7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Dovecot] Re-add listescape...

Browse Source
This commit is contained in:
andryyy
2021-06-23 14:17:39 +02:00
parent 9544ffe174
commit b2272b8e35
6 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
data/web/sogo-auth.php
View File

@@ -1,21 +1,10 @@
<?php
$ALLOW_ADMIN_EMAIL_LOGIN = (preg_match(
"/^([yY][eE][sS]|[yY])+$/",
$_ENV["ALLOW_ADMIN_EMAIL_LOGIN"]
));
$session_var_user_allowed = 'sogo-sso-user-allowed';
$session_var_pass = 'sogo-sso-pass';
// prevent if feature is disabled
if (!$ALLOW_ADMIN_EMAIL_LOGIN) {
header('HTTP/1.0 403 Forbidden');
echo "this feature is disabled";
exit;
}
// validate credentials for basic auth requests
elseif (isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
// load prerequisites only when required
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
$username = $_SERVER['PHP_AUTH_USER'];
@@ -36,11 +25,14 @@ elseif (isset($_SERVER['PHP_AUTH_USER'])) {
elseif (isset($_GET['login'])) {
// load prerequisites only when required
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
// check permissions
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['acl']['login_as'] == "1") {
$login = html_entity_decode(rawurldecode($_GET["login"]));
// check if dual_login is active
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
// check permissions (if dual_login is active, deny sso when acl is not given)
$login = html_entity_decode(rawurldecode($_GET["login"]));
if (isset($_SESSION['mailcow_cc_role']) &&
($_SESSION['acl']['login_as'] == "1" || ($is_dual === false && $login == $_SESSION['mailcow_cc_username']))) {
if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
if (!empty(mailbox('get', 'mailbox_details', $login))) {
if (user_get_alias_details($login) !== false) {
// load master password
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
// register username and password in session
@@ -53,6 +45,7 @@ elseif (isset($_GET['login'])) {
}
}
header('HTTP/1.0 403 Forbidden');
echo "Access is forbidden";
exit;
}
// only check for admin-login on sogo GUI requests