From 3622f26499929b60de31f96040e4f7b07aec8a97 Mon Sep 17 00:00:00 2001
From: nick evans <nicholas.evans@gmail.com>
Date: Wed, 27 Sep 2023 16:50:52 -0400
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Use=20SASL::Authentication?=
 =?UTF-8?q?Exchange=20internally?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/net/imap.rb                              | 34 ++------------------
 lib/net/imap/sasl/authentication_exchange.rb |  3 +-
 2 files changed, 5 insertions(+), 32 deletions(-)

diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index d2158258..59093564 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -1339,37 +1339,9 @@ def starttls(**options)
     # Previously cached #capabilities will be cleared when this method
     # completes.  If the TaggedResponse to #authenticate includes updated
     # capabilities, they will be cached.
-    def authenticate(mechanism, *creds,
-                     sasl_ir: config.sasl_ir,
-                     **props, &callback)
-      mechanism = SASL::Authenticators.normalize_name(mechanism)
-      authenticator = SASL.authenticator(mechanism, *creds, **props, &callback)
-      cmdargs = ["AUTHENTICATE", mechanism]
-      if sasl_ir && capable?("SASL-IR") && auth_capable?(mechanism) &&
-          authenticator.respond_to?(:initial_response?) &&
-          authenticator.initial_response?
-        response = authenticator.process(nil)
-        cmdargs << (response.empty? ? "=" : [response].pack("m0"))
-      end
-      process_error = nil
-      result = send_command_with_continuations(*cmdargs) {|data|
-        unless process_error
-          challenge = data.unpack1("m")
-          response  = begin
-            authenticator.process challenge
-          rescue => ex
-            process_error = ex
-          end
-        end
-        process_error ? "*" : [response].pack("m0")
-      }
-      raise process_error if process_error
-      if authenticator.respond_to?(:done?) && !authenticator.done?
-        logout!
-        raise SASL::AuthenticationIncomplete, result
-      end
-      @capabilities = capabilities_from_resp_code result
-      result
+    def authenticate(*args, sasl_ir: config.sasl_ir, **props, &callback)
+      sasl_adapter.authenticate(*args, sasl_ir: sasl_ir, **props, &callback)
+        .tap { @capabilities = capabilities_from_resp_code _1 }
     end
 
     # Sends a {LOGIN command [IMAP4rev1 §6.2.3]}[https://www.rfc-editor.org/rfc/rfc3501#section-6.2.3]
diff --git a/lib/net/imap/sasl/authentication_exchange.rb b/lib/net/imap/sasl/authentication_exchange.rb
index 9fbaec84..3b628476 100644
--- a/lib/net/imap/sasl/authentication_exchange.rb
+++ b/lib/net/imap/sasl/authentication_exchange.rb
@@ -4,7 +4,8 @@ module Net
   class IMAP
     module SASL
 
-      # This API is *experimental*, and may change.
+      # AuthenticationExchange is used internally by Net::IMAP#authenticate.
+      # But the API is still *experimental*, and may change.
       #
       # TODO: use with more clients, to verify the API can accommodate them.
       # TODO: pass ClientAdapter#service to SASL.authenticator