProtocolHandlerChain();
-//		chain.add(0, new PassCmdHandler(backend));
-//		chain.wireExtensibleHandlers();
-
 		POP3ProtocolHandlerChain chain = new POP3ProtocolHandlerChain(new AuthHandler(backend));
 
 		server = new NettyServer(new POP3Protocol(chain, new POP3ServerConfig(), logger));

modules/pop3/src/main/java/com/elasticinbox/pop3/server/handler/AuthHandler.java

@@ -1,33 +1,94 @@
+/**
+ * Copyright (c) 2011-2012 Optimax Software Ltd.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *  * Neither the name of Optimax Software, ElasticInbox, nor the names
+ *    of its contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 package com.elasticinbox.pop3.server.handler;
 
 import org.apache.james.protocols.pop3.POP3Session;
 import org.apache.james.protocols.pop3.core.AbstractPassCmdHandler;
-import org.apache.james.protocols.pop3.mailbox.Mailbox;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public class AuthHandler extends AbstractPassCmdHandler
+import com.elasticinbox.core.account.authenticator.AuthenticationException;
+import com.elasticinbox.core.account.authenticator.AuthenticatorFactory;
+import com.elasticinbox.core.account.authenticator.IAuthenticator;
+import com.elasticinbox.core.account.validator.IValidator;
+import com.elasticinbox.core.account.validator.ValidatorFactory;
+import com.elasticinbox.core.account.validator.IValidator.AccountStatus;
+import com.elasticinbox.core.model.Mailbox;
+
+/**
+ * POP3 Authentication Handler (AUTH)
+ *
+ * @author Rustam Aliyev
+ */
+public final class AuthHandler extends AbstractPassCmdHandler
 {
 	private static final Logger logger = 
 			LoggerFactory.getLogger(AuthHandler.class);
 
 	private MailboxHandlerFactory backend;
 
+	private IValidator validator = ValidatorFactory.getValidator();
+	private IAuthenticator authenticator = AuthenticatorFactory.getAuthenticator();
+
 	public AuthHandler(MailboxHandlerFactory backend) {
 		this.backend = backend;
 	}
 
 	@Override
-	protected Mailbox auth(POP3Session session, String username, String password) throws Exception
+	protected org.apache.james.protocols.pop3.mailbox.Mailbox auth(POP3Session session, String username, String password) throws Exception
 	{
+		Mailbox mailbox;
+
 		logger.debug("POP3: Authenticating session {}, user {}, pass {}",
 				new Object[] { session.getSessionID(), username, password });
 
-		// authenticate mailbox, if failed return null
-
-		// get mailbox info
-		Mailbox mailbox = backend.getMailboxHander(username);
-		return mailbox;
+		try {
+			// authenticate mailbox, if failed return null
+			AccountStatus status = validator.getAccountStatus(username);
+			session.getLogger().debug("Validated account (" + username + ") status is " + status.toString());
+	
+			if (!status.equals(AccountStatus.ACTIVE)) {
+				throw new AuthenticationException("User " + username + " does not exist or inactive");
+			}
+	
+			// authenticate user with password
+			mailbox = authenticator.authenticate(username, password);
+	
+			// return POP3 handler for mailbox
+			return backend.getMailboxHander(mailbox);
+		} catch (IllegalArgumentException iae) {
+			logger.debug("POP3 Authentication failed. Invalid username [{}]: {}", username, iae.getMessage());
+			return null;
+		} catch (AuthenticationException ae) {
+			logger.debug("POP3 Authentication failed. Invalid username [{}] or password [{}]", username, password);
+			return null;
+		}
 	}
 }