mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-30 20:04:30 +01:00
* Mail: allow to edit/fix mail account if no session password is available e.g. SAML or OpenIdConnect SSO login
This commit is contained in:
parent
6de9a15cb8
commit
4f50e6e31c
@ -224,7 +224,12 @@ class Credentials
|
||||
{
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$password = self::decrypt($row);
|
||||
}
|
||||
catch (NoSessionPassword $e) {
|
||||
$password = self::UNAVAILABLE;
|
||||
}
|
||||
|
||||
// Remove special x char added to the end for \0 trimming escape.
|
||||
if ($type == self::SMIME && substr($password, -1) === 'x') $password = substr($password, 0, -1);
|
||||
@ -533,7 +538,12 @@ class Credentials
|
||||
if (empty($key))
|
||||
{
|
||||
if ($account_id > 0 && $account_id == $GLOBALS['egw_info']['user']['account_id'] &&
|
||||
($key = Api\Cache::getSession('phpgwapi', 'password')))
|
||||
($key = Api\Cache::getSession('phpgwapi', 'password')) &&
|
||||
// do NOT encrypt password if (optional) SAML or OpenIdConnect auth is enabled
|
||||
!array_filter(array_keys(Api\Config::read('phpgwapi')), static function($name)
|
||||
{
|
||||
return str_ends_with($name, '_discovery');
|
||||
}))
|
||||
{
|
||||
$pw_enc = self::USER_AES;
|
||||
$key = base64_decode($key);
|
||||
@ -687,7 +697,7 @@ class Credentials
|
||||
$session_key = Api\Cache::getSession('phpgwapi', 'password');
|
||||
if (empty($session_key))
|
||||
{
|
||||
throw new Api\Exception\AssertionFailed("No session password available!");
|
||||
throw new NoSessionPassword();
|
||||
}
|
||||
$key = base64_decode($session_key);
|
||||
}
|
||||
@ -922,3 +932,14 @@ class Credentials
|
||||
return isset($GLOBALS['egw_setup']) ? $GLOBALS['egw_setup']->db : $GLOBALS['egw']->db;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Exception thrown if session has NO user password stored e.g. SingleSignOn via Saml or OpenIdConnect
|
||||
*/
|
||||
class NoSessionPassword extends Api\Exception\AssertionFailed
|
||||
{
|
||||
public function __construct(?string $msg=null, $code=100, ?\Throwable $previous=null)
|
||||
{
|
||||
parent::__construct($msg ?: "No session password available!", $code, $previous);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user