mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-10 16:08:34 +01:00
32ebee7229
checking admin credentials can fail for many reasons, not just they are wrong :(
1848 lines
67 KiB
PHP
1848 lines
67 KiB
PHP
<?php
|
|
/**
|
|
* EGroupware EMailAdmin: Wizard to create mail accounts
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @package emailadmin
|
|
* @author Ralf Becker <rb@egroupware.org>
|
|
* @copyright (c) 2013-18 by Ralf Becker <rb@egroupware.org>
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
*/
|
|
|
|
use EGroupware\Api;
|
|
use EGroupware\Api\Framework;
|
|
use EGroupware\Api\Acl;
|
|
use EGroupware\Api\Etemplate;
|
|
use EGroupware\Api\Mail;
|
|
use EGroupware\Api\Auth\OpenIDConnectClient;
|
|
use Jumbojett\OpenIDConnectClientException;
|
|
|
|
/**
|
|
* Wizard to create mail accounts
|
|
*
|
|
* Wizard uses follow heuristic to search for IMAP accounts:
|
|
* 1. query Mozilla ISPDB for domain from email (perfering SSL over STARTTLS over insecure connection)
|
|
* 2. guessing and verifying in DNS server-names based on domain from email:
|
|
* - (imap|smtp).$domain, mail.$domain
|
|
* - MX is *.mail.protection.outlook.com use (outlook|smtp).office365.com
|
|
* - MX for $domain
|
|
* - replace host in MX with (imap|smtp) or mail
|
|
*/
|
|
class admin_mail
|
|
{
|
|
/**
|
|
* Enable logging of IMAP communication to given path, eg. /tmp/autoconfig.log
|
|
*/
|
|
const DEBUG_LOG = null; //'/var/lib/egroupware/imap.log';
|
|
/**
|
|
* Connection timeout in seconds used in autoconfig, can and should be really short!
|
|
*/
|
|
const TIMEOUT = 3;
|
|
/**
|
|
* Prefix for callback names
|
|
*
|
|
* Used as static::APP_CLASS in etemplate::exec(), to allow mail app extending this class.
|
|
*/
|
|
const APP_CLASS = 'admin.admin_mail.';
|
|
|
|
/**
|
|
* 0: No SSL
|
|
*/
|
|
const SSL_NONE = Mail\Account::SSL_NONE;
|
|
/**
|
|
* 1: STARTTLS on regular tcp connection/port
|
|
*/
|
|
const SSL_STARTTLS = Mail\Account::SSL_STARTTLS;
|
|
/**
|
|
* 3: SSL (inferior to TLS!)
|
|
*/
|
|
const SSL_SSL = Mail\Account::SSL_SSL;
|
|
/**
|
|
* 2: require TLS version 1+, no SSL version 2 or 3
|
|
*/
|
|
const SSL_TLS = Mail\Account::SSL_TLS;
|
|
/**
|
|
* 8: if set, verify certifcate (currently not implemented in Horde_Imap_Client!)
|
|
*/
|
|
const SSL_VERIFY = Mail\Account::SSL_VERIFY;
|
|
|
|
/**
|
|
* Log exception including trace to error-log, instead of just displaying the message.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public static $debug = false;
|
|
|
|
/**
|
|
* Methods callable via menuaction
|
|
*
|
|
* @var array
|
|
*/
|
|
public $public_functions = array(
|
|
'add' => true,
|
|
'edit' => true,
|
|
'ajax_activeAccounts' => true
|
|
);
|
|
|
|
/**
|
|
* Supported ssl types including none
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $ssl_types = array(
|
|
self::SSL_TLS => 'TLS', // SSL with minimum TLS (no SSL v.2 or v.3), requires Horde_Imap_Client-2.16.0/Horde_Socket_Client-1.1.0
|
|
self::SSL_SSL => 'SSL',
|
|
self::SSL_STARTTLS => 'STARTTLS',
|
|
'no' => 'no',
|
|
);
|
|
/**
|
|
* Convert ssl-type to Horde secure parameter
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $ssl2secure = array(
|
|
'SSL' => 'ssl',
|
|
'STARTTLS' => 'tls',
|
|
'TLS' => 'tlsv1', // SSL with minimum TLS (no SSL v.2 or v.3), requires Horde_Imap_Client-2.16.0/Horde_Socket_Client-1.1.0
|
|
);
|
|
/**
|
|
* Convert ssl-type to eMailAdmin acc_(imap|sieve|smtp)_ssl integer value
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $ssl2type = array(
|
|
'TLS' => self::SSL_TLS,
|
|
'SSL' => self::SSL_SSL,
|
|
'STARTTLS' => self::SSL_STARTTLS,
|
|
'no' => self::SSL_NONE,
|
|
);
|
|
|
|
/**
|
|
* Available IMAP login types
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $login_types = array(
|
|
'' => 'Username specified below for all',
|
|
'standard' => 'username from account',
|
|
'vmailmgr' => 'username@domainname',
|
|
//'admin' => 'Username/Password defined by admin',
|
|
'uidNumber' => 'UserId@domain eg. u1234@domain',
|
|
'email' => 'EMail-address from account',
|
|
'domain/username' => 'Exchange: domain/username',
|
|
);
|
|
|
|
/**
|
|
* Options for further identities
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $further_identities = array(
|
|
0 => 'Forbid users to create identities',
|
|
1 => 'Allow users to create further identities',
|
|
2 => 'Allow users to create identities for aliases',
|
|
);
|
|
|
|
/**
|
|
* List of domains know to not support Sieve
|
|
*
|
|
* Used to switch Sieve off by default, thought users can always try switching it on.
|
|
* Testing not existing Sieve with google takes a long time, as ports are open,
|
|
* but not answering ...
