the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-09-20 07:35:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improved attempt for #1746

Browse source
This commit is contained in:
the-djmaze 2024-09-16 13:49:59 +02:00
parent f8520c27a2
commit 6f4f6bfd03
2 changed files with 47 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
View file

@ -90,27 +90,23 @@ class SnappyMailHelper
}
*/
if ($doLogin && $aCredentials[1] && $aCredentials[2]) {
$isOIDC = \str_starts_with($aCredentials[2], 'oidc_login|');
try {
$ocSession = \OC::$server->getSession();
if (true === $aCredentials[2]) {
// OIDC
$pwd = new \SnappyMail\SensitiveString($aCredentials[1]);
$oAccount = $oActions->LoginProcess($aCredentials[1], $pwd);
if ($oAccount) {
$oActions->SetSignMeToken($oAccount);
}
} else {
$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) {
$oActions->SetSignMeToken($oAccount);
}
$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
if (!$isOIDC && $oAccount
&& $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn
) {
$oActions->SetSignMeToken($oAccount);
}
} catch (\Throwable $e) {
// Login failure, reset password to prevent more attempts
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
\OC::$server->getSession()['snappymail-passphrase'] = '';
\OC::$server->getConfig()->setUserValue($sUID, 'snappymail', 'passphrase', '');
\SnappyMail\Log::error('Nextcloud', $e->getMessage());
if (!$isOIDC) {
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
\OC::$server->getSession()['snappymail-passphrase'] = '';
\OC::$server->getConfig()->setUserValue($sUID, 'snappymail', 'passphrase', '');
\SnappyMail\Log::error('Nextcloud', $e->getMessage());
}
}
}
}
@ -127,6 +123,32 @@ class SnappyMailHelper
}
}
// Check if OpenID Connect (OIDC) is enabled and used for login
// https://apps.nextcloud.com/apps/oidc_login
public static function isOIDCLogin() : bool
{
$config = \OC::$server->getConfig();
if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
// Check if the OIDC Login app is enabled
if (\OC::$server->getAppManager()->isEnabledForUser('oidc_login')) {
// Check if session is an OIDC Login
$ocSession = \OC::$server->getSession();
if ($ocSession->get('is_oidc')) {
// IToken->getPassword() ???
if ($ocSession->get('oidc_access_token')) {
return true;
}
\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
} else {
\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
}
} else {
\SnappyMail\Log::debug('Nextcloud', 'OIDC login disabled');
}
}
return false;
}
private static function getLoginCredentials() : array
{
$sUID = \OC::$server->getUserSession()->getUser()->getUID();
@ -152,18 +174,9 @@ class SnappyMailHelper
if ($ocSession['snappymail-nc-uid'] == $sUID) {
// If OpenID Connect (OIDC) is enabled and used for login, use this.
// https://apps.nextcloud.com/apps/oidc_login
if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
if ($ocSession->get('is_oidc')) {
// IToken->getPassword() ???
if ($ocSession->get('oidc_access_token')) {
$sEmail = $config->getUserValue($sUID, 'settings', 'email');
return [$sUID, $sEmail, true];
}
\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
} else {
\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
}
if (static::isOIDCLogin()) {
$sEmail = $config->getUserValue($sUID, 'settings', 'email');
return [$sUID, $sEmail, "oidc_login|{$sUID}"];
}
// Only use the user's password in the current session if they have

28
plugins/nextcloud/index.php
View file

@ -90,33 +90,17 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
{
// https://apps.nextcloud.com/apps/oidc_login
$config = \OC::$server->getConfig();
$oUser = \OC::$server->getUserSession()->getUser();
$sUID = $oUser->getUID();
$sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
$sPassword = $config->getUserValue($sUID, 'snappymail', 'passphrase')
?: $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
$bAccountDefinedExplicitly = ($sEmail && $sPassword) && $sEmail === $oSettings->username;
$sNcEmail = $oUser->getEMailAddress() ?: $oUser->getPrimaryEMailAddress();
// Only login with OIDC access token if
// it is enabled in config, the user is currently logged in with OIDC,
// the current snappymail account is the OIDC account and no account defined explicitly
if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)
&& \OC::$server->getSession()->get('is_oidc')
&& $sNcEmail === $oSettings->username
&& !$bAccountDefinedExplicitly
&& $oAccount instanceof \RainLoop\Model\MainAccount
if ($oAccount instanceof \RainLoop\Model\MainAccount
&& \OCA\SnappyMail\Util\SnappyMailHelper::isOIDCLogin()
// && $oClient->supportsAuthType('OAUTHBEARER') // v2.28
&& \str_starts_with($oSettings->passphrase, 'oidc_login|')
) {
$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
if ($sAccessToken) {
$oSettings->passphrase = $sAccessToken;
\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
}
// $oSettings->passphrase = \OC::$server->getSession()->get('snappymail-passphrase');
$oSettings->passphrase = \OC::$server->getSession()->get('oidc_access_token');
\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
}
}