7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)

Browse Source 
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
This commit is contained in:
Niklas Meyer
2022-02-01 15:26:48 +01:00
committed by GitHub
parent 5a1ef72b82
commit 89fdd1986d
14 changed files with 112 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
data/web/api/openapi.yaml
View File

@@ -4805,7 +4805,7 @@ paths:
schema:
example:
attr:
rl_vlaue: "10"
rl_value: "10"
rl_frame: "h"
items:
- info@domain.tld
@@ -4815,7 +4815,7 @@ paths:
rl_frame:
description: contains the frame for the ratelimit h,s,m
type: string
rl_vlaue:
rl_value:
description: contains the rate for the ratelimit 10,20,50,1
type: number
type: object
@@ -4876,7 +4876,7 @@ paths:
schema:
example:
attr:
rl_vlaue: "10"
rl_value: "10"
rl_frame: "h"
items:
- domain.tld
@@ -4886,7 +4886,7 @@ paths:
rl_frame:
description: contains the frame for the ratelimit h,s,m
type: string
rl_vlaue:
rl_value:
description: contains the rate for the ratelimit 10,20,50,1
type: number
type: object

5
data/web/css/build/008-mailcow.css
View File

@@ -202,6 +202,11 @@ legend {
margin-top: 27px;
margin-bottom: 20px;
color: #959595;
display: flex;
flex-direction: column;
}
.footer .version {
margin-left: auto;
}
.slave-info {
padding: 15px 0px 15px 15px;

5
data/web/inc/footer.inc.php
View File

@@ -23,7 +23,12 @@ if (is_array($alertbox_log_parser)) {
unset($_SESSION['return']);
}
// globals
$globalVariables = [
'mailcow_info' => array(
'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
),
'js_path' => '/cache/'.basename($JSPath),
'pending_tfa_method' => @$_SESSION['pending_tfa_method'],
'pending_mailcow_cc_username' => @$_SESSION['pending_mailcow_cc_username'],

6
data/web/inc/prerequisites.inc.php
View File

@@ -10,11 +10,17 @@ $DEV_MODE = (getenv('DEV_MODE') == 'y');
}*/
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
$default_autodiscover_config = $autodiscover_config;
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
}
// auto-generated by generate-config.sh and update.sh
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php')) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php';
}
unset($https_port);
$autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);

2
data/web/inc/twig.inc.php
View File

@@ -24,4 +24,4 @@ $twig->addFunction(new TwigFunction('is_uri', function (string $uri, string $whe
// filters
$twig->addFilter(new TwigFilter('rot13', 'str_rot13'));
$twig->addFilter(new TwigFilter('base64_encode', 'base64_encode'));
$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));
$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));

16
data/web/json_api.php
View File

@@ -409,16 +409,14 @@ if (isset($_GET['query'])) {
break;
case "fido2-get-args":
header('Content-Type: application/json');
// fetch allowed credentialIds
$cids = fido2(array("action" => "get_all_cids"));
if (count($cids) == 0) {
print(json_encode(array(
'type' => 'error',
'msg' => 'Cannot find matching credentialIds'
)));
}
// Login without username, no ids!
// $ids = fido2(array("action" => "get_all_cids"));
// if (count($ids) == 0) {
// return;
// }
$ids = NULL;
$getArgs = $WebAuthn->getGetArgs($cids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
$getArgs = $WebAuthn->getGetArgs($ids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
print(json_encode($getArgs));
$_SESSION['challenge'] = $WebAuthn->getChallenge();
return;