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $no_sieve_blacklist = array('gmail.com', 'googlemail.com', 'outlook.office365.com');
|
|
|
|
/**
|
|
* Is current use a mail administrator / has run rights for EMailAdmin
|
|
*
|
|
* @var boolean
|
|
*/
|
|
protected $is_admin = false;
|
|
|
|
/**
|
|
* Constructor
|
|
*/
|
|
public function __construct()
|
|
{
|
|
$this->is_admin = isset($GLOBALS['egw_info']['user']['apps']['admin']);
|
|
|
|
// for some reason most translation for account-wizard are in mail
|
|
Api\Translation::add_app('mail');
|
|
|
|
// Horde use locale for translation of error messages
|
|
Api\Preferences::setlocale(LC_MESSAGES);
|
|
}
|
|
|
|
/**
|
|
* Step 1: IMAP account
|
|
*
|
|
* @param array $content
|
|
* @param string $msg
|
|
*/
|
|
public function add(array $content=array(), $msg='', $msg_type='success')
|
|
{
|
|
$tpl = new Etemplate('admin.mailwizard');
|
|
if (empty($content['account_id']))
|
|
{
|
|
$content['account_id'] = $GLOBALS['egw_info']['user']['account_id'];
|
|
}
|
|
// add some defaults if not already set (+= does not overwrite existing values!)
|
|
$content += array(
|
|
'ident_realname' => $GLOBALS['egw']->accounts->id2name($content['account_id'], 'account_fullname'),
|
|
'ident_email' => $GLOBALS['egw']->accounts->id2name($content['account_id'], 'account_email'),
|
|
'acc_imap_port' => 993,
|
|
'manual_class' => 'emailadmin_manual',
|
|
);
|
|
Framework::message($msg ? $msg : (string)$_GET['msg'], $msg_type);
|
|
|
|
if (!empty($content['acc_imap_host']) || !empty($content['acc_imap_username']))
|
|
{
|
|
$readonlys['button[manual]'] = true;
|
|
unset($content['manual_class']);
|
|
}
|
|
$tpl->exec(static::APP_CLASS.'autoconfig', $content, array(
|
|
'acc_imap_ssl' => self::$ssl_types,
|
|
), $readonlys, $content, 2);
|
|
}
|
|
|
|
/**
|
|
* Try to autoconfig an account
|
|
*
|
|
* @param array $content
|
|
*/
|
|
public function autoconfig(array $content)
|
|
{
|
|
// user pressed [Skip IMAP] --> jump to SMTP config
|
|
if (!empty($content['button']) && key($content['button']) === 'skip_imap')
|
|
{
|
|
unset($content['button']);
|
|
if (!isset($content['acc_smtp_host'])) $content['acc_smtp_host'] = ''; // do manual mode right away
|
|
return $this->smtp($content, lang('Skipping IMAP configuration!'));
|
|
}
|
|
$tpl = new Etemplate('admin.mailwizard');
|
|
$sel_options = $readonlys = $hosts = [];
|
|
|
|
$connected = $content['connected'] ?? null;
|
|
if (empty($content['acc_imap_username']))
|
|
{
|
|
$content['acc_imap_username'] = $content['ident_email'];
|
|
}
|
|
// supported oauth provider or mail-server of them for custom domains
|
|
if (($oauth = OpenIDConnectClient::providerByDomain($content['acc_imap_username'], $content['acc_imap_host'])))
|
|
{
|
|
$content['output'] .= lang('Using IMAP:%1, SMTP:%2, OAUTH:%3:', $oauth['imap'], $oauth['smtp'], $oauth['provider'])."\n";
|
|
$hosts[$oauth['imap']] = true;
|
|
$content += self::oauth2content($oauth);
|
|
}
|
|
elseif (!empty($content['acc_imap_host']))
|
|
{
|
|
$hosts = array($content['acc_imap_host'] => true);
|
|
if ($content['acc_imap_port'] > 0 && !in_array($content['acc_imap_port'], array(143,993)))
|
|
{
|
|
$ssl_type = (string)array_search($content['acc_imap_ssl'], self::$ssl2type);
|
|
if ($ssl_type === '') $ssl_type = 'insecure';
|
|
$hosts[$content['acc_imap_host']] = array(
|
|
$ssl_type => $content['acc_imap_port'],
|
|
);
|
|
}
|
|
}
|
|
elseif (($ispdb = self::mozilla_ispdb($content['ident_email'])) && count($ispdb['imap']))
|
|
{
|
|
$content['ispdb'] = $ispdb;
|
|
$content['output'] .= lang('Using data from Mozilla ISPDB for provider %1', $ispdb['displayName'])."\n";
|
|
$hosts = array();
|
|
foreach($ispdb['imap'] as $server)
|
|
{
|
|
if (!isset($hosts[$server['hostname']]))
|
|
{
|
|
$hosts[$server['hostname']] = array('username' => $server['username']);
|
|
}
|
|
if (strtoupper($server['socketType']) == 'SSL') // try TLS first
|
|
{
|
|
$hosts[$server['hostname']]['TLS'] = $server['port'];
|
|
}
|
|
$hosts[$server['hostname']][strtoupper($server['socketType'])] = $server['port'];
|
|
// make sure we prefer SSL over STARTTLS over insecure
|
|
if (count($hosts[$server['hostname']]) > 2)
|
|
{
|
|
$hosts[$server['hostname']] = self::fix_ssl_order($hosts[$server['hostname']]);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$hosts = $this->guess_hosts($content['ident_email'], 'imap');
|
|
}
|
|
|
|
// check if support OAuth for that domain or we have a password
|
|
if (empty($oauth) && empty($content['acc_oauth_provider_url']) && empty($content['acc_imap_password']))
|
|
{
|
|
Etemplate::set_validation_error('acc_imap_password', lang('Field must not be empty!'));
