the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-01-31 11:09:14 +08:00
Code Issues Projects Releases Packages Wiki Activity

Better Domain management with simplified SASL Mechanisms support

Browse source
This commit is contained in:
djmaze 2022-01-10 12:57:42 +01:00
parent 6c6e73f448
commit 5a17e3b51d
12 changed files with 85 additions and 176 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
dev/Stores/Admin/Domain.js
View file

@ -12,12 +12,11 @@ DomainAdminStore.fetch = () => {
DomainAdminStore.loading(false);
if (!iError) {
DomainAdminStore(
Object.entries(data.Result).map(([name, [enabled, alias]]) => ({
name: name,
disabled: ko.observable(!enabled),
alias: alias,
deleteAccess: ko.observable(false)
}))
data.Result.map(item => {
item.disabled = ko.observable(item.disabled);
item.deleteAccess = ko.observable(false);
return item;
})
);
}
}, {

4
plugins/login-oauth2/index.php
View file

@ -8,7 +8,7 @@ class LoginOAuth2Plugin extends \RainLoop\Plugins\AbstractPlugin
RELEASE = '2021-11-12',
REQUIRED = '2.9.1',
CATEGORY = 'Login',
DESCRIPTION = 'IMAP, Sieve & SMTP login using OAuth2';
DESCRIPTION = 'IMAP, Sieve & SMTP login using RFC 7628 OAuth2';
const
LOGIN_URI = 'https://accounts.google.com/o/oauth2/auth',
@ -57,7 +57,7 @@ class LoginOAuth2Plugin extends \RainLoop\Plugins\AbstractPlugin
}
if ($sAccessToken && $sRefreshToken) {
$aCredentials['Password'] = $this->gmailRefreshToken($sAccessToken, $sRefreshToken);
$aCredentials['UseAuthOAuth2IfSupported'] = true;
\array_unshift($aCredentials['SASLMechanisms'], 'OAUTHBEARER', 'XOAUTH2');
}
}

17
snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php
View file

@ -135,22 +135,9 @@ class ImapClient extends \MailSo\Net\NetClient
$this->sLogginedUser = $sLogin;
// $encrypted = !empty(\stream_get_meta_data($this->ConnectionResource())['crypto']);
$type = $this->IsSupported('LOGINDISABLED') ? '' : 'LOGIN'; // RFC3501 6.2.3
$types = [
// if !$encrypted:
// 'SCRAM-SHA-512' => 1,
// 'SCRAM-SHA-256' => 1,
// 'SCRAM-SHA-1' => 1,
// if $encrypted:
'CRAM-MD5' => $aCredentials['UseAuthCramMd5IfSupported'],
'PLAIN' => $aCredentials['UseAuthPlainIfSupported'],
'OAUTHBEARER' => $aCredentials['UseAuthOAuth2IfSupported'],
'XOAUTH2' => $aCredentials['UseAuthOAuth2IfSupported'],
'LOGIN' => 1
];
foreach ($types as $sasl_type => $active) {
if ($active && $this->IsSupported("AUTH={$sasl_type}") && \SnappyMail\SASL::isSupported($sasl_type)) {
foreach ($aCredentials['SASLMechanisms'] as $sasl_type) {
if ($this->IsSupported("AUTH={$sasl_type}") && \SnappyMail\SASL::isSupported($sasl_type)) {
$type = $sasl_type;
break;
}

18
snappymail/v/0.0.0/app/libraries/MailSo/Sieve/ManageSieveClient.php
View file

@ -108,22 +108,10 @@ class ManageSieveClient extends \MailSo\Net\NetClient
if ($this->IsSupported('SASL'))
{
// $encrypted = !empty(\stream_get_meta_data($this->ConnectionResource())['crypto']);
$type = '';
$types = [
// if !$encrypted:
// 'SCRAM-SHA-512' => 1, // !$encrypted
// 'SCRAM-SHA-256' => 1, // !$encrypted
// 'SCRAM-SHA-1' => 1, // !$encrypted
// if $encrypted:
// 'CRAM-MD5' => 1, // $encrypted
'OAUTHBEARER' => $aCredentials['UseAuthOAuth2IfSupported'],
'XOAUTH2' => $aCredentials['UseAuthOAuth2IfSupported'],
'PLAIN' => 1, // $encrypted
'LOGIN' => 1 // $encrypted
];
foreach ($types as $sasl_type => $active) {
if ($active && $this->IsAuthSupported($sasl_type) && \SnappyMail\SASL::isSupported($sasl_type)) {
\array_push($aCredentials['SASLMechanisms'], 'PLAIN', 'LOGIN');
foreach ($aCredentials['SASLMechanisms'] as $sasl_type) {
if ($this->IsAuthSupported($sasl_type) && \SnappyMail\SASL::isSupported($sasl_type)) {
$type = $sasl_type;
break;
}

