smtp-connection - npm Package Compare versions

Comparing version 2.3.2 to 2.4.0-beta.0

CHANGELOG.md

 # Changelog
 
+## v2.4.0-beta 2016-04-24
+
+  * Added experimental support for NTLM authentication
+
 ## v2.3.2 2016-04-11
@@ -4,0 +8,0 @@

lib/smtp-connection.js

@@ -13,2 +13,3 @@ 'use strict';
 var shared = require('nodemailer-shared');
+var ntlm = require('httpntlm/ntlm');
 
@@ -275,6 +276,8 @@ module.exports = SMTPConnection;
     var authMethod;
-    if (this._auth.xoauth2 && this._supportedAuth.indexOf('XOAUTH2') >= 0) {
+    if (this.options.authMethod) {
+        authMethod = this.options.authMethod.toUpperCase().trim();
+    } else if (this._auth.xoauth2 && this._supportedAuth.indexOf('XOAUTH2') >= 0) {
         authMethod = 'XOAUTH2';
-    } else if (this.options.authMethod) {
-        authMethod = this.options.authMethod.toUpperCase().trim();
+    } else if (this._auth.domain && this._supportedAuth.indexOf('NTLM') >= 0) {
+        authMethod = 'NTLM';
     } else {
@@ -311,2 +314,11 @@ // use first supported
             return;
+        case 'NTLM':
+            this._currentAction = function (str) {
+                this._actionAUTH_NTLM_TYPE1(str, callback);
+            }.bind(this);
+            this._sendCommand('AUTH ' + ntlm.createType1Message({
+                domain: this._auth.domain || '',
+                workstation: this._auth.workstation || ''
+            }));
+            return;
     }
@@ -905,2 +917,45 @@
 /**
+ * Handle the response for AUTH NTLM, which should be a
+ * '334 <challenge string>'. See http://davenport.sourceforge.net/ntlm.html
+ * We already sent the Type1 message, the challenge is a Type2 message, we
+ * need to respond with a Type3 message.
+ *
+ * @param {String} str Message from the server
+ */
+SMTPConnection.prototype._actionAUTH_NTLM_TYPE1 = function (str, callback) {
+    var challengeMatch = str.match(/^334\s+(.+)$/);
+    var challengeString = '';
+
+    if (!challengeMatch) {
+        return callback(this._formatError('Invalid login sequence while waiting for server challenge string', 'EAUTH', str));
+    } else {
+        challengeString = challengeMatch[1];
+    }
+
+    if (!/^NTLM/i.test(challengeString)) {
+        challengeString = 'NTLM ' + challengeString;
+    }
+
+    var type2Message = ntlm.parseType2Message(challengeString, callback);
+    if (!type2Message) {
+        return;
+    }
+
+    var type3Message = ntlm.createType3Message(type2Message, {
+        domain: this._auth.domain || '',
+        workstation: this._auth.workstation || '',
+        username: this._auth.user,
+        password: this._auth.pass
+    });
+
+    type3Message = type3Message.substring(5); // remove the "NTLM " prefix
+
+    this._currentAction = function (str) {
+        this._actionAUTH_NTLM_TYPE3(str, callback);
+    }.bind(this);
+
+    this._sendCommand(type3Message);
+};
+
+/**
  * Handle the response for AUTH CRAM-MD5 command. We are expecting
@@ -958,2 +1013,18 @@ * '334 <challenge string>'. Data to be sent as response needs to be
 /**
+ * Handles the TYPE3 response for NTLM authentication, if there's no error,
+ * the user can be considered logged in. Start waiting for a message to send
+ *
+ * @param {String} str Message from the server
+ */
+SMTPConnection.prototype._actionAUTH_NTLM_TYPE3 = function (str, callback) {
+    if (!str.match(/^235\s+/)) {
+        return callback(this._formatError('Invalid login sequence while waiting for "235"', 'EAUTH', str));
+    }
+
+    this.logger.info('[%s] User %s authenticated', this.id, JSON.stringify(this._user));
+    this.authenticated = true;
+    callback(null, true);
+};
+
+/**
  * Handle the response for AUTH LOGIN command. We are expecting
@@ -960,0 +1031,0 @@ * '334 UGFzc3dvcmQ6' (base64 for 'Password:'). Data to be sent as

package.json

 {
   "name": "smtp-connection",
-  "version": "2.3.2",
+  "version": "2.4.0-beta.0",
   "description": "Connect to SMTP servers",
@@ -28,3 +28,4 @@ "main": "lib/smtp-connection.js",
     "grunt": "^1.0.1",
-    "grunt-eslint": "^18.0.0",
+    "grunt-cli": "^1.2.0",
+    "grunt-eslint": "^18.1.0",
     "grunt-mocha-test": "^0.12.7",
@@ -38,4 +39,5 @@ "mocha": "^2.4.5",
   "dependencies": {
+    "httpntlm": "1.5.3",
     "nodemailer-shared": "1.0.4"
   }
 }

README.md

@@ -112,2 +112,18 @@ # smtp-connection
 
+### Login using NTLM
+
+`smtp-connection` has experimental support for NTLM authentication. You can try it out like this:
+
+```javascript
+connection.login({
+    domain: 'windows-domain',
+    workstation: 'windows-workstation',
+    user: 'user@somedomain.com',
+    pass: 'pass'
+}, callback);
+```
+
+I do not have access to an actual server that supports NTLM authentication
+so this feature is untested and should be used carefully.
+
 ### send
@@ -114,0 +130,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

55508

increased by5.8%

Lines of code

1200

increased by5.36%

Number of lines in readme file

171

increased by10.32%

Worsened metrics

Dependency count

2

increased by100%

Dev dependency count

10

increased by11.11%

Number of low quality alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedhttpntlm@1.5.3

• + Addedagentkeepalive@4.5.0(transitive)

• + Addedasync@0.2.10(transitive)

• + Addedhttpntlm@1.5.3(transitive)

• + Addedhttpreq@1.1.1(transitive)

• + Addedhumanize-ms@1.2.1(transitive)

• + Addedms@2.1.3(transitive)

• + Addedunderscore@1.7.0(transitive)