I just found out that if the password for any account in config/auth_flat_file.ini is only numerical,
the JSON keeps it as a number and when you try to login with that account it does not validate for any TYPE CRAM, PLAIN, LOGIN etc...
Because !== verifies the type too in PLAIN and LOGIN ways.
For CRAM-MD5 you get a nasty CRASH
[CRIT] [041299BC-885F-4FA0-9AD6-2C6D84398885] [core] Plugin auth/flat_file failed: TypeError: Not a buffer
at TypeError (native)
at new Hmac (crypto.js:87:16)
at Object.Hmac (crypto.js:85:12)
at /usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:70:27
at Plugin.exports.get_plain_passwd (/usr/local/lib/node_modules/Haraka/plugins/auth/flat_file.js:41:16)
at Plugin.exports.check_cram_md5_passwd (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:64:10)
at Plugin.exports.check_user (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:145:16)
at Plugin.exports.auth_cram_md5 (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:224:23)
at Plugin.exports.hook_unrecognized_command (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:39:23)
at Object.plugins.run_next_hook (/usr/local/lib/node_modules/Haraka/plugins.js:383:28)
To quick way to fix the issue is to convert to string the password get_plain_passwd()
return cb(plugin.cfg.users[user].toString()); in plugins/auth/flat_file.js at line 41
Hi,
I just found out that if the password for any account in config/auth_flat_file.ini is only numerical, the JSON keeps it as a number and when you try to login with that account it does not validate for any TYPE CRAM, PLAIN, LOGIN etc... Because !== verifies the type too in PLAIN and LOGIN ways.
For CRAM-MD5 you get a nasty CRASH [CRIT] [041299BC-885F-4FA0-9AD6-2C6D84398885] [core] Plugin auth/flat_file failed: TypeError: Not a buffer at TypeError (native) at new Hmac (crypto.js:87:16) at Object.Hmac (crypto.js:85:12) at /usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:70:27 at Plugin.exports.get_plain_passwd (/usr/local/lib/node_modules/Haraka/plugins/auth/flat_file.js:41:16) at Plugin.exports.check_cram_md5_passwd (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:64:10) at Plugin.exports.check_user (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:145:16) at Plugin.exports.auth_cram_md5 (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:224:23) at Plugin.exports.hook_unrecognized_command (/usr/local/lib/node_modules/Haraka/plugins/auth/auth_base.js:39:23) at Object.plugins.run_next_hook (/usr/local/lib/node_modules/Haraka/plugins.js:383:28)
To quick way to fix the issue is to convert to string the password get_plain_passwd() return cb(plugin.cfg.users[user].toString()); in plugins/auth/flat_file.js at line 41