mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-28 09:38:53 +01:00
* Mail/OAuth: fix not working auth with custom Office365 domains outside mail wizard
Mailserver was not available, so OAuth was not detected, when trying to get a new access-token for a refresh-token
This commit is contained in:
parent
c3ec0e88cb
commit
f2eae9041a
@ -256,7 +256,8 @@ class Account implements \ArrayAccess
|
||||
if ((int)$params['acc_id'] > 0)
|
||||
{
|
||||
// read credentials from database
|
||||
$params += Credentials::read($params['acc_id'], null, $called_for ? array(0, $called_for) : $called_for, $this->on_login);
|
||||
$params += Credentials::read($params['acc_id'], null, $called_for ? array(0, $called_for) : $called_for,
|
||||
$this->on_login, $params['acc_imap_host']);
|
||||
|
||||
if (isset($params['acc_imap_admin_username']) && $params['acc_imap_admin_username'][0] === '*')
|
||||
{
|
||||
|
@ -170,9 +170,10 @@ class Credentials
|
||||
* @param int|array $account_id =null default use current user or all (in that order)
|
||||
* @param array& $on_login =null on return array with callable and further arguments
|
||||
* to run on successful login to trigger password migration
|
||||
* @param string|null $mailserver mailserver to detect oauth hosts
|
||||
* @return array with values for (imap|smtp|admin)_(username|password|cred_id)
|
||||
*/
|
||||
public static function read($acc_id, $type=null, $account_id=null, &$on_login=null)
|
||||
public static function read($acc_id, $type=null, $account_id=null, &$on_login=null, $mailserver=null)
|
||||
{
|
||||
if (is_null($type)) $type = self::ALL;
|
||||
if (is_null($account_id))
|
||||
@ -243,7 +244,7 @@ class Credentials
|
||||
{
|
||||
unset($results[$prefix.'password']);
|
||||
$results[$prefix.'refresh_token'] = self::UNAVAILABLE; // no need to make it available
|
||||
$results[$prefix.'access_token'] = self::getAccessToken($row['cred_username'], $password);
|
||||
$results[$prefix.'access_token'] = self::getAccessToken($row['cred_username'], $password, $mailserver);
|
||||
// if no extra imap&smtp username set, set the oauth one
|
||||
foreach(['acc_imap_', 'acc_smtp_'] as $pre)
|
||||
{
|
||||
@ -265,13 +266,14 @@ class Credentials
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $refresh_token
|
||||
* @param string|null $mailserver mailserver to detect oauth hosts
|
||||
* @return string|null
|
||||
*/
|
||||
static protected function getAccessToken($username, $refresh_token)
|
||||
static protected function getAccessToken($username, $refresh_token, $mailserver=null)
|
||||
{
|
||||
return Api\Cache::getInstance(__CLASS__, 'access-token-'.$username.'-'.md5($refresh_token), static function() use ($username, $refresh_token)
|
||||
return Api\Cache::getInstance(__CLASS__, 'access-token-'.$username.'-'.md5($refresh_token), static function() use ($username, $refresh_token, $mailserver)
|
||||
{
|
||||
if (!($oidc = Api\Auth\OpenIDConnectClient::byDomain($username)))
|
||||
if (!($oidc = Api\Auth\OpenIDConnectClient::byDomain($username, $mailserver)))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user