mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-28 19:03:14 +01:00
if authenticated via token we have to use the admin connection, but only for the user authenticated as
This commit is contained in:
parent
fb87f5f173
commit
da49ce2924
@ -200,6 +200,11 @@ class Session
|
||||
*/
|
||||
public $limits=null;
|
||||
|
||||
/**
|
||||
* @var bool true: authenticated by token, not password, false: authenticated by password
|
||||
*/
|
||||
public $token_auth=false;
|
||||
|
||||
/**
|
||||
* Constructor just loads up some defaults from cookies
|
||||
*
|
||||
@ -720,6 +725,7 @@ class Session
|
||||
public function authenticate()
|
||||
{
|
||||
$is_valid_token = Auth\Token::authenticate($this->account_lid, $this->passwd, $this->limits);
|
||||
$this->token_auth = (bool)$is_valid_token;
|
||||
if (!isset($is_valid_token))
|
||||
{
|
||||
return $GLOBALS['egw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type);
|
||||
@ -994,8 +1000,9 @@ class Session
|
||||
'session_flags' => $session_flags,
|
||||
// we need the install-id to differ between several installations sharing one tmp-dir
|
||||
'session_install_id' => $GLOBALS['egw_info']['server']['install_id'],
|
||||
// we need to preserve the limits
|
||||
// we need to preserve the limits and if authenticated via token
|
||||
'session_limits' => $this->limits,
|
||||
'session_token_auth' => $this->token_auth,
|
||||
);
|
||||
}
|
||||
|
||||
@ -1316,8 +1323,9 @@ class Session
|
||||
}
|
||||
$session =& $_SESSION[self::EGW_SESSION_VAR];
|
||||
|
||||
// we need to restore the limits
|
||||
// we need to restore the limits and if authenticated via token
|
||||
$this->limits = $session['session_limits'];
|
||||
$this->token_auth = $session['session_token_auth'];
|
||||
|
||||
if ($session['session_dla'] <= time() - $GLOBALS['egw_info']['server']['sessions_timeout'])
|
||||
{
|
||||
|
@ -53,6 +53,10 @@ class ApiHandler extends Api\CalDAV\Handler
|
||||
{
|
||||
$prefix = '/'.Api\Accounts::id2name($user);
|
||||
if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix));
|
||||
if ($user != $GLOBALS['egw_info']['user']['account_id'])
|
||||
{
|
||||
throw new \Exception("/mail is NOT available for users other than the one you authenticated!", 403);
|
||||
}
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
|
||||
@ -192,18 +196,30 @@ class ApiHandler extends Api\CalDAV\Handler
|
||||
throw new \Exception("Invalid attribute: ".implode(', ', $invalid), 400);
|
||||
}
|
||||
$vacation_rule = null;
|
||||
$sieve = new Api\Mail\Sieve($account->imapServer());
|
||||
$sieve->setVacation(array_merge([ // some defaults
|
||||
$vacation = array_merge([ // some defaults
|
||||
'status' => 'on',
|
||||
'addresses' => [Api\Accounts::id2name($user, 'account_email')],
|
||||
'days' => 3,
|
||||
], $vacation, $update), null, $vacation_rule, true);
|
||||
echo json_encode([
|
||||
], $vacation, $update);
|
||||
// for token-auth we have to use the admin connection
|
||||
if ($GLOBALS['egw']->session->token_auth)
|
||||
{
|
||||
if (!$account->imapServer()->setVacationUser($user, $vacation))
|
||||
{
|
||||
throw new \Exception($account->imapServer()->error ?: 'Error updating sieve-script');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$sieve = new Api\Mail\Sieve($account->imapServer());
|
||||
$sieve->setVacation($vacation, null, $vacation_rule, true);
|
||||
}
|
||||
echo json_encode(array_filter([
|
||||
'status' => 200,
|
||||
'message' => 'Vacation handling updated',
|
||||
'vacation_rule' => $vacation_rule,
|
||||
'vacation' => self::returnVacation($account->imapServer()->getVacationUser($user)),
|
||||
], self::JSON_RESPONSE_OPTIONS);
|
||||
]), self::JSON_RESPONSE_OPTIONS);
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -407,6 +423,9 @@ class ApiHandler extends Api\CalDAV\Handler
|
||||
* @return mixed boolean true on success, false on failure or string with http status (eg. '404 Not Found')
|
||||
*/
|
||||
function get(&$options,$id,$user=null)
|
||||
{
|
||||
header('Content-Type: application/json');
|
||||
try
|
||||
{
|
||||
$path = rtrim($options['path'], '/');
|
||||
if (empty($user))
|
||||
@ -417,10 +436,11 @@ class ApiHandler extends Api\CalDAV\Handler
|
||||
{
|
||||
$prefix = '/'.Api\Accounts::id2name($user);
|
||||
if (str_starts_with($path, $prefix)) $path = substr($path, strlen($prefix));
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
try
|
||||
if ($user != $GLOBALS['egw_info']['user']['account_id'])
|
||||
{
|
||||
throw new \Exception("/mail is NOT available for users other than the one you authenticated!", 403);
|
||||
}
|
||||
}
|
||||
switch ($path)
|
||||
{
|
||||
case '/mail':
|
||||
|
Loading…
Reference in New Issue
Block a user