34
data/web/sogo-auth.php
View File

@@ -75,20 +75,26 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
session_start();
// extract email address from "/SOGo/so/user@domain/xy"
$url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
$email = $url_parts[3];
// check if this email is in session allowed list
if (
!empty($email) &&
filter_var($email, FILTER_VALIDATE_EMAIL) &&
is_array($_SESSION[$session_var_user_allowed]) &&
in_array($email, $_SESSION[$session_var_user_allowed])
) {
$username = $email;
$password = $_SESSION[$session_var_pass];
header("X-User: $username");
header("X-Auth: Basic ".base64_encode("$username:$password"));
header("X-Auth-Type: Basic");
exit;
$email_list = array(
$url_parts[3], // Requested mailbox
($_SESSION['mailcow_cc_username'] ?? ''), // Current user
($_SESSION["dual-login"]["username"] ?? ''), // Dual login user
);
foreach($email_list as $email) {
// check if this email is in session allowed list
if (
!empty($email) &&
filter_var($email, FILTER_VALIDATE_EMAIL) &&
is_array($_SESSION[$session_var_user_allowed]) &&
in_array($email, $_SESSION[$session_var_user_allowed])
) {
$username = $email;
$password = $_SESSION[$session_var_pass];
header("X-User: $username");
header("X-Auth: Basic ".base64_encode("$username:$password"));
header("X-Auth-Type: Basic");
exit;
}
}
}

34
data/web/templates/admin.twig
View File

@@ -38,22 +38,24 @@
<div class="row">
<div class="col-md-12">
{% include 'admin/tab-config-admins.twig' %}
{% include 'admin/tab-ldap.twig' %}
{% include 'admin/tab-config-oauth2.twig' %}
{% include 'admin/tab-config-rspamd.twig' %}
{% include 'admin/tab-routing.twig' %}
{% include 'admin/tab-config-dkim.twig' %}
{% include 'admin/tab-config-fwdhosts.twig' %}
{% include 'admin/tab-config-f2b.twig' %}
{% include 'admin/tab-config-quarantine.twig' %}
{% include 'admin/tab-config-quota.twig' %}
{% include 'admin/tab-config-rsettings.twig' %}
{% include 'admin/tab-config-customize.twig' %}
{% include 'admin/tab-config-password-policy.twig' %}
{% include 'admin/tab-sys-mails.twig' %}
{% include 'admin/tab-mailq.twig' %}
{% include 'admin/tab-globalfilter-regex.twig' %}
<div class="tab-content" style="padding-top:20px">
{% include 'admin/tab-config-admins.twig' %}
{% include 'admin/tab-ldap.twig' %}
{% include 'admin/tab-config-oauth2.twig' %}
{% include 'admin/tab-config-rspamd.twig' %}
{% include 'admin/tab-routing.twig' %}
{% include 'admin/tab-config-dkim.twig' %}
{% include 'admin/tab-config-fwdhosts.twig' %}
{% include 'admin/tab-config-f2b.twig' %}
{% include 'admin/tab-config-quarantine.twig' %}
{% include 'admin/tab-config-quota.twig' %}
{% include 'admin/tab-config-rsettings.twig' %}
{% include 'admin/tab-config-customize.twig' %}
{% include 'admin/tab-config-password-policy.twig' %}
{% include 'admin/tab-sys-mails.twig' %}
{% include 'admin/tab-mailq.twig' %}
{% include 'admin/tab-globalfilter-regex.twig' %}
</div>
</div> <!-- /col-md-12 -->
</div> <!-- /row -->

9
data/web/templates/admin/tab-config-admins.twig
View File

@@ -1,5 +1,4 @@
<div class="tab-content" style="padding-top:20px">
<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
<div class="panel panel-danger">
<div class="panel-heading xs-show">{{ lang.admin.admin_details }}</div>
<div class="panel-body">
@@ -61,7 +60,8 @@
<th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
</tr>
{% include 'fido2.twig' %}
</table>
</table>
</div>
</div>
<br>
</div>
@@ -221,8 +221,6 @@
</div>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading xs-show">{{ lang.admin.domain_admins }}</div>
<div class="panel-body">
@@ -248,3 +246,4 @@
</div>
</div>
</div>

8
data/web/templates/base.twig
View File

@@ -423,6 +423,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
{% if ui_texts.ui_footer %}
<hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
{% endif %}
{% if mailcow_cc_username and mailcow_info.version_tag|default %}
<span class="version">
🐮 + 🐋 = 💕
<a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">
Version: {{ mailcow_info.version_tag }}
</a>
</span>
{% endif %}
</div>
</body>
</html>