|
|
$connected = false;
|
|
}
|
|
|
|
// iterate over all hosts and try to connect
|
|
foreach(!isset($connected) ? $hosts : [] as $host => $data)
|
|
{
|
|
// check if we support OAuth for the (manual) configured mail-server
|
|
if (empty($content['acc_oauth_provider_url']) && ($oauth = OpenIDConnectClient::providerByDomain($content['acc_imap_username'], $host)))
|
|
{
|
|
$content += self::oauth2content($oauth);
|
|
}
|
|
$content['acc_imap_host'] = $host;
|
|
// by default we check SSL, STARTTLS and at last an insecure connection
|
|
if (!is_array($data)) $data = array('TLS' => 993, 'SSL' => 993, 'STARTTLS' => 143, 'insecure' => 143);
|
|
|
|
foreach($data as $ssl => $port)
|
|
{
|
|
if ($ssl === 'username') continue;
|
|
|
|
$content['acc_imap_ssl'] = (int)self::$ssl2type[$ssl];
|
|
|
|
$e = null;
|
|
try {
|
|
$content['output'] .= "\n".Api\DateTime::to('now', 'H:i:s').": Trying $ssl connection to $host:$port ...\n";
|
|
$content['acc_imap_port'] = $port;
|
|
|
|
$imap = self::imap_client($content, self::TIMEOUT);
|
|
|
|
//$content['output'] .= array2string($imap->capability());
|
|
$imap->login();
|
|
$content['output'] .= "\n".lang('Successful connected to %1 server%2.', 'IMAP', ' '.lang('and logged in'))."\n";
|
|
if (!$imap->isSecureConnection())
|
|
{
|
|
$content['output'] .= lang('Connection is NOT secure! Everyone can read eg. your credentials.')."\n";
|
|
$content['acc_imap_ssl'] = 'no';
|
|
}
|
|
//$content['output'] .= "\n\n".array2string($imap->capability());
|
|
$content['connected'] = $connected = true;
|
|
break 2;
|
|
}
|
|
catch(Horde_Imap_Client_Exception $e)
|
|
{
|
|
switch($e->getCode())
|
|
{
|
|
case Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED:
|
|
$content['output'] .= "\n".$e->getMessage()."\n";
|
|
break 3; // no need to try other SSL or non-SSL connections, if auth failed
|
|
|
|
case Horde_Imap_Client_Exception::SERVER_CONNECT:
|
|
$content['output'] .= "\n".$e->getMessage()."\n";
|
|
if ($ssl == 'STARTTLS') break 2; // no need to try insecure connection on same port
|
|
break;
|
|
|
|
default:
|
|
$content['output'] .= "\n".get_class($e).': '.$e->getMessage().' ('.$e->getCode().')'."\n";
|
|
//$content['output'] .= $e->getTraceAsString()."\n";
|
|
}
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
catch(Exception $e) {
|
|
$content['output'] .= "\n".get_class($e).': '.$e->getMessage().' ('.$e->getCode().')'."\n";
|
|
//$content['output'] .= $e->getTraceAsString()."\n";
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
}
|
|
}
|
|
if ($connected) // continue with next wizard step: define folders
|
|
{
|
|
unset($content['button']);
|
|
return $this->folder($content, lang('Successful connected to %1 server%2.', 'IMAP', ' '.lang('and logged in')).
|
|
($imap->isSecureConnection() ? '' : "\n".lang('Connection is NOT secure! Everyone can read eg. your credentials.')));
|
|
}
|
|
// add validation error, if we can identify a field
|
|
if (!$connected && $e instanceof Horde_Imap_Client_Exception)
|
|
{
|
|
switch($e->getCode())
|
|
{
|
|
case Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED:
|
|
Etemplate::set_validation_error('acc_imap_username', lang($e->getMessage()));
|
|
Etemplate::set_validation_error('acc_imap_password', lang($e->getMessage()));
|
|
break;
|
|
|
|
case Horde_Imap_Client_Exception::SERVER_CONNECT:
|
|
Etemplate::set_validation_error('acc_imap_host', lang($e->getMessage()));
|
|
break;
|
|
}
|
|
}
|
|
$readonlys['button[manual]'] = true;
|
|
unset($content['manual_class']);
|
|
$sel_options['acc_imap_ssl'] = self::$ssl_types;
|
|
$tpl->exec(static::APP_CLASS.'autoconfig', $content, $sel_options, $readonlys,
|
|
array_diff_key($content, ['output'=>true]), 2);
|
|
}
|
|
|
|
/**
|
|
* Convert OAuth provider data to our content-names
|
|
*
|
|
* @param array $oauth
|
|
* @return array
|
|
*/
|
|
protected static function oauth2content(array $oauth)
|
|
{
|
|
return [
|
|
'acc_smpt_host' => $oauth['smtp'],
|
|
'acc_sieve_enabled' => false,
|
|
'acc_oauth_provider_url' => $oauth['provider'],
|
|
'acc_oauth_client_id' => $oauth['client'],
|
|
'acc_oauth_client_secret' => $oauth['secret'],
|
|
'acc_oauth_scopes' => $oauth['scopes'],
|
|
OpenIDConnectClient::ADD_CLIENT_TO_WELL_KNOWN => $oauth[OpenIDConnectClient::ADD_CLIENT_TO_WELL_KNOWN] ?? null,
|
|
OpenIDConnectClient::ADD_AUTH_PARAM => $oauth[OpenIDConnectClient::ADD_AUTH_PARAM] ?? null,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Step 2: Folder - let user select trash, sent, drafs and template folder
|
|
*
|
|
* @param array $content
|
|
* @param string $msg =''
|
|
