Merge pull request #2 from mailcow/master

Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)

.gitignore

@@ -56,6 +56,7 @@ data/web/templates/cache/*
 data/web/.well-known/acme-challenge
 data/web/css/build/0081-custom-mailcow.css
 data/web/inc/vars.local.inc.php
+data/web/inc/app_info.inc.php
 data/web/nextcloud*/
 data/web/rc*/
 docker-compose.override.yml

data/web/css/build/008-mailcow.css

@@ -202,6 +202,11 @@ legend {
   margin-top: 27px;
   margin-bottom: 20px;
   color: #959595;
+  display: flex;
+  flex-direction: column;
+}
+.footer .version {
+    margin-left: auto;
 }
 .slave-info {
   padding: 15px 0px 15px 15px;

data/web/inc/footer.inc.php

@@ -23,7 +23,12 @@ if (is_array($alertbox_log_parser)) {
   unset($_SESSION['return']);
 }
 
+// globals
 $globalVariables = [
+  'mailcow_info' => array(
+    'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
+    'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
+  ),
   'js_path' => '/cache/'.basename($JSPath),
   'pending_tfa_method' => @$_SESSION['pending_tfa_method'],
   'pending_mailcow_cc_username' => @$_SESSION['pending_mailcow_cc_username'],

data/web/inc/prerequisites.inc.php

@@ -10,11 +10,17 @@ $DEV_MODE = (getenv('DEV_MODE') == 'y');
 }*/
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+
 $default_autodiscover_config = $autodiscover_config;
 
 if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
   include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
 }
+
+// auto-generated by generate-config.sh and update.sh
+if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php')) {
+    require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php';
+}
 unset($https_port);
 $autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
 

data/web/inc/twig.inc.php

@@ -24,4 +24,4 @@ $twig->addFunction(new TwigFunction('is_uri', function (string $uri, string $whe
 // filters
 $twig->addFilter(new TwigFilter('rot13', 'str_rot13'));
 $twig->addFilter(new TwigFilter('base64_encode', 'base64_encode'));
-$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));
+$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));

data/web/json_api.php

@@ -409,16 +409,14 @@ if (isset($_GET['query'])) {
         break;
         case "fido2-get-args":
           header('Content-Type: application/json');
-          // fetch allowed credentialIds
-          $cids = fido2(array("action" => "get_all_cids"));
-          if (count($cids) == 0) {  
-            print(json_encode(array(
-                'type' => 'error',
-                'msg' => 'Cannot find matching credentialIds'
-            )));
-          }
+          // Login without username, no ids!
+          // $ids = fido2(array("action" => "get_all_cids"));
+          // if (count($ids) == 0) {
+            // return;
+          // }
+          $ids = NULL;
 
-          $getArgs = $WebAuthn->getGetArgs($cids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
+          $getArgs = $WebAuthn->getGetArgs($ids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
           print(json_encode($getArgs));
           $_SESSION['challenge'] = $WebAuthn->getChallenge();
           return;

data/web/sogo-auth.php

@@ -75,20 +75,26 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
   session_start();
   // extract email address from "/SOGo/so/user@domain/xy"
   $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
-  $email = $url_parts[3];
-  // check if this email is in session allowed list
-  if (
-      !empty($email) &&
-      filter_var($email, FILTER_VALIDATE_EMAIL) &&
-      is_array($_SESSION[$session_var_user_allowed]) &&
-      in_array($email, $_SESSION[$session_var_user_allowed])
-  ) {
-    $username = $email;
-    $password = $_SESSION[$session_var_pass];
-    header("X-User: $username");
-    header("X-Auth: Basic ".base64_encode("$username:$password"));
-    header("X-Auth-Type: Basic");
-    exit;
+  $email_list = array(
+      $url_parts[3],                                // Requested mailbox
+      ($_SESSION['mailcow_cc_username'] ?? ''),     // Current user
+      ($_SESSION["dual-login"]["username"] ?? ''),  // Dual login user
+  );
+  foreach($email_list as $email) {
+    // check if this email is in session allowed list
+    if (
+        !empty($email) &&
+        filter_var($email, FILTER_VALIDATE_EMAIL) &&
+        is_array($_SESSION[$session_var_user_allowed]) &&
+        in_array($email, $_SESSION[$session_var_user_allowed])
+    ) {
+      $username = $email;
+      $password = $_SESSION[$session_var_pass];
+      header("X-User: $username");
+      header("X-Auth: Basic ".base64_encode("$username:$password"));
+      header("X-Auth-Type: Basic");
+      exit;
+    }
   }
 }
 

