mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-09 06:28:28 +03:00
Improved the idea for #1343
This commit is contained in:
parent
be70870b72
commit
13f8ab5caf
2 changed files with 75 additions and 16 deletions
|
|
@ -5,6 +5,7 @@ namespace RainLoop\Model;
|
|||
use RainLoop\Utils;
|
||||
use RainLoop\Notifications;
|
||||
use RainLoop\Exceptions\ClientException;
|
||||
use SnappyMail\SensitiveString;
|
||||
|
||||
abstract class Account implements \JsonSerializable
|
||||
{
|
||||
|
|
@ -14,15 +15,15 @@ abstract class Account implements \JsonSerializable
|
|||
|
||||
private string $sLogin = '';
|
||||
|
||||
private string $sPassword = '';
|
||||
private ?SensitiveString $sPassword = null;
|
||||
|
||||
private string $sSmtpLogin = '';
|
||||
|
||||
private string $sSmtpPassword = '';
|
||||
private ?SensitiveString $sSmtpPassword = null;
|
||||
|
||||
private string $sProxyAuthUser = '';
|
||||
|
||||
private string $sProxyAuthPassword = '';
|
||||
private ?SensitiveString $sProxyAuthPassword = null;
|
||||
|
||||
private Domain $oDomain;
|
||||
|
||||
|
|
@ -43,7 +44,7 @@ abstract class Account implements \JsonSerializable
|
|||
: $this->sLogin;
|
||||
}
|
||||
|
||||
public function IncPassword() : string
|
||||
public function IncPassword() : SensitiveString
|
||||
{
|
||||
return $this->sPassword;
|
||||
}
|
||||
|
|
@ -69,14 +70,20 @@ abstract class Account implements \JsonSerializable
|
|||
]));
|
||||
}
|
||||
|
||||
public function SetPassword(string $sPassword) : void
|
||||
public function SetPassword(
|
||||
#[\SensitiveParameter]
|
||||
string $sPassword
|
||||
) : void
|
||||
{
|
||||
$this->sPassword = $sPassword;
|
||||
$this->sPassword = new SensitiveString($sPassword);
|
||||
}
|
||||
|
||||
public function SetSmtpPassword(string $sPassword) : void
|
||||
public function SetSmtpPassword(
|
||||
#[\SensitiveParameter]
|
||||
string $sPassword
|
||||
) : void
|
||||
{
|
||||
$this->sSmtpLogin = $sPassword;
|
||||
$this->sSmtpPassword = new SensitiveString($sPassword);
|
||||
}
|
||||
|
||||
public function SetProxyAuthUser(string $sProxyAuthUser) : void
|
||||
|
|
@ -84,9 +91,12 @@ abstract class Account implements \JsonSerializable
|
|||
$this->sProxyAuthUser = $sProxyAuthUser;
|
||||
}
|
||||
|
||||
public function SetProxyAuthPassword(string $sProxyAuthPassword) : void
|
||||
public function SetProxyAuthPassword(
|
||||
#[\SensitiveParameter]
|
||||
string $sProxyAuthPassword
|
||||
) : void
|
||||
{
|
||||
$this->sProxyAuthPassword = $sProxyAuthPassword;
|
||||
$this->sProxyAuthPassword = new SensitiveString($sProxyAuthPassword);
|
||||
}
|
||||
|
||||
#[\ReturnTypeWillChange]
|
||||
|
|
@ -127,7 +137,7 @@ abstract class Account implements \JsonSerializable
|
|||
|
||||
$oAccount->sEmail = \MailSo\Base\Utils::IdnToAscii($sEmail, true);
|
||||
$oAccount->sLogin = \MailSo\Base\Utils::IdnToAscii($sLogin);
|
||||
$oAccount->sPassword = $sPassword;
|
||||
$oAccount->SetPassword($sPassword);
|
||||
$oAccount->oDomain = $oDomain;
|
||||
|
||||
$oActions->Plugins()->RunHook('filter.account', array($oAccount));
|
||||
|
|
@ -194,13 +204,13 @@ abstract class Account implements \JsonSerializable
|
|||
// init smtp user/password
|
||||
if (isset($aAccountHash['smtp'])) {
|
||||