* @param Horde_Imap_Client_Socket $imap =null
|
|
*/
|
|
public function folder(array $content, $msg='', Horde_Imap_Client_Socket $imap=null)
|
|
{
|
|
if (!empty($content['button']))
|
|
{
|
|
$button = key($content['button']);
|
|
unset($content['button']);
|
|
switch($button)
|
|
{
|
|
case 'back':
|
|
return $this->add($content);
|
|
|
|
case 'continue':
|
|
return $this->sieve($content);
|
|
}
|
|
}
|
|
$content['msg'] = $msg;
|
|
if (!isset($imap)) $imap = self::imap_client ($content);
|
|
|
|
try {
|
|
//_debug_array($content);
|
|
$sel_options['acc_folder_sent'] = $sel_options['acc_folder_trash'] =
|
|
$sel_options['acc_folder_draft'] = $sel_options['acc_folder_template'] =
|
|
$sel_options['acc_folder_junk'] = $sel_options['acc_folder_archive'] =
|
|
$sel_options['acc_folder_ham'] = self::mailboxes($imap, $content);
|
|
}
|
|
catch(Exception $e) {
|
|
$content['msg'] = $e->getMessage();
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
|
|
$tpl = new Etemplate('admin.mailwizard.folder');
|
|
$tpl->exec(static::APP_CLASS.'folder', $content, $sel_options, array(), $content, 2);
|
|
}
|
|
|
|
/**
|
|
* Query mailboxes and (optional) detect special folders
|
|
*
|
|
* @param Horde_Imap_Client_Socket $imap
|
|
* @param array &$content=null on return values for acc_folder_(sent|trash|draft|template)
|
|
* @return array with folders as key AND value
|
|
* @throws Horde_Imap_Client_Exception
|
|
*/
|
|
public static function mailboxes(Horde_Imap_Client_Socket $imap, array &$content=null)
|
|
{
|
|
// query all subscribed mailboxes
|
|
$mailboxes = $imap->listMailboxes('*', Horde_Imap_Client::MBOX_SUBSCRIBED, array(
|
|
'special_use' => true,
|
|
'attributes' => true, // otherwise special_use is only queried, but not returned ;-)
|
|
'delimiter' => true,
|
|
));
|
|
//_debug_array($mailboxes);
|
|
// list mailboxes by special-use attributes
|
|
$folders = $attributes = $all = array();
|
|
foreach($mailboxes as $mailbox => $data)
|
|
{
|
|
foreach($data['attributes'] as $attribute)
|
|
{
|
|
$attributes[$attribute][] = $mailbox;
|
|
}
|
|
$folders[$mailbox] = $mailbox.': '.implode(', ', $data['attributes']);
|
|
}
|
|
// pre-select send, trash, ... folder for user, by checking special-use attributes or common name(s)
|
|
foreach(array(
|
|
'acc_folder_sent' => array('\\sent', 'sent'),
|
|
'acc_folder_trash' => array('\\trash', 'trash'),
|
|
'acc_folder_draft' => array('\\drafts', 'drafts'),
|
|
'acc_folder_template' => array('', 'templates'),
|
|
'acc_folder_junk' => array('\\junk', 'junk', 'spam'),
|
|
'acc_folder_ham' => array('', 'ham'),
|
|
'acc_folder_archive' => array('', 'archive'),
|
|
) as $name => $common_names)
|
|
{
|
|
unset($content[$name]);
|
|
// first check special-use attributes
|
|
if (($special_use = array_shift($common_names)))
|
|
{
|
|
foreach((array)$attributes[$special_use] as $mailbox)
|
|
{
|
|
if (empty($content[$name]) || is_string($mailbox) && strlen($mailbox) < strlen($content[$name]))
|
|
{
|
|
$content[$name] = $mailbox;
|
|
}
|
|
}
|
|
}
|
|
// no special use folder found, try common names
|
|
if (empty($content[$name]))
|
|
{
|
|
foreach($mailboxes as $mailbox => $data)
|
|
{
|
|
$delimiter = !empty($data['delimiter']) ? $data['delimiter'] : '.';
|
|
$name_parts = explode($delimiter, strtolower($mailbox));
|
|
if (array_intersect($name_parts, $common_names) &&
|
|
(empty($content[$name]) || is_string($mailbox) && strlen($mailbox) < strlen($content[$name]) && substr($content[$name], 0, 6) != 'INBOX'.$delimiter))
|
|
{
|
|
//error_log(__METHOD__."() $mailbox --> ".substr($name, 11).' folder');
|
|
$content[$name] = $mailbox;
|
|
}
|
|
//else error_log(__METHOD__."() $mailbox does NOT match array_intersect(".array2string($name_parts).', '.array2string($common_names).')='.array2string(array_intersect($name_parts, $common_names)));
|
|
}
|
|
}
|
|
$folders[(string)$content[$name]] .= ' --> '.substr($name, 11).' folder';
|
|
}
|
|
// uncomment for infos about selection process
|
|
//$content['folder_output'] = implode("\n", $folders);
|
|
|
|
return array_combine(array_keys($mailboxes), array_keys($mailboxes));
|
|
}
|
|
|
|
/**
|
|
* Step 3: Sieve
|
|
*
|
|
* @param array $content
|
|
* @param string $msg =''
|
|
*/
|
|
public function sieve(array $content, $msg='')
|
|
{
|
|
static $sieve_ssl2port = array(
|
|
self::SSL_TLS => 5190,
|
|
self::SSL_SSL => 5190,
|
|
self::SSL_STARTTLS => array(4190, 2000),
|
|
self::SSL_NONE => array(4190, 2000),
|
|
);
|
|
$content['msg'] = $msg;
|
|
|
|
if (!empty($content['button']))
|
|
{
|
|
$button = key($content['button']);
|
|
unset($content['button']);
|
|
switch($button)
|
|
{
|
|
case 'back':
|