18
snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php
View file

@ -122,22 +122,10 @@ class SmtpClient extends \MailSo\Net\NetClient
$sLogin = \MailSo\Base\Utils::IdnToAscii(\MailSo\Base\Utils::Trim($aCredentials['Login']));
$sPassword = $aCredentials['Password'];
// $encrypted = !empty(\stream_get_meta_data($this->ConnectionResource())['crypto']);
$type = '';
$types = [
// if !$encrypted:
'SCRAM-SHA-512' => 1,
'SCRAM-SHA-256' => 1,
'SCRAM-SHA-1' => 1,
// if $encrypted:
'CRAM-MD5' => $aCredentials['UseAuthCramMd5IfSupported'],
'PLAIN' => $aCredentials['UseAuthPlainIfSupported'],
'OAUTHBEARER' => $aCredentials['UseAuthOAuth2IfSupported'],
'XOAUTH2' => $aCredentials['UseAuthOAuth2IfSupported'],
'LOGIN' => 1, // $encrypted
];
foreach ($types as $sasl_type => $active) {
if ($active && $this->IsAuthSupported($sasl_type) && \SnappyMail\SASL::isSupported($sasl_type)) {
$aCredentials['SASLMechanisms'][] = 'LOGIN';
foreach ($aCredentials['SASLMechanisms'] as $sasl_type) {
if ($this->IsAuthSupported($sasl_type) && \SnappyMail\SASL::isSupported($sasl_type)) {
$type = $sasl_type;
break;
}

14
snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php
View file

@ -312,18 +312,8 @@ trait Admin
public function DoAdminDomainList() : array
{
$this->IsAdminLoggined();
$iOffset = (int) $this->GetActionParam('Offset', 0);
$iLimit = (int) $this->GetActionParam('Limit', 20);
$sSearch = (string) $this->GetActionParam('Search', '');
$bIncludeAliases = '1' === (string) $this->GetActionParam('IncludeAliases', '1');
$iOffset = 0;
$sSearch = '';
$iLimit = $this->Config()->Get('labs', 'domain_list_limit', 99);
return $this->DefaultResponse(__FUNCTION__,
$this->DomainProvider()->GetList($iOffset, $iLimit, $sSearch, $bIncludeAliases));
$bIncludeAliases = !empty($this->GetActionParam('IncludeAliases', '1'));
return $this->DefaultResponse(__FUNCTION__, $this->DomainProvider()->GetList($bIncludeAliases));
}
public function DoAdminDomainDelete() : array

2
snappymail/v/0.0.0/app/libraries/RainLoop/Config/Application.php
View file

@ -361,8 +361,8 @@ Enables caching in the system'),
'sieve_allow_fileinto_inbox' => array(false),
'sieve_timeout' => array(10),
'sasl_allow_plain' => array(true),
'sasl_allow_scram_sha' => array(false),
'sasl_allow_cram_md5' => array(false),
'domain_list_limit' => array(99),
'mail_func_clear_headers' => array(true),
'mail_func_additional_parameters' => array(false),
'favicon_status' => array(true),

24
snappymail/v/0.0.0/app/libraries/RainLoop/Model/Account.php
View file

@ -285,15 +285,33 @@ abstract class Account implements \JsonSerializable
private function netClientLogin(\MailSo\Net\NetClient $oClient, \RainLoop\Config\Application $oConfig, \RainLoop\Plugins\Manager $oPlugins, array $aCredentials) : bool
{
/*
$encrypted = !empty(\stream_get_meta_data($oClient->ConnectionResource())['crypto']);
[crypto] => Array(
[protocol] => TLSv1.3
[cipher_name] => TLS_AES_256_GCM_SHA384
[cipher_bits] => 256
[cipher_version] => TLSv1.3
)
*/
$aSASLMechanisms = [];
if ($oConfig->Get('labs', 'sasl_allow_scram_sha', false)) {
// https://github.com/the-djmaze/snappymail/issues/182
\array_push($aSASLMechanisms, 'SCRAM-SHA-512'. 'SCRAM-SHA-256', 'SCRAM-SHA-1');
}
if ($oConfig->Get('labs', 'sasl_allow_cram_md5', false)) {
$aSASLMechanisms[] = 'CRAM-MD5';
}
if ($oConfig->Get('labs', 'sasl_allow_plain', true)) {
$aSASLMechanisms[] = 'PLAIN';
}
$aCredentials = \array_merge(
$aCredentials,
array(
'Password' => $this->Password(),
'ProxyAuthUser' => $this->ProxyAuthUser(),
'ProxyAuthPassword' => $this->ProxyAuthPassword(),
'UseAuthPlainIfSupported' => !!$oConfig->Get('labs', 'sasl_allow_plain', true),
'UseAuthCramMd5IfSupported' => !!$oConfig->Get('labs', 'sasl_allow_cram_md5', false),
'UseAuthOAuth2IfSupported' => false
'SASLMechanisms' => $aSASLMechanisms
)
);

