Disabled support for Nextcloud OpenID Connect

https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917

integrations/nextcloud/snappymail/lib/Controller/FetchController.php

@@ -52,8 +52,9 @@ class FetchController extends Controller {
 					isset($_POST['snappymail-autologin']) ? '1' === $_POST['snappymail-autologin'] : false);
 				$this->config->setAppValue('snappymail', 'snappymail-autologin-with-email',
 					isset($_POST['snappymail-autologin']) ? '2' === $_POST['snappymail-autologin'] : false);
-				$this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
 				$this->config->setAppValue('snappymail', 'snappymail-no-embed', isset($_POST['snappymail-no-embed']));
+				// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+//				$this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
 			} else {
 				return new JSONResponse([
 					'status' => 'error',

integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php

@@ -22,8 +22,9 @@ class AdminSettings implements ISettings
 		$keys = [
 			'snappymail-autologin',
 			'snappymail-autologin-with-email',
-			'snappymail-autologin-oidc',
 			'snappymail-no-embed'
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+//			'snappymail-autologin-oidc'
 		];
 		$parameters = [];
 		foreach ($keys as $k) {

integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php

@@ -127,21 +127,43 @@ class SnappyMailHelper
 	private static function getLoginCredentials() : array
 	{
 		$sUID = \OC::$server->getUserSession()->getUser()->getUID();
+		$config = \OC::$server->getConfig();
+		$ocSession = \OC::$server->getSession();
 
-		if (\OC::$server->getSession()->get('is_oidc')) {
+		// If the user has set credentials for SnappyMail in their personal settings,
-			$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
+		// this has the first priority.
-			if ($sAccessToken) {
+		$sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
-				return [$sUID, "oidc@nextcloud", $sAccessToken];
+		$sPassword = $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
+		if ($sEmail && $sPassword) {
+			$sPassword = static::decodePassword($sPassword, \md5($sEmail));
+			if ($sPassword) {
+				return [$sUID, $sEmail, $sPassword];
 			}
 		}
 
-		$sEmail = '';
+		// If the current user ID is identical to login ID (not valid when using account switching),
-		$sPassword = '';
+		// this has the second priority.
-		$config = \OC::$server->getConfig();
-		$ocSession = \OC::$server->getSession();
-		// Only use the user's password in the current session if they have
-		// enabled auto-login using Nextcloud username or email address.
 		if ($ocSession['snappymail-nc-uid'] == $sUID) {
+/*
+			// If OpenID Connect (OIDC) is enabled and used for login, use this.
+			// https://apps.nextcloud.com/apps/oidc_login
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
+			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
+				if ($ocSession->get('is_oidc')) {
+					// IToken->getPassword() ???
+					if ($sAccessToken = $ocSession->get('oidc_access_token')) {
+						return [$sUID, 'oidc@nextcloud', $sAccessToken];
+					}
+					\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
+				} else {
+					\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
+				}
+			}
+*/
+			// Only use the user's password in the current session if they have
+			// enabled auto-login using Nextcloud username or email address.
+			$sEmail = '';
+			$sPassword = '';
 			if ($config->getAppValue('snappymail', 'snappymail-autologin', false)) {
 				$sEmail = $sUID;
 				$sPassword = $ocSession['snappymail-password'];
@@ -151,37 +173,12 @@ class SnappyMailHelper
 			} else {
 				\SnappyMail\Log::debug('Nextcloud', 'snappymail-autologin is off');
 			}
-			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false) && $ocSession->get('is_oidc')) {
+			if ($sPassword) {
-				$sAccessToken = $ocSession->get('oidc_access_token');
+				return [$sUID, $sEmail, static::decodePassword($sPassword, $sUID)];
-				if ($sAccessToken) {
-					$sPassword = $sAccessToken;
-				} else {
-					\SnappyMail\Log::debug('Nextcloud', 'OIDC no access_token');
-				}
-			} else if ($sPassword) {
-				$sPassword = static::decodePassword($sPassword, $sUID);
-			} else {
-				\SnappyMail\Log::debug('Nextcloud', 'OIDC is off');
 			}
 		}
 
-		// If the user has set credentials for SnappyMail in their personal
+		return [$sUID, '', ''];
-		// settings, override everything before and use those instead.
-		$sCustomEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
-		if ($sCustomEmail) {
-			$sEmail = $sCustomEmail;
-			$sPassword = $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
-			if ($sPassword) {
-				$sPassword = static::decodePassword($sPassword, \md5($sEmail));
-			}
-		} else if ($aRainLoop = RainLoop::getLoginCredentials($sUID, $config)) {
-			$sEmail = $aRainLoop[0];
-			$config->setUserValue($sUID, 'snappymail', 'snappymail-email', $sEmail);
-			if ($aRainLoop[1]) {
-				$config->setUserValue($sUID, 'snappymail', 'snappymail-password', static::encodePassword($aRainLoop[1], \md5($sEmail)));
-			}
-		}
-		return [$sUID, $sEmail, $sPassword ?: ''];
 	}
 
 	public static function getAppUrl() : string

integrations/nextcloud/snappymail/templates/admin-local.php

@@ -38,6 +38,7 @@
 				</div>
 			</p>
 			<br />
+<!-- DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 			<p>
 				<input id="snappymail-autologin-oidc" name="snappymail-autologin-oidc" type="checkbox" class="checkbox" <?php if ($_['snappymail-autologin-oidc']) echo 'checked="checked"'; ?>>
 				<label for="snappymail-autologin-oidc">
@@ -45,6 +46,7 @@
 				</label>
 			</p>
 			<br />
+-->
 			<p>
 				<input id="snappymail-no-embed" name="snappymail-no-embed" type="checkbox" class="checkbox" <?php if ($_['snappymail-no-embed']) echo 'checked="checked"'; ?>>
 				<label for="snappymail-no-embed">

plugins/nextcloud/index.php

@@ -35,10 +35,12 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 
 			$this->addTemplate('templates/PopupsNextcloudFiles.html');
 			$this->addTemplate('templates/PopupsNextcloudCalendars.html');
-
+/*
+			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 			$this->addHook('imap.before-login', 'oidcLogin');
 			$this->addHook('smtp.before-login', 'oidcLogin');
 			$this->addHook('sieve.before-login', 'oidcLogin');
+*/
 		} else {
 			\SnappyMail\Log::debug('Nextcloud', 'NOT integrated');
 			// \OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-no-embed');
@@ -68,6 +70,8 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 		return static::IsIntegrated() && \OC::$server->getUserSession()->isLoggedIn();
 	}
 
+	// https://apps.nextcloud.com/apps/oidc_login
+	// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 	public function oidcLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
 	{
 		if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)