extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-25 14:41:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

if authenticated via token we have to use the admin connection, but only for the user authenticated as

Browse Source
This commit is contained in:
ralf 2023-08-03 10:22:45 +02:00
parent fb87f5f173
commit da49ce2924
2 changed files with 45 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/Session.php
View File

@ -200,6 +200,11 @@ class Session
*/ */
public $limits=null; public $limits=null;
/**
* @var bool true: authenticated by token, not password, false: authenticated by password
*/
public $token_auth=false;
/** /**
* Constructor just loads up some defaults from cookies * Constructor just loads up some defaults from cookies
* *
@ -720,6 +725,7 @@ class Session
public function authenticate() public function authenticate()
{ {
$is_valid_token = Auth\Token::authenticate($this->account_lid, $this->passwd, $this->limits); $is_valid_token = Auth\Token::authenticate($this->account_lid, $this->passwd, $this->limits);
$this->token_auth = (bool)$is_valid_token;
if (!isset($is_valid_token)) if (!isset($is_valid_token))
{ {
return $GLOBALS['egw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type); return $GLOBALS['egw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type);
@ -994,8 +1000,9 @@ class Session
'session_flags' => $session_flags, 'session_flags' => $session_flags,
// we need the install-id to differ between several installations sharing one tmp-dir // we need the install-id to differ between several installations sharing one tmp-dir
'session_install_id' => $GLOBALS['egw_info']['server']['install_id'], 'session_install_id' => $GLOBALS['egw_info']['server']['install_id'],
// we need to preserve the limits // we need to preserve the limits and if authenticated via token
'session_limits' => $this->limits, 'session_limits' => $this->limits,
'session_token_auth' => $this->token_auth,
); );
} }
@ -1316,8 +1323,9 @@ class Session
} }
$session =& $_SESSION[self::EGW_SESSION_VAR]; $session =& $_SESSION[self::EGW_SESSION_VAR];
// we need to restore the limits // we need to restore the limits and if authenticated via token
$this->limits = $session['session_limits']; $this->limits = $session['session_limits'];
$this->token_auth = $session['session_token_auth'];
if ($session['session_dla'] <= time() - $GLOBALS['egw_info']['server']['sessions_timeout']) if ($session['session_dla'] <= time() - $GLOBALS['egw_info']['server']['sessions_timeout'])
{ {

36
mail/src/ApiHandler.php
View File

@ -53,6 +53,10 @@ class ApiHandler extends Api\CalDAV\Handler
{ {
$prefix = '/'.Api\Accounts::id2name($user); $prefix = '/'.Api\Accounts::id2name($user);
if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix)); if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix));
if ($user != $GLOBALS['egw_info']['user']['account_id'])
{
throw new \Exception("/mail is NOT available for users other than the one you authenticated!", 403);
}
} }
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -192,18 +196,30 @@ class ApiHandler extends Api\CalDAV\Handler
throw new \Exception("Invalid attribute: ".implode(', ', $invalid), 400); throw new \Exception("Invalid attribute: ".implode(', ', $invalid), 400);
} }
$vacation_rule = null; $vacation_rule = null;
$sieve = new Api\Mail\Sieve($account->imapServer()); $vacation = array_merge([ // some defaults
$sieve->setVacation(array_merge([ // some defaults
'status' => 'on', 'status' => 'on',
'addresses' => [Api\Accounts::id2name($user, 'account_email')], 'addresses' => [Api\Accounts::id2name($user, 'account_email')],
'days' => 3, 'days' => 3,
], $vacation, $update), null, $vacation_rule, true); ], $vacation, $update);
echo json_encode([ // for token-auth we have to use the admin connection
if ($GLOBALS['egw']->session->token_auth)
{
if (!$account->imapServer()->setVacationUser($user, $vacation))
{
throw new \Exception($account->imapServer()->error ?: 'Error updating sieve-script');
}
}
else
{
$sieve = new Api\Mail\Sieve($account->imapServer());
$sieve->setVacation($vacation, null, $vacation_rule, true);
}
echo json_encode(array_filter([
'status' => 200, 'status' => 200,
'message' => 'Vacation handling updated', 'message' => 'Vacation handling updated',
'vacation_rule' => $vacation_rule, 'vacation_rule' => $vacation_rule,
'vacation' => self::returnVacation($account->imapServer()->getVacationUser($user)), 'vacation' => self::returnVacation($account->imapServer()->getVacationUser($user)),
], self::JSON_RESPONSE_OPTIONS); ]), self::JSON_RESPONSE_OPTIONS);
return true; return true;
} }
@ -407,6 +423,9 @@ class ApiHandler extends Api\CalDAV\Handler
* @return mixed boolean true on success, false on failure or string with http status (eg. '404 Not Found') * @return mixed boolean true on success, false on failure or string with http status (eg. '404 Not Found')
*/ */
function get(&$options,$id,$user=null) function get(&$options,$id,$user=null)
{
header('Content-Type: application/json');
try
{ {
$path = rtrim($options['path'], '/'); $path = rtrim($options['path'], '/');
if (empty($user)) if (empty($user))
@ -417,10 +436,11 @@ class ApiHandler extends Api\CalDAV\Handler
{ {
$prefix = '/'.Api\Accounts::id2name($user); $prefix = '/'.Api\Accounts::id2name($user);
if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix)); if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix));
} if ($user != $GLOBALS['egw_info']['user']['account_id'])
header('Content-Type: application/json');
try
{ {
throw new \Exception("/mail is NOT available for users other than the one you authenticated!", 403);
}
}
switch ($path) switch ($path)
{ {
case '/mail': case '/mail':