deny changes on identity provider if it's in use

2023-07-30 11:24:07 +02:00 · 2023-07-30 11:24:07 +02:00 · ff4b4b4b61
parent 00e3339c0e
commit ff4b4b4b61
2 changed files with 35 additions and 2 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -1990,6 +1990,21 @@ function identity_provider($_action, $_data = null, $_extra = null) {
        return false;
      }

+      $stmt = $pdo->prepare("SELECT * FROM `mailbox`
+          WHERE `authsource` != 'mailcow'
+          AND `authsource` IS NOT NULL
+          AND `authsource` != :authsource");  
+      $stmt->execute(array(':authsource' => $_data['authsource']));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      if ($rows) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('authsource_in_use', $setting)
+        );
+        return false;
+      }
+
      if ($_data['authsource'] == "keycloak") {
        $_data['server_url']        = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
        $_data['mailpassword_flow'] = isset($_data['mailpassword_flow']) ? intval($_data['mailpassword_flow']) : 0;
@ -2103,9 +2118,26 @@ function identity_provider($_action, $_data = null, $_extra = null) {
        return false;
      }
      
-      $stmt = $pdo->prepare("DELETE FROM identity_provider;");
-      $stmt->execute();
+      $stmt = $pdo->query("SELECT * FROM `mailbox`
+          WHERE `authsource` != 'mailcow'
+          AND `authsource` IS NOT NULL");
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      if ($rows) {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $data_log),
+          'msg' => array('authsource_in_use', $setting)
+        );
+        return false;
+      }

+      $stmt = $pdo->query("DELETE FROM identity_provider;");
+
+      $_SESSION['return'][] =  array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $data_log),
+        'msg' => array('item_deleted', '')
+      );
      return true;
    break;
    case "init":
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@ -378,6 +378,7 @@
        "aliases_in_use": "Max. aliases must be greater or equal to %d",
        "app_name_empty": "App name cannot be empty",
        "app_passwd_id_invalid": "App password ID %s invalid",
+        "authsource_in_use": "The identity provider cannot be changed or deleted as it is currently in use by one or more users.",
        "bcc_empty": "BCC destination cannot be empty",
        "bcc_exists": "A BCC map %s exists for type %s",
        "bcc_must_be_email": "BCC destination %s is not a valid email address",