83
snappymail/v/0.0.0/app/libraries/RainLoop/Model/Domain.php
View file

@ -96,74 +96,43 @@ class Domain implements \JsonSerializable
/**
* @var string
*/
private $sAliasName;
private $sAliasName = '';
function __construct(string $sName,
string $sIncHost, int $iIncPort, int $iIncSecure, bool $bIncShortLogin,
bool $bUseSieve, string $sSieveHost, int $iSievePort, int $iSieveSecure,
string $sOutHost, int $iOutPort, int $iOutSecure, bool $bOutShortLogin,
bool $bOutAuth, bool $bOutSetSender, bool $bOutUsePhpMail = false,
string $sWhiteList = '')
function __construct(string $sName)
{
$this->sName = $sName;
$this->sIncHost = $sIncHost;
$this->iIncPort = $iIncPort;
$this->iIncSecure = $iIncSecure;
$this->bIncShortLogin = $bIncShortLogin;
$this->sOutHost = $sOutHost;
$this->iOutPort = $iOutPort;
$this->iOutSecure = $iOutSecure;
$this->bOutShortLogin = $bOutShortLogin;
$this->bOutAuth = $bOutAuth;
$this->bOutSetSender = $bOutSetSender;
$this->bOutUsePhpMail = $bOutUsePhpMail;
$this->bUseSieve = $bUseSieve;
$this->sSieveHost = $sSieveHost;
$this->iSievePort = $iSievePort;
$this->iSieveSecure = $iSieveSecure;
$this->sWhiteList = \trim($sWhiteList);
$this->sAliasName = '';
}
/**
* See ToIniString() for valid values
*/
public static function NewInstanceFromDomainConfigArray(string $sName, array $aDomain) : ?self
{
$oDomain = null;
if (\strlen($sName) && \strlen($aDomain['imap_host']) && \strlen($aDomain['imap_port']))
{
$sIncHost = (string) $aDomain['imap_host'];
$iIncPort = (int) $aDomain['imap_port'];
$iIncSecure = self::StrConnectionSecurityTypeToCons(
!empty($aDomain['imap_secure']) ? $aDomain['imap_secure'] : '');
$oDomain = new self($sName);
$bUseSieve = !empty($aDomain['sieve_use']);
$oDomain->sIncHost = (string) $aDomain['imap_host'];
$oDomain->iIncPort = (int) $aDomain['imap_port'];
$oDomain->iIncSecure = self::StrConnectionSecurityTypeToCons(empty($aDomain['imap_secure']) ? '' : $aDomain['imap_secure']);
$oDomain->bIncShortLogin = !empty($aDomain['imap_short_login']);
$sSieveHost = empty($aDomain['sieve_host']) ? '' : (string) $aDomain['sieve_host'];
$iSievePort = empty($aDomain['sieve_port']) ? 4190 : (int) $aDomain['sieve_port'];
$iSieveSecure = self::StrConnectionSecurityTypeToCons(
!empty($aDomain['sieve_secure']) ? $aDomain['sieve_secure'] : '');
$oDomain->bUseSieve = !empty($aDomain['sieve_use']);
$oDomain->sSieveHost = empty($aDomain['sieve_host']) ? '' : (string) $aDomain['sieve_host'];
$oDomain->iSievePort = empty($aDomain['sieve_port']) ? 4190 : (int) $aDomain['sieve_port'];
$oDomain->iSieveSecure = self::StrConnectionSecurityTypeToCons(empty($aDomain['sieve_secure']) ? '' : $aDomain['sieve_secure']);
$sOutHost = empty($aDomain['smtp_host']) ? '' : (string) $aDomain['smtp_host'];
$iOutPort = empty($aDomain['smtp_port']) ? 25 : (int) $aDomain['smtp_port'];
$iOutSecure = self::StrConnectionSecurityTypeToCons(
!empty($aDomain['smtp_secure']) ? $aDomain['smtp_secure'] : '');
$oDomain->sOutHost = empty($aDomain['smtp_host']) ? '' : (string) $aDomain['smtp_host'];
$oDomain->iOutPort = empty($aDomain['smtp_port']) ? 25 : (int) $aDomain['smtp_port'];
$oDomain->iOutSecure = self::StrConnectionSecurityTypeToCons(empty($aDomain['smtp_secure']) ? '' : $aDomain['smtp_secure']);
$oDomain->bOutShortLogin = !empty($aDomain['smtp_short_login']);
$oDomain->bOutAuth = !empty($aDomain['smtp_auth']);
$oDomain->bOutSetSender = !empty($aDomain['smtp_set_sender']);
$oDomain->bOutUsePhpMail = !empty($aDomain['smtp_php_mail']);
$bOutAuth = !empty($aDomain['smtp_auth']);
$bOutSetSender = !empty($aDomain['smtp_set_sender']);
$bOutUsePhpMail = !empty($aDomain['smtp_php_mail']);
$sWhiteList = (string) ($aDomain['white_list'] ?? '');
$bIncShortLogin = !empty($aDomain['imap_short_login']);
$bOutShortLogin = !empty($aDomain['smtp_short_login']);
$oDomain = new self($sName,
$sIncHost, $iIncPort, $iIncSecure, $bIncShortLogin,
$bUseSieve, $sSieveHost, $iSievePort, $iSieveSecure,
$sOutHost, $iOutPort, $iOutSecure, $bOutShortLogin, $bOutAuth, $bOutSetSender, $bOutUsePhpMail,
$sWhiteList);
$oDomain->sWhiteList = (string) ($aDomain['white_list'] ?? '');
}
return $oDomain;
@ -251,24 +220,24 @@ class Domain implements \JsonSerializable
return $sType;
}
public function UpdateInstance(
public function SetConfig(
string $sIncHost, int $iIncPort, int $iIncSecure, bool $bIncShortLogin,
bool $bUseSieve, string $sSieveHost, int $iSievePort, int $iSieveSecure,
string $sOutHost, int $iOutPort, int $iOutSecure, bool $bOutShortLogin,
bool $bOutAuth, bool $bOutSetSender, bool $bOutUsePhpMail,
string $sWhiteList = '') : self
{
$this->sIncHost = \MailSo\Base\Utils::IdnToAscii($sIncHost);
$this->sIncHost = $sIncHost;
$this->iIncPort = $iIncPort;
$this->iIncSecure = $iIncSecure;
$this->bIncShortLogin = $bIncShortLogin;
$this->bUseSieve = $bUseSieve;
$this->sSieveHost = \MailSo\Base\Utils::IdnToAscii($sSieveHost);
$this->sSieveHost = $sSieveHost;
$this->iSievePort = $iSievePort;
$this->iSieveSecure = $iSieveSecure;
$this->sOutHost = \MailSo\Base\Utils::IdnToAscii($sOutHost);
$this->sOutHost = $sOutHost;
$this->iOutPort = $iOutPort;
$this->iOutSecure = $iOutSecure;
$this->bOutShortLogin = $bOutShortLogin;

