From 9e949e0d7b562628dc43153093f572854f793dfe Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Wed, 5 Apr 2023 11:36:59 +0200
Subject: [PATCH] readme: check auth

By design, go-smtp won't check whether the session is authenticated
during MAIL/RCPT/DATA commands. Make this more explicit by checking
whether the session is authenticated in the example.

Closes: https://github.com/emersion/go-smtp/issues/216
---
 README.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 51f4bafa..75a6d2f7 100644
--- a/README.md
+++ b/README.md
@@ -103,26 +103,38 @@ func (bkd *Backend) NewSession(_ *smtp.Conn) (smtp.Session, error) {
 }
 
 // A Session is returned after EHLO.
-type Session struct{}
+type Session struct {
+	auth bool
+}
 
 func (s *Session) AuthPlain(username, password string) error {
 	if username != "username" || password != "password" {
 		return smtp.ErrAuthFailed
 	}
+	s.auth = true
 	return nil
 }
 
 func (s *Session) Mail(from string, opts *smtp.MailOptions) error {
+	if !s.auth {
+		return ErrAuthRequired
+	}
 	log.Println("Mail from:", from)
 	return nil
 }
 
 func (s *Session) Rcpt(to string) error {
+	if !s.auth {
+		return ErrAuthRequired
+	}
 	log.Println("Rcpt to:", to)
 	return nil
 }
 
 func (s *Session) Data(r io.Reader) error {
+	if !s.auth {
+		return ErrAuthRequired
+	}
 	if b, err := ioutil.ReadAll(r); err != nil {
 		return err
 	} else {