This commit is contained in:
the-djmaze 2024-09-24 15:54:55 +02:00
parent c14bbab945
commit 6b03820338
2 changed files with 11 additions and 4 deletions

View file

@ -235,6 +235,7 @@ Warning: only enable when server does not do this, else double compression error
'admin_login' => array('admin', 'Login and password for web admin panel'),
'admin_password' => array(''),
'admin_totp' => array(''),
'insecure_cryptkey' => array(false, 'Use email address instead of login password for encrypting sensitive data (like account passwords)'),
'force_https' => array(false),
'hide_x_mailer_header' => array(true),

View file

@ -21,7 +21,10 @@ class MainAccount extends Account
if (!$sKey) {
throw new ClientException(Notifications::CryptKeyError);
}
$sKey = \SnappyMail\Crypt::EncryptToJSON($sKey, $this->IncPassword());
$sPass = \RainLoop\Api::Config()->Get('security', 'insecure_cryptkey', false)
? $this->Email()
: $this->ImapPass();
$sKey = \SnappyMail\Crypt::EncryptToJSON($sKey, $sPass);
if ($sKey) {
$this->sCryptKey = null;
if (\RainLoop\Api::Actions()->StorageProvider()->Put($this, StorageType::ROOT, '.cryptkey', $sKey)) {
@ -39,14 +42,17 @@ class MainAccount extends Account
// can use the old password to re-seal the cryptkey
$oStorage = \RainLoop\Api::Actions()->StorageProvider();
$sKey = $oStorage->Get($this, StorageType::ROOT, '.cryptkey');
$sPass = \RainLoop\Api::Config()->Get('security', 'insecure_cryptkey', false)
? $this->Email()
: $this->ImapPass();
if (!$sKey) {
$sKey = \SnappyMail\Crypt::EncryptToJSON(
\sha1($this->IncPassword() . APP_SALT),
$this->IncPassword()
\sha1($this->ImapPass() . APP_SALT),
$sPass
);
$oStorage->Put($this, StorageType::ROOT, '.cryptkey', $sKey);
}
$sKey = \SnappyMail\Crypt::DecryptFromJSON($sKey, $this->IncPassword());
$sKey = \SnappyMail\Crypt::DecryptFromJSON($sKey, $sPass);
if (!$sKey) {
throw new ClientException(Notifications::CryptKeyError);
}