data/web/templates/admin.twig

@@ -38,22 +38,24 @@
 
 <div class="row">
   <div class="col-md-12">
-    {% include 'admin/tab-config-admins.twig' %}
-    {% include 'admin/tab-ldap.twig' %}
-    {% include 'admin/tab-config-oauth2.twig' %}
-    {% include 'admin/tab-config-rspamd.twig' %}
-    {% include 'admin/tab-routing.twig' %}
-    {% include 'admin/tab-config-dkim.twig' %}
-    {% include 'admin/tab-config-fwdhosts.twig' %}
-    {% include 'admin/tab-config-f2b.twig' %}
-    {% include 'admin/tab-config-quarantine.twig' %}
-    {% include 'admin/tab-config-quota.twig' %}
-    {% include 'admin/tab-config-rsettings.twig' %}
-    {% include 'admin/tab-config-customize.twig' %}
-    {% include 'admin/tab-config-password-policy.twig' %}
-    {% include 'admin/tab-sys-mails.twig' %}
-    {% include 'admin/tab-mailq.twig' %}
-    {% include 'admin/tab-globalfilter-regex.twig' %}
+    <div class="tab-content" style="padding-top:20px">
+      {% include 'admin/tab-config-admins.twig' %}
+      {% include 'admin/tab-ldap.twig' %}
+      {% include 'admin/tab-config-oauth2.twig' %}
+      {% include 'admin/tab-config-rspamd.twig' %}
+      {% include 'admin/tab-routing.twig' %}
+      {% include 'admin/tab-config-dkim.twig' %}
+      {% include 'admin/tab-config-fwdhosts.twig' %}
+      {% include 'admin/tab-config-f2b.twig' %}
+      {% include 'admin/tab-config-quarantine.twig' %}
+      {% include 'admin/tab-config-quota.twig' %}
+      {% include 'admin/tab-config-rsettings.twig' %}
+      {% include 'admin/tab-config-customize.twig' %}
+      {% include 'admin/tab-config-password-policy.twig' %}
+      {% include 'admin/tab-sys-mails.twig' %}
+      {% include 'admin/tab-mailq.twig' %}
+      {% include 'admin/tab-globalfilter-regex.twig' %}
+    </div>
   </div> <!-- /col-md-12 -->
 </div> <!-- /row -->
   

data/web/templates/admin/tab-config-admins.twig

@@ -1,5 +1,4 @@
-<div class="tab-content" style="padding-top:20px">
-  <div role="tabpanel" class="tab-pane active" id="tab-config-admins">
+<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
     <div class="panel panel-danger">
       <div class="panel-heading xs-show">{{ lang.admin.admin_details }}</div>
       <div class="panel-body">
@@ -61,7 +60,8 @@
                   <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
                 </tr>
                 {% include 'fido2.twig' %}
-            </table>
+              </table>
+            </div>
           </div>
           <br>
         </div>
@@ -221,8 +221,6 @@
         </div>
       </div>
     </div>
-  </div>
-
   <div class="panel panel-default">
     <div class="panel-heading xs-show">{{ lang.admin.domain_admins }}</div>
     <div class="panel-body">
@@ -248,3 +246,4 @@
     </div>
   </div>
 </div>
+

data/web/templates/base.twig

@@ -423,6 +423,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
   {% if ui_texts.ui_footer %}
   <hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
   {% endif %}
+  {% if mailcow_cc_username and mailcow_info.version_tag|default %}
+  <span class="version">
+    🐮 + 🐋 = 💕
+    <a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">
+        Version: {{ mailcow_info.version_tag }}
+    </a>
+  </span>
+  {% endif %}
 </div>
 </body>
 </html>

docker-compose.yml

@@ -200,7 +200,7 @@ services:
         ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
         ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
         ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
-        ofelia.job-exec.sogo_eautoreply.schedule: "@every 24h"
+        ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
         ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
         ofelia.job-exec.sogo_backup.schedule: "@every 24h"
         ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""