From b0f5cfbcdb37b887888e8274b3efb179a816f22f Mon Sep 17 00:00:00 2001 From: ralf Date: Wed, 25 Jan 2023 13:38:40 +0100 Subject: [PATCH] improve OAuth mail authentication by not opening wizard multiple time also avoid authentication loop, if there is an error --- admin/inc/class.admin_mail.inc.php | 13 +++++++++---- mail/inc/class.mail_ui.inc.php | 15 +++++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/admin/inc/class.admin_mail.inc.php b/admin/inc/class.admin_mail.inc.php index 72898fd93d..3046c918fa 100644 --- a/admin/inc/class.admin_mail.inc.php +++ b/admin/inc/class.admin_mail.inc.php @@ -33,7 +33,7 @@ class admin_mail /** * Enable logging of IMAP communication to given path, eg. /tmp/autoconfig.log */ - const DEBUG_LOG = '/var/lib/egroupware/imap.log'; + const DEBUG_LOG = null; //'/var/lib/egroupware/imap.log'; /** * Connection timeout in seconds used in autoconfig, can and should be really short! */ @@ -1243,7 +1243,9 @@ class admin_mail $sel_options['acc_smtp_ssl'] = self::$ssl_types; // admin access to account with no credentials available - if ($this->is_admin && (!empty($content['called_for']) || empty($content['acc_imap_host']) || $content['called_for'])) + if ($this->is_admin && (!empty($content['called_for']) || empty($content['acc_imap_host']) || $content['called_for']) || + // if OAuth failed, do not try to connect and trigger next authentication(-failure), but show failure message + !empty($content['oauth_failure'])) { // can't connection to imap --> allow free entries in taglists foreach(array('acc_folder_sent', 'acc_folder_trash', 'acc_folder_draft', 'acc_folder_template', 'acc_folder_junk') as $folder) @@ -1523,7 +1525,7 @@ class admin_mail // Google requires access_type=offline&prompt=consent to return a refresh-token if (!empty($content[OpenIDConnectClient::ADD_AUTH_PARAM])) { - $oidc->addAuthParam(str_replace('$username', $content['acc_oauth_username'] ?? $content['acc_imap_username'], $content[OpenIDConnectClient::ADD_AUTH_PARAM])); + $oidc->addAuthParam(str_replace('$username', $content['acc_oauth_username'] ?? $content['acc_imap_username'] ?? $content['ident_email'], $content[OpenIDConnectClient::ADD_AUTH_PARAM])); } // we need to use response_code=query / GET request to keep our session token! @@ -1571,8 +1573,10 @@ class admin_mail $GLOBALS['egw_info']['flags']['currentapp'] = 'admin'; $obj = new self; + unset($content['oauth_failure']); if (!empty($content['acc_id'])) { + $content['button'] = ['save' => true]; // automatic save token, refresh mail app and close popup $obj->edit($content, lang('Use save or apply to store the received OAuth token!'), 'info'); } else @@ -1592,6 +1596,7 @@ class admin_mail $GLOBALS['egw_info']['flags']['currentapp'] = 'admin'; $obj = new self; + $content['oauth_failure'] = $exception ?: true; if (!empty($content['acc_id'])) { $obj->edit($content, lang('OAuth Authentiction').': '.($exception ? $exception->getMessage() : lang('failed')), 'error'); @@ -1811,4 +1816,4 @@ class admin_mail_logger { fwrite($this->fp, $msg."\n"); } -} +} \ No newline at end of file diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index 750543a4db..a2c4932aaa 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -192,6 +192,21 @@ class mail_ui 'msg_type' => $msg_type ); + // if we already called the wizard, ignore further calls for 5min = 300s + if (!Api\Cache::getSession(__CLASS__, $id='call-wizzard-'.self::$icServerID)) + { + Api\Cache::setSession(__CLASS__, $id, self::$icServerID, 300); + } + // ignore further calls / one popup is enough + elseif($exit) + { + exit; + } + else + { + return; + } + if (Api\Json\Response::isJSONResponse()) { $response = Api\Json\Response::get();