extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-24 17:04:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Mail/OAuth: fix not working auth with custom Office365 domains outside mail wizard

Browse Source 
Mailserver was not available, so OAuth was not detected, when trying to get a new access-token for a refresh-token
This commit is contained in:
ralf 2023-01-30 10:19:41 +01:00
parent c3ec0e88cb
commit f2eae9041a
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/Mail/Account.php
View File

@ -256,7 +256,8 @@ class Account implements \ArrayAccess
if ((int)$params['acc_id'] > 0)
{
// read credentials from database
$params += Credentials::read($params['acc_id'], null, $called_for ? array(0, $called_for) : $called_for, $this->on_login);
$params += Credentials::read($params['acc_id'], null, $called_for ? array(0, $called_for) : $called_for,
$this->on_login, $params['acc_imap_host']);
if (isset($params['acc_imap_admin_username']) && $params['acc_imap_admin_username'][0] === '*')
{

12
api/src/Mail/Credentials.php
View File

@ -170,9 +170,10 @@ class Credentials
* @param int|array $account_id =null default use current user or all (in that order)
* @param array& $on_login =null on return array with callable and further arguments
* to run on successful login to trigger password migration
* @param string|null $mailserver mailserver to detect oauth hosts
* @return array with values for (imap|smtp|admin)_(username|password|cred_id)
*/
public static function read($acc_id, $type=null, $account_id=null, &$on_login=null)
public static function read($acc_id, $type=null, $account_id=null, &$on_login=null, $mailserver=null)
{
if (is_null($type)) $type = self::ALL;
if (is_null($account_id))
@ -243,7 +244,7 @@ class Credentials
{
unset($results[$prefix.'password']);
$results[$prefix.'refresh_token'] = self::UNAVAILABLE; // no need to make it available
$results[$prefix.'access_token'] = self::getAccessToken($row['cred_username'], $password);
$results[$prefix.'access_token'] = self::getAccessToken($row['cred_username'], $password, $mailserver);
// if no extra imap&smtp username set, set the oauth one
foreach(['acc_imap_', 'acc_smtp_'] as $pre)
{
@ -265,13 +266,14 @@ class Credentials
*
* @param string $username
* @param string $refresh_token
* @param string|null $mailserver mailserver to detect oauth hosts
* @return string|null
*/
static protected function getAccessToken($username, $refresh_token)
static protected function getAccessToken($username, $refresh_token, $mailserver=null)
{
return Api\Cache::getInstance(__CLASS__, 'access-token-'.$username.'-'.md5($refresh_token), static function() use ($username, $refresh_token)
return Api\Cache::getInstance(__CLASS__, 'access-token-'.$username.'-'.md5($refresh_token), static function() use ($username, $refresh_token, $mailserver)
{
if (!($oidc = Api\Auth\OpenIDConnectClient::byDomain($username)))
if (!($oidc = Api\Auth\OpenIDConnectClient::byDomain($username, $mailserver)))
{
return null;
}