Revert "Remove LOGIN server"

This reverts commit b788ff2.

Author: ml1nk

login.go

@@ -36,3 +36,54 @@ func (a *loginClient) Next(challenge []byte) (response []byte, err error) {
 func NewLoginClient(username, password string) Client {
 	return &loginClient{username, password}
 }
+
+// Authenticates users with an username and a password.
+type LoginAuthenticator func(username, password string) error
+
+type loginState int
+
+const (
+	loginNotStarted loginState = iota
+	loginWaitingUsername
+	loginWaitingPassword
+)
+
+type loginServer struct {
+	state              loginState
+	username, password string
+	authenticate       LoginAuthenticator
+}
+
+// A server implementation of the LOGIN authentication mechanism, as described
+// in https://tools.ietf.org/html/draft-murchison-sasl-login-00.
+//
+// LOGIN is obsolete and should only be enabled for legacy clients that cannot
+// be updated to use PLAIN.
+func NewLoginServer(authenticator LoginAuthenticator) Server {
+	return &loginServer{authenticate: authenticator}
+}
+
+func (a *loginServer) Next(response []byte) (challenge []byte, done bool, err error) {
+	switch a.state {
+	case loginNotStarted:
+		// Check for initial response field, as per RFC4422 section 3
+		if response == nil {
+			challenge = []byte("Username:")
+			break
+		}
+		a.state++
+		fallthrough
+	case loginWaitingUsername:
+		a.username = string(response)
+		challenge = []byte("Password:")
+	case loginWaitingPassword:
+		a.password = string(response)
+		err = a.authenticate(a.username, a.password)
+		done = true
+	default:
+		err = ErrUnexpectedClientResponse
+	}
+
+	a.state++
+	return
+}

login_test.go

@@ -2,6 +2,7 @@ package sasl_test
 
 import (
 	"bytes"
+	"errors"
 	"testing"
 
 	"github.com/emersion/go-sasl"
@@ -34,3 +35,95 @@ func TestNewLoginClient(t *testing.T) {
 		t.Error("Invalid initial response:", resp)
 	}
 }
+
+func TestNewLoginServer(t *testing.T) {
+	var authenticated = false
+	s := sasl.NewLoginServer(func(username, password string) error {
+		if username != "tim" {
+			return errors.New("Invalid username: " + username)
+		}
+		if password != "tanstaaftanstaaf" {
+			return errors.New("Invalid password: " + password)
+		}
+
+		authenticated = true
+		return nil
+	})
+
+	challenge, done, err := s.Next(nil)
+	if err != nil {
+		t.Fatal("Error while starting server:", err)
+	}
+	if done {
+		t.Fatal("Done after starting server")
+	}
+	if string(challenge) != "Username:" {
+		t.Error("Invalid first challenge:", challenge)
+	}
+
+	challenge, done, err = s.Next([]byte("tim"))
+	if err != nil {
+		t.Fatal("Error while sending username:", err)
+	}
+	if done {
+		t.Fatal("Done after sending username")
+	}
+	if string(challenge) != "Password:" {
+		t.Error("Invalid challenge after sending username:", challenge)
+	}
+
+	challenge, done, err = s.Next([]byte("tanstaaftanstaaf"))
+	if err != nil {
+		t.Fatal("Error while sending password:", err)
+	}
+	if !done {
+		t.Fatal("Authentication not finished after sending password")
+	}
+	if len(challenge) > 0 {
+		t.Error("Invalid non-empty final challenge:", challenge)
+	}
+
+	if !authenticated {
+		t.Error("Not authenticated")
+	}
+
+	// Tests with initial response field, as per RFC4422 section 3
+	authenticated = false
+	s = sasl.NewLoginServer(func(username, password string) error {
+		if username != "tim" {
+			return errors.New("Invalid username: " + username)
+		}
+		if password != "tanstaaftanstaaf" {
+			return errors.New("Invalid password: " + password)
+		}
+
+		authenticated = true
+		return nil
+	})
+
+	challenge, done, err = s.Next([]byte("tim"))
+	if err != nil {
+		t.Fatal("Error while sending username:", err)
+	}
+	if done {
+		t.Fatal("Done after sending username")
+	}
+	if string(challenge) != "Password:" {
+		t.Error("Invalid challenge after sending username:", string(challenge))
+	}
+
+	challenge, done, err = s.Next([]byte("tanstaaftanstaaf"))
+	if err != nil {
+		t.Fatal("Error while sending password:", err)
+	}
+	if !done {
+		t.Fatal("Authentication not finished after sending password")
+	}
+	if len(challenge) > 0 {
+		t.Error("Invalid non-empty final challenge:", challenge)
+	}
+
+	if !authenticated {
+		t.Error("Not authenticated")
+	}
+}