|
return $this->folder($content);
|
|
|
|
case 'continue':
|
|
if (!$content['acc_sieve_enabled'])
|
|
{
|
|
return $this->smtp($content);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
// first try: hide manual config
|
|
if (!isset($content['acc_sieve_enabled']))
|
|
{
|
|
list(, $domain) = explode('@', $content['acc_imap_username']);
|
|
$content['acc_sieve_enabled'] = (int)!in_array($domain, self::$no_sieve_blacklist);
|
|
$content['manual_class'] = 'emailadmin_manual';
|
|
}
|
|
else
|
|
{
|
|
unset($content['manual_class']);
|
|
$readonlys['button[manual]'] = true;
|
|
}
|
|
// set default ssl and port
|
|
if (!isset($content['acc_sieve_ssl'])) $content['acc_sieve_ssl'] = key(self::$ssl_types);
|
|
if (empty($content['acc_sieve_port'])) $content['acc_sieve_port'] = $sieve_ssl2port[$content['acc_sieve_ssl']];
|
|
|
|
// check smtp connection
|
|
if ($button == 'continue')
|
|
{
|
|
$content['sieve_connected'] = false;
|
|
$content['sieve_output'] = '';
|
|
unset($content['manual_class']);
|
|
|
|
if (empty($content['acc_sieve_host']))
|
|
{
|
|
$content['acc_sieve_host'] = $content['acc_imap_host'];
|
|
}
|
|
// if use set non-standard port, use it
|
|
if (!in_array($content['acc_sieve_port'], (array)$sieve_ssl2port[$content['acc_sieve_ssl']]))
|
|
{
|
|
$data = array($content['acc_sieve_ssl'] => $content['acc_sieve_port']);
|
|
}
|
|
else // otherwise try all standard ports
|
|
{
|
|
$data = $sieve_ssl2port;
|
|
}
|
|
foreach($data as $ssl => $ports)
|
|
{
|
|
foreach((array)$ports as $port)
|
|
{
|
|
$content['acc_sieve_ssl'] = $ssl;
|
|
$ssl_label = self::$ssl_types[$ssl];
|
|
|
|
$e = null;
|
|
try {
|
|
$content['sieve_output'] .= "\n".Api\DateTime::to('now', 'H:i:s').": Trying $ssl_label connection to $content[acc_sieve_host]:$port ...\n";
|
|
$content['acc_sieve_port'] = $port;
|
|
$sieve = new Horde\ManageSieve(array(
|
|
'host' => $content['acc_sieve_host'],
|
|
'port' => $content['acc_sieve_port'],
|
|
'secure' => self::$ssl2secure[(string)array_search($content['acc_sieve_ssl'], self::$ssl2type)],
|
|
'timeout' => self::TIMEOUT,
|
|
'logger' => self::DEBUG_LOG ? new admin_mail_logger(self::DEBUG_LOG) : null,
|
|
));
|
|
// connect to sieve server
|
|
$sieve->connect();
|
|
$content['sieve_output'] .= "\n".lang('Successful connected to %1 server%2.', 'Sieve','');
|
|
// and log in
|
|
$sieve->login($content['acc_imap_username'], $content['acc_imap_password']);
|
|
$content['sieve_output'] .= ' '.lang('and logged in')."\n";
|
|
$content['sieve_connected'] = true;
|
|
|
|
unset($content['button']);
|
|
return $this->smtp($content, lang('Successful connected to %1 server%2.', 'Sieve',
|
|
' '.lang('and logged in')));
|
|
}
|
|
catch(Horde\ManageSieve\Exception\ConnectionFailed $e) {
|
|
$content['sieve_output'] .= "\n".$e->getMessage().' '.$e->details."\n";
|
|
}
|
|
catch(Exception $e) {
|
|
$content['sieve_output'] .= "\n".get_class($e).': '.$e->getMessage().
|
|
($e->details ? ' '.$e->details : '').' ('.$e->getCode().')'."\n";
|
|
$content['sieve_output'] .= $e->getTraceAsString()."\n";
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
}
|
|
}
|
|
// not connected, and default ssl/port --> reset again to secure settings
|
|
if ($data == $sieve_ssl2port)
|
|
{
|
|
$content['acc_sieve_ssl'] = key(self::$ssl_types);
|
|
$content['acc_sieve_port'] = $sieve_ssl2port[$content['acc_sieve_ssl']];
|
|
}
|
|
}
|
|
// add validation error, if we can identify a field
|
|
if (!$content['sieve_connected'] && $e instanceof Exception)
|
|
{
|
|
switch($e->getCode())
|
|
{
|
|
case 61: // connection refused
|
|
case 60: // connection timed out (imap.googlemail.com returns that for none-ssl/4190/2000)
|
|
case 65: // no route ot host (imap.googlemail.com returns that for ssl/5190)
|
|
Etemplate::set_validation_error('acc_sieve_host', lang($e->getMessage()));
|
|
Etemplate::set_validation_error('acc_sieve_port', lang($e->getMessage()));
|
|
break;
|
|
}
|
|
$content['msg'] = lang('No sieve support detected, either fix configuration manually or leave it switched off.');
|
|
$content['acc_sieve_enabled'] = 0;
|
|
}
|
|
$sel_options['acc_sieve_ssl'] = self::$ssl_types;
|
|
$tpl = new Etemplate('admin.mailwizard.sieve');
|
|
$tpl->exec(static::APP_CLASS.'sieve', $content, $sel_options, $readonlys, $content, 2);
|
|
}
|
|
|
|
/**
|
|
* Step 4: SMTP
|
|
*
|
|
* @param array $content
|
|
* @param string $msg =''
|
|
*/
|
|
public function smtp(array $content, $msg='')
|
|
{
|
|
static $smtp_ssl2port = array(
|
|
self::SSL_NONE => 25,
|
|
self::SSL_SSL => 465,
|
|
self::SSL_TLS => 465,
|
|
self::SSL_STARTTLS => 587,
|
|
);
|
|
$content['msg'] = $msg;
|
|
|
