extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-05 01:32:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

improve OAuth mail authentication by not opening wizard multiple time

Browse Source 
also avoid authentication loop, if there is an error
This commit is contained in:
ralf 2023-01-25 13:38:40 +01:00
parent 09ceed3ba2
commit b0f5cfbcdb
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
admin/inc/class.admin_mail.inc.php
View File

@ -33,7 +33,7 @@ class admin_mail
/**
* Enable logging of IMAP communication to given path, eg. /tmp/autoconfig.log
*/
const DEBUG_LOG = '/var/lib/egroupware/imap.log';
const DEBUG_LOG = null; //'/var/lib/egroupware/imap.log';
/**
* Connection timeout in seconds used in autoconfig, can and should be really short!
*/
@ -1243,7 +1243,9 @@ class admin_mail
$sel_options['acc_smtp_ssl'] = self::$ssl_types;
// admin access to account with no credentials available
if ($this->is_admin && (!empty($content['called_for']) || empty($content['acc_imap_host']) || $content['called_for']))
if ($this->is_admin && (!empty($content['called_for']) || empty($content['acc_imap_host']) || $content['called_for']) ||
// if OAuth failed, do not try to connect and trigger next authentication(-failure), but show failure message
!empty($content['oauth_failure']))
{
// can't connection to imap --> allow free entries in taglists
foreach(array('acc_folder_sent', 'acc_folder_trash', 'acc_folder_draft', 'acc_folder_template', 'acc_folder_junk') as $folder)
@ -1523,7 +1525,7 @@ class admin_mail
// Google requires access_type=offline&prompt=consent to return a refresh-token
if (!empty($content[OpenIDConnectClient::ADD_AUTH_PARAM]))
{
$oidc->addAuthParam(str_replace('$username', $content['acc_oauth_username'] ?? $content['acc_imap_username'], $content[OpenIDConnectClient::ADD_AUTH_PARAM]));
$oidc->addAuthParam(str_replace('$username', $content['acc_oauth_username'] ?? $content['acc_imap_username'] ?? $content['ident_email'], $content[OpenIDConnectClient::ADD_AUTH_PARAM]));
}
// we need to use response_code=query / GET request to keep our session token!
@ -1571,8 +1573,10 @@ class admin_mail
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';
$obj = new self;
unset($content['oauth_failure']);
if (!empty($content['acc_id']))
{
$content['button'] = ['save' => true]; // automatic save token, refresh mail app and close popup
$obj->edit($content, lang('Use save or apply to store the received OAuth token!'), 'info');
}
else
@ -1592,6 +1596,7 @@ class admin_mail
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';
$obj = new self;
$content['oauth_failure'] = $exception ?: true;
if (!empty($content['acc_id']))
{
$obj->edit($content, lang('OAuth Authentiction').': '.($exception ? $exception->getMessage() : lang('failed')), 'error');
@ -1811,4 +1816,4 @@ class admin_mail_logger
{
fwrite($this->fp, $msg."\n");
}
}
}

15
mail/inc/class.mail_ui.inc.php
View File

@ -192,6 +192,21 @@ class mail_ui
'msg_type' => $msg_type
);
// if we already called the wizard, ignore further calls for 5min = 300s
if (!Api\Cache::getSession(__CLASS__, $id='call-wizzard-'.self::$icServerID))
{
Api\Cache::setSession(__CLASS__, $id, self::$icServerID, 300);
}
// ignore further calls / one popup is enough
elseif($exit)
{
exit;
}
else
{
return;
}
if (Api\Json\Response::isJSONResponse())
{
$response = Api\Json\Response::get();