7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

exclude oauth clients & app passwords from mailbox tfa

This commit is contained in:
FreddleSpl0it 2022-07-14 18:55:35 +02:00
parent be08742653
commit 0342ae926c
No known key found for this signature in database
GPG Key ID: 6315227FF33D2425
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
data/web/inc/functions.inc.php
View File

@ -834,7 +834,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false)
if (verify_hash($row['password'], $pass)) { if (verify_hash($row['password'], $pass)) {
// check for tfa authenticators // check for tfa authenticators
$authenticators = get_tfa($user); $authenticators = get_tfa($user);
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) {
// active tfa authenticators found, set pending user login // active tfa authenticators found, set pending user login
$_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_username'] = $user;
$_SESSION['pending_mailcow_cc_role'] = "admin"; $_SESSION['pending_mailcow_cc_role'] = "admin";
@ -873,7 +873,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false)
if (verify_hash($row['password'], $pass) !== false) { if (verify_hash($row['password'], $pass) !== false) {
// check for tfa authenticators // check for tfa authenticators
$authenticators = get_tfa($user); $authenticators = get_tfa($user);
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) {
$_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_username'] = $user;
$_SESSION['pending_mailcow_cc_role'] = "domainadmin"; $_SESSION['pending_mailcow_cc_role'] = "domainadmin";
$_SESSION['pending_tfa_methods'] = $authenticators['additional']; $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
@ -954,7 +954,8 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false)
); );
return "pending"; return "pending";
} }
} else { }
if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
$service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
@ -974,7 +975,6 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false)
return "user"; return "user";
} }
} }
}
if (!isset($_SESSION['ldelay'])) { if (!isset($_SESSION['ldelay'])) {
$_SESSION['ldelay'] = "0"; $_SESSION['ldelay'] = "0";