|
if (!empty($content['button']))
|
|
{
|
|
$button = key($content['button']);
|
|
unset($content['button']);
|
|
switch($button)
|
|
{
|
|
case 'back':
|
|
return $this->sieve($content);
|
|
}
|
|
}
|
|
// first try: hide manual config
|
|
if (!isset($content['acc_smtp_host']))
|
|
{
|
|
$content['manual_class'] = 'emailadmin_manual';
|
|
}
|
|
else
|
|
{
|
|
unset($content['manual_class']);
|
|
$readonlys['button[manual]'] = true;
|
|
}
|
|
// copy username/password from imap
|
|
if (!isset($content['acc_smtp_username'])) $content['acc_smtp_username'] = $content['acc_imap_username'];
|
|
if (!isset($content['acc_smtp_password'])) $content['acc_smtp_password'] = $content['acc_imap_password'];
|
|
// set default ssl
|
|
if (!isset($content['acc_smtp_ssl'])) $content['acc_smtp_ssl'] = key(self::$ssl_types);
|
|
if (empty($content['acc_smtp_port'])) $content['acc_smtp_port'] = $smtp_ssl2port[$content['acc_smtp_ssl']];
|
|
|
|
// check smtp connection
|
|
if ($button == 'continue')
|
|
{
|
|
$content['smtp_connected'] = false;
|
|
$content['smtp_output'] = '';
|
|
unset($content['manual_class']);
|
|
|
|
if (!empty($content['acc_smtp_host']))
|
|
{
|
|
$hosts = array($content['acc_smtp_host'] => true);
|
|
if ((string)$content['acc_smtp_ssl'] !== (string)self::SSL_TLS || $content['acc_smtp_port'] != $smtp_ssl2port[$content['acc_smtp_ssl']])
|
|
{
|
|
$ssl_type = (string)array_search($content['acc_smtp_ssl'], self::$ssl2type);
|
|
$hosts[$content['acc_smtp_host']] = array(
|
|
$ssl_type => $content['acc_smtp_port'],
|
|
);
|
|
}
|
|
}
|
|
elseif($content['ispdb'] && !empty($content['ispdb']['smtp']))
|
|
{
|
|
$content['smtp_output'] .= lang('Using data from Mozilla ISPDB for provider %1', $content['ispdb']['displayName'])."\n";
|
|
$hosts = array();
|
|
foreach($content['ispdb']['smtp'] as $server)
|
|
{
|
|
if (!isset($hosts[$server['hostname']]))
|
|
{
|
|
$hosts[$server['hostname']] = array('username' => $server['username']);
|
|
}
|
|
if (strtoupper($server['socketType']) == 'SSL') // try TLS first
|
|
{
|
|
$hosts[$server['hostname']]['TLS'] = $server['port'];
|
|
}
|
|
$hosts[$server['hostname']][strtoupper($server['socketType'])] = $server['port'];
|
|
// make sure we prefer SSL over STARTTLS over insecure
|
|
if (count($hosts[$server['hostname']]) > 2)
|
|
{
|
|
$hosts[$server['hostname']] = self::fix_ssl_order($hosts[$server['hostname']]);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$hosts = $this->guess_hosts($content['ident_email'], 'smtp');
|
|
}
|
|
foreach($hosts as $host => $data)
|
|
{
|
|
$content['acc_smtp_host'] = $host;
|
|
if (!is_array($data))
|
|
{
|
|
$data = array('TLS' => 465, 'SSL' => 465, 'STARTTLS' => 587, '' => 25);
|
|
}
|
|
foreach($data as $ssl => $port)
|
|
{
|
|
if ($ssl === 'username') continue;
|
|
|
|
$content['acc_smtp_ssl'] = (int)self::$ssl2type[$ssl];
|
|
|
|
$e = null;
|
|
try {
|
|
$content['smtp_output'] .= "\n".Api\DateTime::to('now', 'H:i:s').": Trying $ssl connection to $host:$port ...\n";
|
|
$content['acc_smtp_port'] = $port;
|
|
|
|
$params = [
|
|
'username' => $content['acc_smtp_username'],
|
|
'password' => $content['acc_smtp_password'],
|
|
'host' => $content['acc_smtp_host'],
|
|
'port' => $content['acc_smtp_port'],
|
|
'secure' => self::$ssl2secure[(string)array_search($content['acc_smtp_ssl'], self::$ssl2type)],
|
|
'timeout' => self::TIMEOUT,
|
|
'debug' => self::DEBUG_LOG,
|
|
];
|
|
if (!empty($content['acc_oauth_provider_url']))
|
|
{
|
|
$params['xoauth2_token'] = self::oauthToken($content, true);
|
|
}
|
|
$mail = new Horde_Mail_Transport_Smtphorde($params);
|
|
// create smtp connection and authenticate, if credentials given
|
|
$smtp = $mail->getSMTPObject();
|
|
$content['smtp_output'] .= "\n".lang('Successful connected to %1 server%2.', 'SMTP',
|
|
(!empty($content['acc_smtp_username']) ? ' '.lang('and logged in') : ''))."\n";
|
|
if (!$smtp->isSecureConnection())
|
|
{
|
|
if (!empty($content['acc_smtp_username']))
|
|
{
|
|
$content['smtp_output'] .= lang('Connection is NOT secure! Everyone can read eg. your credentials.')."\n";
|
|
}
|
|
$content['acc_smtp_ssl'] = 'no';
|
|
}
|
|
// Horde_Smtp always try to use STARTTLS, adjust our ssl-parameter if successful
|
|
elseif (!($content['acc_smtp_ssl'] > self::SSL_NONE))
|
|
{
|
|
//error_log(__METHOD__."() new Horde_Mail_Transport_Smtphorde(".array2string($params).")->getSMTPObject()->isSecureConnection()=".array2string($smtp->isSecureConnection()));
|
|
$content['acc_smtp_ssl'] = self::SSL_STARTTLS;
|
|
}
|
|
// try sending a mail to a different domain, if not authenticated, to see if that's required
|
|
if (empty($content['acc_smtp_username']))