47
snappymail/v/0.0.0/app/libraries/RainLoop/Providers/Domain.php
View file

@ -68,26 +68,9 @@ class Domain extends AbstractProvider
return $this->bAdmin ? $this->oDriver->Disable($sName, $bDisabled) : false;
}
public function GetList(int $iOffset = 0, int $iLimit = 20, string $sSearch = '', bool $bIncludeAliases = true) : array
public function GetList(bool $bIncludeAliases = true) : array
{
$sSearch = \trim($sSearch);
if ($iOffset < 0)
{
$iOffset = 0;
}
if ($iLimit < 20)
{
$iLimit = 20;
}
return $this->bAdmin ? $this->oDriver->GetList($iOffset, $iLimit, $sSearch, $bIncludeAliases) : array();
}
public function Count(string $sSearch = '') : int
{
return $this->oDriver->Count($sSearch);
return $this->bAdmin ? $this->oDriver->GetList($bIncludeAliases) : array();
}
public function LoadOrCreateNewFromAction(\RainLoop\Actions $oActions, string $sNameForTest = null) : ?\RainLoop\Model\Domain
@ -105,7 +88,7 @@ class Domain extends AbstractProvider
if (\strlen($sName) || $sNameForTest)
{
$bCreate = '1' === (string) $oActions->GetActionParam('Create', '0');
$bCreate = !empty($oActions->GetActionParam('Create', 0));
$sIncHost = (string) $oActions->GetActionParam('IncHost', '');
$iIncPort = (int) $oActions->GetActionParam('IncPort', 143);
$iIncSecure = (int) $oActions->GetActionParam('IncSecure', \MailSo\Net\Enumerations\ConnectionSecurityType::NONE);
@ -130,23 +113,21 @@ class Domain extends AbstractProvider
{
throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::DomainAlreadyExists);
}
else
{
$oDomain->UpdateInstance(
$sIncHost, $iIncPort, $iIncSecure, $bIncShortLogin,
$bUseSieve, $sSieveHost, $iSievePort, $iSieveSecure,
$sOutHost, $iOutPort, $iOutSecure, $bOutShortLogin, $bOutAuth, $bOutSetSender, $bOutUsePhpMail,
$sWhiteList);
}
}
else
{
$oDomain = new \RainLoop\Model\Domain($sNameForTest ?: $sName,
$sIncHost, $iIncPort, $iIncSecure, $bIncShortLogin,
$bUseSieve, $sSieveHost, $iSievePort, $iSieveSecure,
$sOutHost, $iOutPort, $iOutSecure, $bOutShortLogin, $bOutAuth, $bOutSetSender, $bOutUsePhpMail,
$sWhiteList);
$oDomain = new \RainLoop\Model\Domain($sNameForTest ?: $sName);
}
$sIncHost = \MailSo\Base\Utils::IdnToAscii($sIncHost);
$sSieveHost = \MailSo\Base\Utils::IdnToAscii($sSieveHost);
$sOutHost = \MailSo\Base\Utils::IdnToAscii($sOutHost);
$oDomain->SetConfig(
$sIncHost, $iIncPort, $iIncSecure, $bIncShortLogin,
$bUseSieve, $sSieveHost, $iSievePort, $iSieveSecure,
$sOutHost, $iOutPort, $iOutSecure, $bOutShortLogin, $bOutAuth, $bOutSetSender, $bOutUsePhpMail,
$sWhiteList);
}
}

19
snappymail/v/0.0.0/app/libraries/RainLoop/Providers/Domain/DefaultDomain.php
View file

@ -239,7 +239,7 @@ class DefaultDomain implements \RainLoop\Providers\Domain\DomainAdminInterface
return $bResult;
}
public function GetList(int $iOffset = 0, int $iLimit = 20, string $sSearch = '', bool $bIncludeAliases = true) : array
public function GetList(bool $bIncludeAliases = true) : array
{
$aResult = array();
$aWildCards = array();
@ -281,11 +281,6 @@ class DefaultDomain implements \RainLoop\Providers\Domain\DomainAdminInterface
$aResult = \array_merge($aResult, $aAliases, $aWildCards);
$iOffset = (0 > $iOffset) ? 0 : $iOffset;
$iLimit = (0 > $iLimit) ? 0 : ((999 < $iLimit) ? 999 : $iLimit);
$aResult = \array_slice($aResult, $iOffset, $iLimit);
$aDisabledNames = array();
if (\count($aResult) && \file_exists($this->sDomainPath.'/disabled'))
{
@ -304,17 +299,13 @@ class DefaultDomain implements \RainLoop\Providers\Domain\DomainAdminInterface
$aReturn = array();
foreach ($aResult as $sName)
{
$aReturn[$sName] = array(
!\in_array($sName, $aDisabledNames),
\in_array($sName, $aAliases)
$aReturn[] = array(
'name' => $sName,
'disabled' => \in_array($sName, $aDisabledNames),
'alias' => \in_array($sName, $aAliases)
);
}
return $aReturn;
}
public function Count(string $sSearch = '', bool $bIncludeAliases = true) : int
{
return \count($this->GetList(0, 999, $sSearch, $bIncludeAliases));
}
}

4
snappymail/v/0.0.0/app/libraries/RainLoop/Providers/Domain/DomainAdminInterface.php
View file

@ -13,7 +13,5 @@ interface DomainAdminInterface extends DomainInterface
public function Delete(string $sName) : bool;
public function GetList(int $iOffset = 0, int $iLimit = 20, string $sSearch = '', bool $bIncludeAliases = true) : array;
public function Count(string $sSearch = '', bool $bIncludeAliases = true) : int;
public function GetList(bool $bIncludeAliases = true) : array;
}