Disabled support for Nextcloud OpenID Connect

https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
2024-09-20 07:35:55 +08:00 · 2024-02-07 23:35:45 +01:00 · 2024-02-07 23:35:45 +01:00 · d832117ae4
parent 8f037b4b46
commit d832117ae4
5 changed files with 46 additions and 41 deletions
--- a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
+++ b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
@ -52,8 +52,9 @@ class FetchController extends Controller {
 					isset($_POST['snappymail-autologin']) ? '1' === $_POST['snappymail-autologin'] : false);
 				$this->config->setAppValue('snappymail', 'snappymail-autologin-with-email',
 					isset($_POST['snappymail-autologin']) ? '2' === $_POST['snappymail-autologin'] : false);
-				$this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
 				$this->config->setAppValue('snappymail', 'snappymail-no-embed', isset($_POST['snappymail-no-embed']));
+				// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+//				$this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
 			} else {
 				return new JSONResponse([
 					'status' => 'error',
--- a/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
+++ b/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
@ -22,8 +22,9 @@ class AdminSettings implements ISettings
 		$keys = [
 			'snappymail-autologin',
 			'snappymail-autologin-with-email',
-			'snappymail-autologin-oidc',
 			'snappymail-no-embed'
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+//			'snappymail-autologin-oidc'
 		];
 		$parameters = [];
 		foreach ($keys as $k) {
--- a/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
+++ b/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
@ -127,21 +127,43 @@ class SnappyMailHelper
 	private static function getLoginCredentials() : array
 	{
 		$sUID = \OC::$server->getUserSession()->getUser()->getUID();
+		$config = \OC::$server->getConfig();
+		$ocSession = \OC::$server->getSession();

-		if (\OC::$server->getSession()->get('is_oidc')) {
-			$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
-			if ($sAccessToken) {
-				return [$sUID, "oidc@nextcloud", $sAccessToken];
+		// If the user has set credentials for SnappyMail in their personal settings,
+		// this has the first priority.
+		$sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
+		$sPassword = $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
+		if ($sEmail && $sPassword) {
+			$sPassword = static::decodePassword($sPassword, \md5($sEmail));
+			if ($sPassword) {
+				return [$sUID, $sEmail, $sPassword];
 			}
 		}

-		$sEmail = '';
-		$sPassword = '';
-		$config = \OC::$server->getConfig();
-		$ocSession = \OC::$server->getSession();
-		// Only use the user's password in the current session if they have
-		// enabled auto-login using Nextcloud username or email address.
+		// If the current user ID is identical to login ID (not valid when using account switching),
+		// this has the second priority.
 		if ($ocSession['snappymail-nc-uid'] == $sUID) {
+/*
+			// If OpenID Connect (OIDC) is enabled and used for login, use this.
+			// https://apps.nextcloud.com/apps/oidc_login
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
+				if ($ocSession->get('is_oidc')) {
+					// IToken->getPassword() ???
+					if ($sAccessToken = $ocSession->get('oidc_access_token')) {
+						return [$sUID, 'oidc@nextcloud', $sAccessToken];
+					}
+					\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
+				} else {
+					\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
+				}
+			}
+*/
+			// Only use the user's password in the current session if they have
+			// enabled auto-login using Nextcloud username or email address.
+			$sEmail = '';
+			$sPassword = '';
 			if ($config->getAppValue('snappymail', 'snappymail-autologin', false)) {
 				$sEmail = $sUID;
 				$sPassword = $ocSession['snappymail-password'];
@ -151,37 +173,12 @@ class SnappyMailHelper
 			} else {
 				\SnappyMail\Log::debug('Nextcloud', 'snappymail-autologin is off');
 			}
-			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false) && $ocSession->get('is_oidc')) {
-				$sAccessToken = $ocSession->get('oidc_access_token');
-				if ($sAccessToken) {
-					$sPassword = $sAccessToken;
-				} else {
-					\SnappyMail\Log::debug('Nextcloud', 'OIDC no access_token');
-				}
-			} else if ($sPassword) {
-				$sPassword = static::decodePassword($sPassword, $sUID);
-			} else {
-				\SnappyMail\Log::debug('Nextcloud', 'OIDC is off');
+			if ($sPassword) {
+				return [$sUID, $sEmail, static::decodePassword($sPassword, $sUID)];
 			}
 		}

-		// If the user has set credentials for SnappyMail in their personal
-		// settings, override everything before and use those instead.
-		$sCustomEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
-		if ($sCustomEmail) {
-			$sEmail = $sCustomEmail;
-			$sPassword = $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
-			if ($sPassword) {
-				$sPassword = static::decodePassword($sPassword, \md5($sEmail));
-			}
-		} else if ($aRainLoop = RainLoop::getLoginCredentials($sUID, $config)) {
-			$sEmail = $aRainLoop[0];
-			$config->setUserValue($sUID, 'snappymail', 'snappymail-email', $sEmail);
-			if ($aRainLoop[1]) {
-				$config->setUserValue($sUID, 'snappymail', 'snappymail-password', static::encodePassword($aRainLoop[1], \md5($sEmail)));
-			}
-		}
-		return [$sUID, $sEmail, $sPassword ?: ''];
+		return [$sUID, '', ''];
 	}

 	public static function getAppUrl() : string
--- a/integrations/nextcloud/snappymail/templates/admin-local.php
+++ b/integrations/nextcloud/snappymail/templates/admin-local.php
@ -38,6 +38,7 @@
 				</div>
 			</p>
 			<br />
+<!-- DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 			<p>
 				<input id="snappymail-autologin-oidc" name="snappymail-autologin-oidc" type="checkbox" class="checkbox" <?php if ($_['snappymail-autologin-oidc']) echo 'checked="checked"'; ?>>
 				<label for="snappymail-autologin-oidc">
@ -45,6 +46,7 @@
 				</label>
 			</p>
 			<br />
+-->
 			<p>
 				<input id="snappymail-no-embed" name="snappymail-no-embed" type="checkbox" class="checkbox" <?php if ($_['snappymail-no-embed']) echo 'checked="checked"'; ?>>
 				<label for="snappymail-no-embed">
--- a/plugins/nextcloud/index.php
+++ b/plugins/nextcloud/index.php
@ -35,10 +35,12 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin

 			$this->addTemplate('templates/PopupsNextcloudFiles.html');
 			$this->addTemplate('templates/PopupsNextcloudCalendars.html');
-
+/*
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 			$this->addHook('imap.before-login', 'oidcLogin');
 			$this->addHook('smtp.before-login', 'oidcLogin');
 			$this->addHook('sieve.before-login', 'oidcLogin');
+*/
 		} else {
 			\SnappyMail\Log::debug('Nextcloud', 'NOT integrated');
 			// \OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-no-embed');
@ -68,6 +70,8 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 		return static::IsIntegrated() && \OC::$server->getUserSession()->isLoggedIn();
 	}

+	// https://apps.nextcloud.com/apps/oidc_login
+	// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 	public function oidcLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
 	{
 		if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)