mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Added back the insecure ServiceExternalLogin #321
This commit is contained in:
parent
4d898bfef0
commit
ec842d21a2
2 changed files with 56 additions and 16 deletions
|
|
@ -375,6 +375,7 @@ Enables caching in the system'),
|
||||||
'force_https' => array(false),
|
'force_https' => array(false),
|
||||||
'custom_login_link' => array(''),
|
'custom_login_link' => array(''),
|
||||||
'custom_logout_link' => array(''),
|
'custom_logout_link' => array(''),
|
||||||
|
'allow_external_login' => array(false),
|
||||||
'http_client_ip_check_proxy' => array(false),
|
'http_client_ip_check_proxy' => array(false),
|
||||||
'fast_cache_memcache_host' => array('127.0.0.1'),
|
'fast_cache_memcache_host' => array('127.0.0.1'),
|
||||||
'fast_cache_memcache_port' => array(11211),
|
'fast_cache_memcache_port' => array(11211),
|
||||||
|
|
|
||||||
|
|
@ -631,7 +631,7 @@ class ServiceActions
|
||||||
$this->oHttp->ServerNoCache();
|
$this->oHttp->ServerNoCache();
|
||||||
$sTo = \trim($_GET['to'] ?? '');
|
$sTo = \trim($_GET['to'] ?? '');
|
||||||
if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) {
|
if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) {
|
||||||
Utils::SetCookie(\RainLoop\Actions::AUTH_MAILTO_TOKEN_KEY,
|
Utils::SetCookie(Actions::AUTH_MAILTO_TOKEN_KEY,
|
||||||
Utils::EncodeKeyValuesQ(array(
|
Utils::EncodeKeyValuesQ(array(
|
||||||
'Time' => \microtime(true),
|
'Time' => \microtime(true),
|
||||||
'MailTo' => 'MailTo',
|
'MailTo' => 'MailTo',
|
||||||
|
|
@ -660,7 +660,6 @@ class ServiceActions
|
||||||
|
|
||||||
$oException = null;
|
$oException = null;
|
||||||
$oAccount = null;
|
$oAccount = null;
|
||||||
$bLogout = true;
|
|
||||||
|
|
||||||
$sSsoHash = $_REQUEST['hash'] ?? '';
|
$sSsoHash = $_REQUEST['hash'] ?? '';
|
||||||
if (!empty($sSsoHash))
|
if (!empty($sSsoHash))
|
||||||
|
|
@ -714,9 +713,9 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->oActions->SetAuthToken($oAccount);
|
if ($oAccount instanceof Model\MainAccount) {
|
||||||
|
$this->oActions->SetAuthToken($oAccount);
|
||||||
$bLogout = !($oAccount instanceof Model\MainAccount);
|
}
|
||||||
}
|
}
|
||||||
catch (\Throwable $oException)
|
catch (\Throwable $oException)
|
||||||
{
|
{
|
||||||
|
|
@ -726,11 +725,6 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($bLogout)
|
|
||||||
{
|
|
||||||
$this->oActions->SetAuthLogoutToken();
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->oActions->Location('./');
|
$this->oActions->Location('./');
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
@ -739,7 +733,6 @@ class ServiceActions
|
||||||
{
|
{
|
||||||
$oException = null;
|
$oException = null;
|
||||||
$oAccount = null;
|
$oAccount = null;
|
||||||
$bLogout = true;
|
|
||||||
|
|
||||||
$sEmail = $_ENV['REMOTE_USER'] ?? '';
|
$sEmail = $_ENV['REMOTE_USER'] ?? '';
|
||||||
$sPassword = $_ENV['REMOTE_PASSWORD'] ?? '';
|
$sPassword = $_ENV['REMOTE_PASSWORD'] ?? '';
|
||||||
|
|
@ -749,8 +742,9 @@ class ServiceActions
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
|
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
|
||||||
$this->oActions->SetAuthToken($oAccount);
|
if ($oAccount instanceof Model\MainAccount) {
|
||||||
$bLogout = !($oAccount instanceof Model\MainAccount);
|
$this->oActions->SetAuthToken($oAccount);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
catch (\Throwable $oException)
|
catch (\Throwable $oException)
|
||||||
{
|
{
|
||||||
|
|
@ -758,9 +752,54 @@ class ServiceActions
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($bLogout)
|
$this->oActions->Location('./');
|
||||||
{
|
return '';
|
||||||
$this->oActions->SetAuthLogoutToken();
|
}
|
||||||
|
|
||||||
|
public function ServiceExternalLogin() : string
|
||||||
|
{
|
||||||
|
$this->oHttp->ServerNoCache();
|
||||||
|
|
||||||
|
$oException = null;
|
||||||
|
$oAccount = null;
|
||||||
|
|
||||||
|
if ($this->oActions->Config()->Get('labs', 'allow_external_login', false)) {
|
||||||
|
$sEmail = \trim($this->oHttp->GetRequest('Email', ''));
|
||||||
|
$sPassword = $this->oHttp->GetRequest('Password', '');
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
$oAccount = $this->oActions->LoginProcess($sEmail, $sPassword);
|
||||||
|
if ($oAccount instanceof Model\MainAccount) {
|
||||||
|
$this->oActions->SetAuthToken($oAccount);
|
||||||
|
} else {
|
||||||
|
$oAccount = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (\Throwable $oException)
|
||||||
|
{
|
||||||
|
$this->Logger()->WriteException($oException);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ('json' === \strtolower($this->oHttp->GetRequest('Output', ''))) {
|
||||||
|
\header('Content-Type: application/json; charset=utf-8');
|
||||||
|
|
||||||
|
$aResult = array(
|
||||||
|
'Action' => 'ExternalLogin',
|
||||||
|
'Result' => $oAccount ? true : false,
|
||||||
|
'ErrorCode' => 0
|
||||||
|
);
|
||||||
|
|
||||||
|
if (!$oAccount) {
|
||||||
|
if ($oException instanceof Exceptions\ClientException) {
|
||||||
|
$aResult['ErrorCode'] = $oException->getCode();
|
||||||
|
} else {
|
||||||
|
$aResult['ErrorCode'] = Notifications::AuthError;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return \MailSo\Base\Utils::Php2js($aResult, $this->Logger());
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->oActions->Location('./');
|
$this->oActions->Location('./');
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue