mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-09-20 07:35:55 +08:00
Improved attempt for #1746
This commit is contained in:
parent
f8520c27a2
commit
6f4f6bfd03
|
@ -90,27 +90,23 @@ class SnappyMailHelper
|
|||
}
|
||||
*/
|
||||
if ($doLogin && $aCredentials[1] && $aCredentials[2]) {
|
||||
$isOIDC = \str_starts_with($aCredentials[2], 'oidc_login|');
|
||||
try {
|
||||
$ocSession = \OC::$server->getSession();
|
||||
if (true === $aCredentials[2]) {
|
||||
// OIDC
|
||||
$pwd = new \SnappyMail\SensitiveString($aCredentials[1]);
|
||||
$oAccount = $oActions->LoginProcess($aCredentials[1], $pwd);
|
||||
if ($oAccount) {
|
||||
$oActions->SetSignMeToken($oAccount);
|
||||
}
|
||||
} else {
|
||||
$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
|
||||
if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) {
|
||||
$oActions->SetSignMeToken($oAccount);
|
||||
}
|
||||
$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
|
||||
if (!$isOIDC && $oAccount
|
||||
&& $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn
|
||||
) {
|
||||
$oActions->SetSignMeToken($oAccount);
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
// Login failure, reset password to prevent more attempts
|
||||
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
\OC::$server->getSession()['snappymail-passphrase'] = '';
|
||||
\OC::$server->getConfig()->setUserValue($sUID, 'snappymail', 'passphrase', '');
|
||||
\SnappyMail\Log::error('Nextcloud', $e->getMessage());
|
||||
if (!$isOIDC) {
|
||||
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
\OC::$server->getSession()['snappymail-passphrase'] = '';
|
||||
\OC::$server->getConfig()->setUserValue($sUID, 'snappymail', 'passphrase', '');
|
||||
\SnappyMail\Log::error('Nextcloud', $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -127,6 +123,32 @@ class SnappyMailHelper
|
|||
}
|
||||
}
|
||||
|
||||
// Check if OpenID Connect (OIDC) is enabled and used for login
|
||||
// https://apps.nextcloud.com/apps/oidc_login
|
||||
public static function isOIDCLogin() : bool
|
||||
{
|
||||
$config = \OC::$server->getConfig();
|
||||
if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
|
||||
// Check if the OIDC Login app is enabled
|
||||
if (\OC::$server->getAppManager()->isEnabledForUser('oidc_login')) {
|
||||
// Check if session is an OIDC Login
|
||||
$ocSession = \OC::$server->getSession();
|
||||
if ($ocSession->get('is_oidc')) {
|
||||
// IToken->getPassword() ???
|
||||
if ($ocSession->get('oidc_access_token')) {
|
||||
return true;
|
||||
}
|
||||
\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
|
||||
} else {
|
||||
\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
|
||||
}
|
||||
} else {
|
||||
\SnappyMail\Log::debug('Nextcloud', 'OIDC login disabled');
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private static function getLoginCredentials() : array
|
||||
{
|
||||
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
|
@ -152,18 +174,9 @@ class SnappyMailHelper
|
|||
if ($ocSession['snappymail-nc-uid'] == $sUID) {
|
||||
|
||||
// If OpenID Connect (OIDC) is enabled and used for login, use this.
|
||||
// https://apps.nextcloud.com/apps/oidc_login
|
||||
if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
|
||||
if ($ocSession->get('is_oidc')) {
|
||||
// IToken->getPassword() ???
|
||||
if ($ocSession->get('oidc_access_token')) {
|
||||
$sEmail = $config->getUserValue($sUID, 'settings', 'email');
|
||||
return [$sUID, $sEmail, true];
|
||||
}
|
||||
\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
|
||||
} else {
|
||||
\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
|
||||
}
|
||||
if (static::isOIDCLogin()) {
|
||||
$sEmail = $config->getUserValue($sUID, 'settings', 'email');
|
||||
return [$sUID, $sEmail, "oidc_login|{$sUID}"];
|
||||
}
|
||||
|
||||
// Only use the user's password in the current session if they have
|
||||
|
|
|
@ -90,33 +90,17 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
|
|||
|
||||
public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
|
||||
{
|
||||
// https://apps.nextcloud.com/apps/oidc_login
|
||||
$config = \OC::$server->getConfig();
|
||||
$oUser = \OC::$server->getUserSession()->getUser();
|
||||
$sUID = $oUser->getUID();
|
||||
|
||||
$sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
|
||||
$sPassword = $config->getUserValue($sUID, 'snappymail', 'passphrase')
|
||||
?: $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
|
||||
$bAccountDefinedExplicitly = ($sEmail && $sPassword) && $sEmail === $oSettings->username;
|
||||
|
||||
$sNcEmail = $oUser->getEMailAddress() ?: $oUser->getPrimaryEMailAddress();
|
||||
|
||||
// Only login with OIDC access token if
|
||||
// it is enabled in config, the user is currently logged in with OIDC,
|
||||
// the current snappymail account is the OIDC account and no account defined explicitly
|
||||
if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)
|
||||
&& \OC::$server->getSession()->get('is_oidc')
|
||||
&& $sNcEmail === $oSettings->username
|
||||
&& !$bAccountDefinedExplicitly
|
||||
&& $oAccount instanceof \RainLoop\Model\MainAccount
|
||||
if ($oAccount instanceof \RainLoop\Model\MainAccount
|
||||
&& \OCA\SnappyMail\Util\SnappyMailHelper::isOIDCLogin()
|
||||
// && $oClient->supportsAuthType('OAUTHBEARER') // v2.28
|
||||
&& \str_starts_with($oSettings->passphrase, 'oidc_login|')
|
||||
) {
|
||||
$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
|
||||
if ($sAccessToken) {
|
||||
$oSettings->passphrase = $sAccessToken;
|
||||
\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
|
||||
}
|
||||
// $oSettings->passphrase = \OC::$server->getSession()->get('snappymail-passphrase');
|
||||
$oSettings->passphrase = \OC::$server->getSession()->get('oidc_access_token');
|
||||
\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue