Added back the insecure ServiceExternalLogin #321

This commit is contained in:
the-djmaze 2022-04-12 10:57:15 +02:00
parent 4d898bfef0
commit ec842d21a2
2 changed files with 56 additions and 16 deletions

View file

@ -375,6 +375,7 @@ Enables caching in the system'),
'force_https' => array(false), 'force_https' => array(false),
'custom_login_link' => array(''), 'custom_login_link' => array(''),
'custom_logout_link' => array(''), 'custom_logout_link' => array(''),
'allow_external_login' => array(false),
'http_client_ip_check_proxy' => array(false), 'http_client_ip_check_proxy' => array(false),
'fast_cache_memcache_host' => array('127.0.0.1'), 'fast_cache_memcache_host' => array('127.0.0.1'),
'fast_cache_memcache_port' => array(11211), 'fast_cache_memcache_port' => array(11211),

View file

@ -631,7 +631,7 @@ class ServiceActions
$this->oHttp->ServerNoCache(); $this->oHttp->ServerNoCache();
$sTo = \trim($_GET['to'] ?? ''); $sTo = \trim($_GET['to'] ?? '');
if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) { if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) {
Utils::SetCookie(\RainLoop\Actions::AUTH_MAILTO_TOKEN_KEY, Utils::SetCookie(Actions::AUTH_MAILTO_TOKEN_KEY,
Utils::EncodeKeyValuesQ(array( Utils::EncodeKeyValuesQ(array(
'Time' => \microtime(true), 'Time' => \microtime(true),
'MailTo' => 'MailTo', 'MailTo' => 'MailTo',
@ -660,7 +660,6 @@ class ServiceActions
$oException = null; $oException = null;
$oAccount = null; $oAccount = null;
$bLogout = true;
$sSsoHash = $_REQUEST['hash'] ?? ''; $sSsoHash = $_REQUEST['hash'] ?? '';
if (!empty($sSsoHash)) if (!empty($sSsoHash))
@ -714,9 +713,9 @@ class ServiceActions
} }
} }
$this->oActions->SetAuthToken($oAccount); if ($oAccount instanceof Model\MainAccount) {
$this->oActions->SetAuthToken($oAccount);
$bLogout = !($oAccount instanceof Model\MainAccount); }
} }
catch (\Throwable $oException) catch (\Throwable $oException)
{ {
@ -726,11 +725,6 @@ class ServiceActions
} }
} }
if ($bLogout)
{
$this->oActions->SetAuthLogoutToken();
}
$this->oActions->Location('./'); $this->oActions->Location('./');
return ''; return '';
} }
@ -739,7 +733,6 @@ class ServiceActions
{ {
$oException = null; $oException = null;
$oAccount = null; $oAccount = null;
$bLogout = true;
$sEmail = $_ENV['REMOTE_USER'] ?? ''; $sEmail = $_ENV['REMOTE_USER'] ?? '';
$sPassword = $_ENV['REMOTE_PASSWORD'] ?? ''; $sPassword = $_ENV['REMOTE_PASSWORD'] ?? '';
@ -749,8 +742,9 @@ class ServiceActions
try try
{ {
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword); $oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
$this->oActions->SetAuthToken($oAccount); if ($oAccount instanceof Model\MainAccount) {
$bLogout = !($oAccount instanceof Model\MainAccount); $this->oActions->SetAuthToken($oAccount);
}
} }
catch (\Throwable $oException) catch (\Throwable $oException)
{ {
@ -758,9 +752,54 @@ class ServiceActions
} }
} }
if ($bLogout) $this->oActions->Location('./');
{ return '';
$this->oActions->SetAuthLogoutToken(); }
public function ServiceExternalLogin() : string
{
$this->oHttp->ServerNoCache();
$oException = null;
$oAccount = null;
if ($this->oActions->Config()->Get('labs', 'allow_external_login', false)) {
$sEmail = \trim($this->oHttp->GetRequest('Email', ''));
$sPassword = $this->oHttp->GetRequest('Password', '');
try
{
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
if ($oAccount instanceof Model\MainAccount) {
$this->oActions->SetAuthToken($oAccount);
} else {
$oAccount = null;
}
}
catch (\Throwable $oException)
{
$this->Logger()->WriteException($oException);
}
}
if ('json' === \strtolower($this->oHttp->GetRequest('Output', ''))) {
\header('Content-Type: application/json; charset=utf-8');
$aResult = array(
'Action' => 'ExternalLogin',
'Result' => $oAccount ? true : false,
'ErrorCode' => 0
);
if (!$oAccount) {
if ($oException instanceof Exceptions\ClientException) {
$aResult['ErrorCode'] = $oException->getCode();
} else {
$aResult['ErrorCode'] = Notifications::AuthError;
}
}
return \MailSo\Base\Utils::Php2js($aResult, $this->Logger());
} }
$this->oActions->Location('./'); $this->oActions->Location('./');