From 8aca24e5208346643d7b45c7c4bdd7f8cf71544b Mon Sep 17 00:00:00 2001 From: ralf Date: Fri, 23 Jun 2023 14:55:31 +0200 Subject: [PATCH] * Calendar: freebusy.php uses .vfb extension for better Outlook compatibility and fix using "cred" GET parameter with base64 encoded credentials --- calendar/freebusy.php | 58 +++++++++++++------------------------------ 1 file changed, 17 insertions(+), 41 deletions(-) diff --git a/calendar/freebusy.php b/calendar/freebusy.php index ebaf512589..df89edce17 100644 --- a/calendar/freebusy.php +++ b/calendar/freebusy.php @@ -32,11 +32,16 @@ $GLOBALS['egw_info'] = array( require_once __DIR__.'/../api/src/autoload.php'; if (!($logged_in = !empty(Api\Session::get_sessionid()))) { - // support basic auth for regular user-credentials - if (!empty($_SERVER['PHP_AUTH_PW']) || !empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) + // support basic auth and $_GET[cred] for regular user-credentials + if (!empty($_SERVER['PHP_AUTH_PW']) || !empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) || !empty($_GET['cred'])) { $GLOBALS['egw_info']['flags']['autocreate_session_callback'] = Api\Header\Authenticate::class.'::autocreate_session_callback'; $logged_in = true; // header sends 401, if not authenticated + // make $_GET[cred] work by using REDIRECT_HTTP_AUTHORIZATION + if (!empty($_GET['cred'])) + { + $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = 'Basic '.$_GET['cred']; + } } else { @@ -54,7 +59,7 @@ if (!$logged_in) // fix for SOGo connector, which does not decode the = in our f/b url if (strpos($_SERVER['QUERY_STRING'],'=3D') !== false && substr($_GET['user'],0,2) == '3D') { - foreach(['user', 'email', 'password', 'cred'] as $name) + foreach(['user', 'email', 'password'] as $name) { if (isset($_GET[$name])) $_GET[$name] = substr($_GET[$name],2); } @@ -79,43 +84,14 @@ if ($user === false || !($username = $GLOBALS['egw']->accounts->id2name($user))) } if (!$logged_in) { - if (empty($_GET['cred'])) - { - $GLOBALS['egw_info']['user']['account_id'] = $user; - $GLOBALS['egw_info']['user']['account_lid'] = $username; - $GLOBALS['egw']->preferences->account_id = $user; - $GLOBALS['egw_info']['user']['preferences'] = $GLOBALS['egw']->preferences->read_repository(); - $cal_prefs = &$GLOBALS['egw_info']['user']['preferences']['calendar']; - $logged_in = !empty($cal_prefs['freebusy']) && - (empty($cal_prefs['freebusy_pw']) || $cal_prefs['freebusy_pw'] == $_GET['password']); - } - else - { - $credentials = base64_decode($_GET['cred']); - list($authuser, $password) = explode(':', $credentials, 2); - if (strpos($authuser, '@') === false) - { - $domain = $GLOBALS['egw_info']['server']['default_domain']; - $authuser .= '@' . $domain; - } - else - { - list(, $domain) = explode('@',$authuser, 2); - } - if (array_key_exists($domain, $GLOBALS['egw_domain'])) - { - $_POST['login'] = $authuser; - $_REQUEST['domain'] = $domain; - $GLOBALS['egw_info']['server']['default_domain'] = $domain; - $GLOBALS['egw_info']['user']['domain'] = $domain; - $GLOBALS['egw_info']['flags']['currentapp'] = 'login'; - $GLOBALS['egw_info']['flags']['noapi'] = false; - $logged_in = $GLOBALS['egw']->session->create($authuser, $password, 'text'); - session_unset(); - session_destroy(); - } - } - if (!$logged_in) + $GLOBALS['egw_info']['user']['account_id'] = $user; + $GLOBALS['egw_info']['user']['account_lid'] = $username; + $GLOBALS['egw']->preferences->account_id = $user; + $GLOBALS['egw_info']['user']['preferences'] = $GLOBALS['egw']->preferences->read_repository(); + $cal_prefs = &$GLOBALS['egw_info']['user']['preferences']['calendar']; + + if (!($logged_in = !empty($cal_prefs['freebusy']) && + (empty($cal_prefs['freebusy_pw']) || $cal_prefs['freebusy_pw'] == $_GET['password']))) { throw new Api\Exception\NoPermission\AuthenticationRequired(lang("freebusy: unknown user '%1', or not available for unauthenticated users!", $_GET['user'])); } @@ -126,7 +102,7 @@ if ($_GET['debug']) } else { - Api\Header\Content::type('freebusy.ifb','text/calendar'); + Api\Header\Content::type('freebusy.vfb','text/calendar'); } $ical = new calendar_ical(); echo $ical->freebusy($user, $_GET['end']); \ No newline at end of file