mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-09 06:28:28 +03:00
Added back the insecure ServiceExternalLogin #321
This commit is contained in:
parent
4d898bfef0
commit
ec842d21a2
2 changed files with 56 additions and 16 deletions
|
|
@ -375,6 +375,7 @@ Enables caching in the system'),
|
|||
'force_https' => array(false),
|
||||
'custom_login_link' => array(''),
|
||||
'custom_logout_link' => array(''),
|
||||
'allow_external_login' => array(false),
|
||||
'http_client_ip_check_proxy' => array(false),
|
||||
'fast_cache_memcache_host' => array('127.0.0.1'),
|
||||
'fast_cache_memcache_port' => array(11211),
|
||||
|
|
|
|||
|
|
@ -631,7 +631,7 @@ class ServiceActions
|
|||
$this->oHttp->ServerNoCache();
|
||||
$sTo = \trim($_GET['to'] ?? '');
|
||||
if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) {
|
||||
Utils::SetCookie(\RainLoop\Actions::AUTH_MAILTO_TOKEN_KEY,
|
||||
Utils::SetCookie(Actions::AUTH_MAILTO_TOKEN_KEY,
|
||||
Utils::EncodeKeyValuesQ(array(
|
||||
'Time' => \microtime(true),
|
||||
'MailTo' => 'MailTo',
|
||||
|
|
@ -660,7 +660,6 @@ class ServiceActions
|
|||
|
||||
$oException = null;
|
||||
$oAccount = null;
|
||||
$bLogout = true;
|
||||
|
||||
$sSsoHash = $_REQUEST['hash'] ?? '';
|
||||
if (!empty($sSsoHash))
|
||||
|
|
@ -714,9 +713,9 @@ class ServiceActions
|
|||
}
|
||||
}
|
||||
|
||||
$this->oActions->SetAuthToken($oAccount);
|
||||
|
||||
$bLogout = !($oAccount instanceof Model\MainAccount);
|
||||
if ($oAccount instanceof Model\MainAccount) {
|
||||
$this->oActions->SetAuthToken($oAccount);
|
||||
}
|
||||
}
|
||||
catch (\Throwable $oException)
|
||||
{
|
||||
|
|
@ -726,11 +725,6 @@ class ServiceActions
|
|||
}
|
||||
}
|
||||
|
||||
if ($bLogout)
|
||||
{
|
||||
$this->oActions->SetAuthLogoutToken();
|
||||
}
|
||||
|
||||
$this->oActions->Location('./');
|
||||
return '';
|
||||
}
|
||||
|
|
@ -739,7 +733,6 @@ class ServiceActions
|
|||
{
|
||||
$oException = null;
|
||||
$oAccount = null;
|
||||
$bLogout = true;
|
||||
|
||||
$sEmail = $_ENV['REMOTE_USER'] ?? '';
|
||||
$sPassword = $_ENV['REMOTE_PASSWORD'] ?? '';
|
||||
|
|
@ -749,8 +742,9 @@ class ServiceActions
|
|||
try
|
||||
{
|
||||
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
|
||||
$this->oActions->SetAuthToken($oAccount);
|
||||
$bLogout = !($oAccount instanceof Model\MainAccount);
|
||||
if ($oAccount instanceof Model\MainAccount) {
|
||||
$this->oActions->SetAuthToken($oAccount);
|
||||
}
|
||||
}
|
||||
catch (\Throwable $oException)
|
||||
{
|
||||
|
|
@ -758,9 +752,54 @@ class ServiceActions
|
|||
}
|
||||
}
|
||||
|
||||
if ($bLogout)
|
||||
{
|
||||
$this->oActions->SetAuthLogoutToken();
|
||||
$this->oActions->Location('./');
|
||||
return '';
|
||||
}
|
||||
|
||||
public function ServiceExternalLogin() : string
|
||||
{
|
||||
$this->oHttp->ServerNoCache();
|
||||
|
||||
$oException = null;
|
||||
$oAccount = null;
|
||||
|
||||
if ($this->oActions->Config()->Get('labs', 'allow_external_login', false)) {
|
||||
$sEmail = \trim($this->oHttp->GetRequest('Email', ''));
|
||||
$sPassword = $this->oHttp->GetRequest('Password', '');
|
||||
|
||||
try
|
||||
{
|
||||
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
|
||||
if ($oAccount instanceof Model\MainAccount) {
|
||||
$this->oActions->SetAuthToken($oAccount);
|
||||
} else {
|
||||
$oAccount = null;
|
||||
}
|
||||
}
|
||||
catch (\Throwable $oException)
|
||||
{
|
||||
$this->Logger()->WriteException($oException);
|
||||
}
|
||||
}
|
||||
|
||||
if ('json' === \strtolower($this->oHttp->GetRequest('Output', ''))) {
|
||||
\header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
$aResult = array(
|
||||
'Action' => 'ExternalLogin',
|
||||
'Result' => $oAccount ? true : false,
|
||||
'ErrorCode' => 0
|
||||
);
|
||||
|
||||
if (!$oAccount) {
|
||||
if ($oException instanceof Exceptions\ClientException) {
|
||||
$aResult['ErrorCode'] = $oException->getCode();
|
||||
} else {
|
||||
$aResult['ErrorCode'] = Notifications::AuthError;
|
||||
}
|
||||
}
|
||||
|
||||
return \MailSo\Base\Utils::Php2js($aResult, $this->Logger());
|
||||
}
|
||||
|
||||
$this->oActions->Location('./');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue