ruby · nevans · Jun 15, 2024 · May 23, 2024
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
@@ -1212,7 +1212,7 @@ def starttls(**options)
     end
 
     # :call-seq:
-    #   authenticate(mechanism, *, sasl_ir: true, registry: Net::IMAP::SASL.authenticators, **, &) -> ok_resp
+    #   authenticate(mechanism, *, sasl_ir: config.sasl_ir, registry: Net::IMAP::SASL.authenticators, **, &) -> ok_resp
     #
     # Sends an {AUTHENTICATE command [IMAP4rev1 §6.2.2]}[https://www.rfc-editor.org/rfc/rfc3501#section-6.2.2]
     # to authenticate the client.  If successful, the connection enters the
@@ -1317,7 +1317,9 @@ def starttls(**options)
     # Previously cached #capabilities will be cleared when this method
     # completes.  If the TaggedResponse to #authenticate includes updated
     # capabilities, they will be cached.
-    def authenticate(mechanism, *creds, sasl_ir: true, **props, &callback)
+    def authenticate(mechanism, *creds,
+                     sasl_ir: config.sasl_ir,
+                     **props, &callback)
       mechanism = mechanism.to_s.tr("_", "-").upcase
       authenticator = SASL.authenticator(mechanism, *creds, **props, &callback)
       cmdargs = ["AUTHENTICATE", mechanism]

diff --git a/lib/net/imap/config.rb b/lib/net/imap/config.rb
@@ -104,6 +104,16 @@ def self.[](config) # :nodoc: unfinished API
       # The default value is +5+ seconds.
       attr_accessor :idle_response_timeout, type: Integer
 
+      # :markup: markdown
+      #
+      # Whether to use the +SASL-IR+ extension with IMAP#authenticate.
+      #
+      # | Starting with version | The default value is                     |
+      # |-----------------------|------------------------------------------|
+      # | _original_            | +false+ <em>(extension unsupported)</em> |
+      # | v0.4                  | +true+  <em>(support added)</em>         |
+      attr_accessor :sasl_ir, type: :boolean
+
       # Creates a new config object and initialize its attribute with +attrs+.
       #
       # If +parent+ is not given, the global config is used by default.
@@ -119,6 +129,7 @@ def initialize(parent = Config.global, **attrs)
         debug: false,
         open_timeout: 30,
         idle_response_timeout: 5,
+        sasl_ir: true,
       ).freeze
 
       @global = default.new

diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
@@ -930,6 +930,23 @@ def test_id
     end
   end
 
+  test("#authenticate never sends an initial response " \
+       "when config.sasl_ir: false") do
+    [true, false].each do |server_support|
+      with_fake_server(
+        preauth: false, cleartext_auth: true, sasl_ir: server_support
+      ) do |server, imap|
+        imap.config.sasl_ir = false
+        imap.authenticate("PLAIN", "test_user", "test-password")
+        cmd, cont = 2.times.map { server.commands.pop }
+        assert_equal %w[AUTHENTICATE PLAIN], [cmd.name, *cmd.args]
+        assert_equal(["\x00test_user\x00test-password"].pack("m0"),
+                     cont[:continuation].strip)
+        assert_empty server.commands
+      end
+    end
+  end
+
   test("#authenticate never sends an initial response " \
        "when the mechanism does not support client-first") do
     with_fake_server(