|
|
{
|
|
$smtp->send($content['ident_email'], 'noreply@example.com', '');
|
|
$content['smtp_output'] .= "\n".lang('Relay access checked')."\n";
|
|
}
|
|
$content['smtp_connected'] = true;
|
|
unset($content['button']);
|
|
return $this->edit($content, lang('Successful connected to %1 server%2.', 'SMTP',
|
|
empty($content['acc_smtp_username']) ? ' - '.lang('Relay access checked') : ' '.lang('and logged in')));
|
|
}
|
|
// unfortunately LOGIN_AUTHENTICATIONFAILED and SERVER_CONNECT are thrown as Horde_Mail_Exception
|
|
// while others are thrown as Horde_Smtp_Exception --> using common base Horde_Exception_Wrapped
|
|
catch(Horde_Exception_Wrapped $e)
|
|
{
|
|
switch($e->getCode())
|
|
{
|
|
case Horde_Smtp_Exception::LOGIN_AUTHENTICATIONFAILED:
|
|
case Horde_Smtp_Exception::LOGIN_REQUIREAUTHENTICATION:
|
|
case Horde_Smtp_Exception::UNSPECIFIED:
|
|
$content['smtp_output'] .= "\n".$e->getMessage()."\n";
|
|
break;
|
|
case Horde_Smtp_Exception::SERVER_CONNECT:
|
|
$content['smtp_output'] .= "\n".$e->getMessage()."\n";
|
|
break;
|
|
default:
|
|
$content['smtp_output'] .= "\n".$e->getMessage().' ('.$e->getCode().')'."\n";
|
|
break;
|
|
}
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
catch(Horde_Smtp_Exception $e)
|
|
{
|
|
// prever $e->details over $e->getMessage() as it contains original message from SMTP server (eg. relay access denied)
|
|
$content['smtp_output'] .= "\n".(empty($e->details) ? $e->getMessage().' ('.$e->getCode().')' : $e->details)."\n";
|
|
//$content['smtp_output'] .= $e->getTraceAsString()."\n";
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
catch(Exception $e) {
|
|
$content['smtp_output'] .= "\n".get_class($e).': '.$e->getMessage().' ('.$e->getCode().')'."\n";
|
|
//$content['smtp_output'] .= $e->getTraceAsString()."\n";
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// add validation error, if we can identify a field
|
|
if (!$content['smtp_connected'] && $e instanceof Horde_Exception_Wrapped)
|
|
{
|
|
switch($e->getCode())
|
|
{
|
|
case Horde_Smtp_Exception::LOGIN_AUTHENTICATIONFAILED:
|
|
case Horde_Smtp_Exception::LOGIN_REQUIREAUTHENTICATION:
|
|
case Horde_Smtp_Exception::UNSPECIFIED:
|
|
Etemplate::set_validation_error('acc_smtp_username', lang($e->getMessage()));
|
|
Etemplate::set_validation_error('acc_smtp_password', lang($e->getMessage()));
|
|
break;
|
|
|
|
case Horde_Smtp_Exception::SERVER_CONNECT:
|
|
Etemplate::set_validation_error('acc_smtp_host', lang($e->getMessage()));
|
|
Etemplate::set_validation_error('acc_smtp_port', lang($e->getMessage()));
|
|
break;
|
|
}
|
|
}
|
|
$sel_options['acc_smtp_ssl'] = self::$ssl_types;
|
|
$tpl = new Etemplate('admin.mailwizard.smtp');
|
|
$tpl->exec(static::APP_CLASS.'smtp', $content, $sel_options, $readonlys, $content, 2);
|
|
}
|
|
|
|
/**
|
|
* Edit mail account(s)
|
|
*
|
|
* Gets either called with GET parameter:
|
|
*
|
|
* a) account_id from admin >> Manage users to edit / add mail accounts for a user
|
|
* --> shows selectbox to switch between different mail accounts of user and "create new account"
|
|
*
|
|
* b) via mail_wizard proxy class by regular mail user to edit (acc_id GET parameter) or create new mail account
|
|
*
|
|
* @param array $content =null
|
|
* @param string $msg =''
|
|
* @param string $msg_type ='success'
|
|
*/
|
|
public function edit(array $content=null, $msg='', $msg_type='success')
|
|
{
|
|
// app is trying to tell something, while redirecting to wizard
|
|
if (empty($content) && $_GET['acc_id'] && empty($msg) && !empty( $_GET['msg']))
|
|
{
|
|
if (stripos($_GET['msg'],'fatal error:')!==false || $_GET['msg_type'] == 'error') $msg_type = 'error';
|
|
}
|
|
if ($content['acc_id'] || (isset($_GET['acc_id']) && (int)$_GET['acc_id'] > 0) ) Mail::unsetCachedObjects($content['acc_id']?$content['acc_id']:$_GET['acc_id']);
|
|
$tpl = new Etemplate('admin.mailaccount');
|
|
|
|
if (!is_array($content) || !empty($content['acc_id']) && isset($content['old_acc_id']) && $content['acc_id'] != $content['old_acc_id'])
|
|
{
|
|
if (!is_array($content)) $content = array();
|
|
if ($this->is_admin && isset($_GET['account_id']))
|
|
{
|
|
$content['called_for'] = (int)$_GET['account_id'];
|
|
$content['accounts'] = iterator_to_array(Mail\Account::search($content['called_for']));
|
|
if (!empty($content['accounts']))
|
|
{
|
|
$content['acc_id'] = key($content['accounts']);
|
|
//error_log(__METHOD__.__LINE__.'.'.array2string($content['acc_id']));
|
|
// test if the "to be selected" account is imap or not
|
|
if (is_array($content['accounts']) && count($content['accounts'])>1 && Mail\Account::is_multiple($content['acc_id']))