$oAccount->sSmtpLogin = $aAccountHash['smtp']['user'];
|
||||
$oAccount->sSmtpPassword = $aAccountHash['smtp']['pass'];
|
||||
$oAccount->SetSmtpPassword($aAccountHash['smtp']['pass']);
|
||||
$oActions->logMask($oAccount->sSmtpPassword);
|
||||
}
|
||||
// init proxy user/password
|
||||
if (isset($aAccountHash['proxy'])) {
|
||||
$oAccount->sProxyAuthUser = $aAccountHash['proxy']['user'];
|
||||
$oAccount->sProxyAuthPassword = $aAccountHash['proxy']['pass'];
|
||||
$oAccount->SetProxyAuthPassword($aAccountHash['proxy']['pass']);
|
||||
$oActions->logMask($oAccount->sProxyAuthPassword);
|
||||
}
|
||||
}
|
||||
|
|
@ -234,7 +244,7 @@ abstract class Account implements \JsonSerializable
|
|||
$oImapClient->Connect($oSettings);
|
||||
$oPlugins->RunHook('imap.after-connect', array($this, $oImapClient, $oSettings));
|
||||
|
||||
$oSettings->Password = $this->IncPassword();
|
||||
$oSettings->Password = $this->sPassword;
|
||||
return $this->netClientLogin($oImapClient, $oPlugins);
|
||||
}
|
||||
|
||||
|
|
@ -273,7 +283,7 @@ abstract class Account implements \JsonSerializable
|
|||
$oSieveClient->Connect($oSettings);
|
||||
$oPlugins->RunHook('sieve.after-connect', array($this, $oSieveClient, $oSettings));
|
||||
|
||||
$oSettings->Password = $this->IncPassword();
|
||||
$oSettings->Password = $this->sPassword;
|
||||
return $this->netClientLogin($oSieveClient, $oPlugins);
|
||||
}
|
||||
|
||||
|
|
@ -290,7 +300,7 @@ abstract class Account implements \JsonSerializable
|
|||
*/
|
||||
$oSettings = $oClient->Settings;
|
||||
$oSettings->ProxyAuthUser = $this->sProxyAuthUser;
|
||||
$oSettings->ProxyAuthPassword = $this->sProxyAuthPassword;
|
||||
$oSettings->ProxyAuthPassword = $this->sProxyAuthPassword ?: '';
|
||||
|
||||
$client_name = \strtolower($oClient->getLogName());
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,49 @@
|
|||
<?php
|
||||
|
||||
namespace SnappyMail;
|
||||
|
||||
function xorIt(
|
||||
#[\SensitiveParameter]
|
||||
string $value
|
||||
) : string
|
||||
{
|
||||
$key = APP_SALT;
|
||||
$kl = \strlen($key);
|
||||
$i = \strlen($value);
|
||||
while ($i--) {
|
||||
$value[$i] = $value[$i] ^ $key[$i % $kl];
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
|
||||
class SensitiveString /* extends SensitiveParameterValue | SensitiveParameter */ implements \Stringable
|
||||
{
|
||||
private string $value, $nonce;
|
||||
|
||||
public function __construct(string $value)
|
||||
{
|
||||
$this->setValue($value);
|
||||
}
|
||||
|
||||
public function setValue(
|
||||
#[\SensitiveParameter]
|
||||
string $value
|
||||
) : void
|
||||
{
|
||||
if (\is_callable('sodium_crypto_secretbox')) {
|
||||
$this->nonce = \random_bytes(\SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
|
||||
// $this->key = \sodium_crypto_secretbox_keygen();
|
||||
$this->value = \sodium_crypto_secretbox($value, $this->nonce, APP_SALT);
|
||||
} else {
|
||||
$this->value = xorIt($value);
|
||||
}
|
||||
}
|
||||
|
||||
public function __toString() : string
|
||||
{
|
||||
if (\is_callable('sodium_crypto_secretbox')) {
|
||||
return \sodium_crypto_secretbox_open($this->value, $this->nonce, APP_SALT);
|
||||
}
|
||||
return xorIt($this->value);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue