From 6835fd023e831b5b88f3f7faaccd463c821e85e7 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 16 Mar 2018 11:01:07 +0100 Subject: [PATCH] * API: webservice call when password has been changed outside EGroupware to eg. re-encrypting (mail) credentials Can be used eg. via CURL *after* password has been changed: echo ' | curl --user --data-raw '' -X POST https://egw.domain.com/egroupware/api/changepwd.php --- api/changepwd.php | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 api/changepwd.php diff --git a/api/changepwd.php b/api/changepwd.php new file mode 100644 index 0000000000..af2d245553 --- /dev/null +++ b/api/changepwd.php @@ -0,0 +1,64 @@ +' | curl --user --data-raw '' -X POST https://egw.domain.com/egroupware/api/changepwd.php + * + * (You can also use --data @ instead of --date-raw '') + * + * It will connect with EGroupware (verifying the certificate), authenticate with + * the new credentials and send in a POST request the old credentials. + * + * EGroupware will then re-encrypt everything encrypted with the session password: + * - mail credentials + * - private S/Mime keys + * - let all EGroupware apps know about the password change + * + * Hook will give the following http status: + * - "204 No Content" on success / credentials are changed + * - "401 Unauthorized", if new password is wrong or not supplied via basic auth + * - "500 Internal server error" on error + * + * For Apache FCGI you need the following rewrite rule: + * + * RewriteEngine on + * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] + * + * Otherwise authentication request will be send over and over again, as password is NOT available to PHP! + * + * @link http://www.egroupware.org + * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License + * @package api + * @author Ralf Becker + * @copyright (c) 2018 by Ralf Becker + */ + +use EGroupware\Api; + +$GLOBALS['egw_info'] = array( + 'flags' => array( + 'disable_Template_class' => True, + 'noheader' => True, + 'currentapp' => 'api', + 'autocreate_session_callback' => 'EGroupware\Api\Header\Authenticate::autocreate_session_callback', + ) +); + +// if you move this file somewhere else, you need to adapt the path to the header! +require(dirname(__DIR__).'/header.inc.php'); + + +try { + $old_password = file_get_contents('php://input'); + if (empty($old_password)) throw new Exception('Old password must not be empty!'); + + Api\Auth::changepwd($old_password); + http_response_code(204); // No Content +} +catch (\Exception $e) { + http_response_code(500); + header('Content-Type: text/plain; charset=utf-8'); + echo $e->getMessage()."\n"; +} \ No newline at end of file