From: Xiyue Deng <manphiz@gmail.com>
Date: Fri, 16 May 2025 09:48:52 +0000 (-0700)
Subject: Make xoauth2 auth fail when a smtp server replies 334 (Bug#78366)
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=2e3e51e0370aa3d8ea36c46c3a2443445389c946;p=emacs.git

Make xoauth2 auth fail when a smtp server replies 334 (Bug#78366)

* lisp/mail/smtpmail.el (smtpmail-try-auth-method): Throw error 535
when receiving a "334 server challenge" reply.

(cherry picked from commit 53371c959462a677a29ee869b3b6627facf3ed79)
---

diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index 7d733e57beb..eeec7709376 100644
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -642,11 +642,21 @@ USER and PASSWORD should be non-nil."
 
 (cl-defmethod smtpmail-try-auth-method
   (process (_mech (eql 'xoauth2)) user password)
-  (smtpmail-command-or-throw
-   process
-   (concat "AUTH XOAUTH2 "
-           (base64-encode-string
-            (concat "user=" user "\1auth=Bearer " password "\1\1") t))))
+  (let ((ret (smtpmail-command-or-throw
+              process
+              (concat "AUTH XOAUTH2 "
+                      (base64-encode-string
+                       (concat "user=" user "\1auth=Bearer " password "\1\1")
+                       t)))))
+    (if (eq (car ret) 334)
+        ;; When a server returns 334 server challenge, it usually means
+        ;; the credentials it received were wrong (e.g. was an actual
+        ;; password instead of an access token).  In such a case, we
+        ;; should return a string with 535 to indicate a failure so that
+        ;; smtpmail will try other authentication mechanisms.  See also
+        ;; https://debbugs.gnu.org/78366.
+        (throw 'done "535 5.7.8 Authentication credentials invalid")
+      ret)))
 
 (defun smtpmail-response-code (string)
   (when string