add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins

data/conf/dovecot/dovecot.conf

@@ -389,4 +389,5 @@ auth_cache_negative_ttl = 0
 auth_cache_ttl = 30 s
 auth_cache_size = 2 M
 !include_try /usr/local/etc/dovecot/extra.conf
+!include_try /usr/local/etc/dovecot/sogo-sso.conf
 default_client_limit = 10400

data/conf/nginx/site.conf

@@ -164,6 +164,17 @@ server {
     client_max_body_size 0;
   }
 
+  # auth_request endpoint if ALLOW_ADMIN_EMAIL_LOGIN is set
+  location /sogo-auth-verify {
+    internal;
+    proxy_set_header  X-Original-URI $request_uri;
+    proxy_set_header  X-Real-IP $remote_addr;
+    proxy_set_header  Host $http_host;
+    proxy_set_header  Content-Length "";
+    proxy_pass        http://127.0.0.1:80/sogo-auth;
+    proxy_pass_request_body off;
+  }
+
   location ^~ /SOGo {
     include /etc/nginx/conf.d/sogo.active;
     proxy_set_header X-Real-IP $remote_addr;

data/conf/nginx/templates/sogo.auth_request.template.sh

@@ -0,0 +1,7 @@
+if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
+    echo '
+auth_request /sogo-auth-verify;
+auth_request_set $user $upstream_http_x_username;
+proxy_set_header x-webobjects-remote-user $user;
+'
+fi

data/conf/sogo/sogo.conf

@@ -83,4 +83,6 @@
   //SOGoUIxDebugEnabled = YES;
   //WODontZipResponse = YES;
     WOLogFile = "/dev/sogo_log";
+
+    SOGoTrustProxyAuthentication = YES;
 }