|
|
{
|
|
try {
|
|
$account = Mail\Account::read($content['acc_id'], $content['called_for']);
|
|
//try to select the first account that is of type imap
|
|
if (!$account->is_imap())
|
|
{
|
|
$content['acc_id'] = key($content['accounts']);
|
|
//error_log(__METHOD__.__LINE__.'.'.array2string($content['acc_id']));
|
|
}
|
|
}
|
|
catch(Api\Exception\NotFound $e) {
|
|
if (self::$debug) _egw_log_exception($e);
|
|
}
|
|
}
|
|
}
|
|
if (!$content['accounts']) // no email account, call wizard
|
|
{
|
|
return $this->add(array('account_id' => (int)$_GET['account_id']));
|
|
}
|
|
$content['accounts']['new'] = lang('Create new account');
|
|
}
|
|
if (isset($_GET['acc_id']) && (int)$_GET['acc_id'] > 0)
|
|
{
|
|
$content['acc_id'] = (int)$_GET['acc_id'];
|
|
}
|
|
// clear current account-data, as account has changed and we going to read selected one
|
|
$content = array_intersect_key($content, array_flip(array('called_for', 'accounts', 'acc_id', 'tabs')));
|
|
|
|
if ($content['acc_id'] === 'new')
|
|
{
|
|
$content['account_id'] = $content['called_for'];
|
|
$content['old_acc_id'] = $content['acc_id']; // to not call add/wizard, if we return from to
|
|
unset($content['tabs']);
|
|
return $this->add($content);
|
|
}
|
|
elseif ($content['acc_id'] > 0)
|
|
{
|
|
try {
|
|
$account = Mail\Account::read($content['acc_id'], $this->is_admin && !empty($content['called_for']) ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id']);
|
|
$account->getUserData(); // quota, aliases, forwards etc.
|
|
$content += $account->params;
|
|
foreach(['acc_imap_password', 'acc_smtp_password'] as $n)
|
|
{
|
|
if (isset($content['acc_oauth_username']) && $content[$n] === Mail\Credentials::UNAVAILABLE)
|
|
{
|
|
unset($content[$n]);
|
|
}
|
|
}
|
|
$content['acc_sieve_enabled'] = (string)($content['acc_sieve_enabled']);
|
|
$content['notify_use_default'] = !$content['notify_account_id'];
|
|
self::fix_account_id_0($content['account_id']);
|
|
|
|
// read identities (of current user) and mark std identity
|
|
$content['identities'] = iterator_to_array(Mail\Account::identities($account, true, 'name', $content['called_for']));
|
|
$content['std_ident_id'] = $content['ident_id'];
|
|
$content['identities'][$content['std_ident_id']] = lang('Standard identity');
|
|
// change self::SSL_NONE (=0) to "no" used in sel_options
|
|
foreach(array('imap','smtp','sieve') as $type)
|
|
{
|
|
if (!$content['acc_'.$type.'_ssl']) $content['acc_'.$type.'_ssl'] = 'no';
|
|
}
|
|
}
|
|
catch(Api\Exception\NotFound $e) {
|
|
if (self::$debug) _egw_log_exception($e);
|
|
Framework::window_close(lang('Account not found!'));
|
|
}
|
|
catch(Exception $e) {
|
|
if (self::$debug) _egw_log_exception($e);
|
|
Framework::window_close($e->getMessage().' ('.get_class($e).': '.$e->getCode().')');
|
|
}
|
|
}
|
|
}
|
|
// some defaults for new accounts
|
|
if (!isset($content['account_id']) || empty($content['acc_id']) || $content['acc_id'] === 'new')
|
|
{
|
|
if (!isset($content['account_id'])) $content['account_id'] = array($GLOBALS['egw_info']['user']['account_id']);
|
|
$content['acc_user_editable'] = $content['acc_further_identities'] = true;
|
|
$readonlys['ident_id'] = true; // need to create standard identity first
|
|
}
|
|
if (empty($content['acc_name']))
|
|
{
|
|
$content['acc_name'] = $content['ident_email'];
|
|
}
|
|
// disable some stuff for non-emailadmins (all values are preserved!)
|
|
if (!$this->is_admin)
|
|
{
|
|
$readonlys = array(
|
|
'account_id' => true, 'button[multiple]' => true, 'acc_user_editable' => true,
|
|
'acc_further_identities' => true,
|
|
'acc_imap_type' => true, 'acc_imap_logintype' => true, 'acc_domain' => true,
|
|
'acc_imap_admin_username' => true, 'acc_imap_admin_password' => true, 'acc_imap_admin_use_without_pw' => true,
|
|
'acc_smtp_type' => true, 'acc_smtp_auth_session' => true,
|
|
);
|
|
}
|
|
// ensure correct values for single user mail accounts (we only hide them client-side)
|
|
if (!($is_multiple = Mail\Account::is_multiple($content)))
|
|
{
|
|
$content['acc_imap_type'] = 'EGroupware\\Api\\Mail\\Imap';
|
|
unset($content['acc_imap_login_type']);
|
|
$content['acc_smtp_type'] = 'EGroupware\\Api\\Mail\\Smtp';
|
|
unset($content['acc_smtp_auth_session']);
|
|
unset($content['notify_use_default']);
|
|
}
|
|
// copy ident_email_alias selectbox back to regular name
|
|
elseif (isset($content['ident_email_alias']) && !empty ($content['ident_email_alias']))
|
|
{
|
|
$content['ident_email'] = $content['ident_email_alias'];
|
|
}
|
|
$edit_access = Mail\Account::check_access(Acl::EDIT, $content);
|
|
|
|
// disable notification save-default and use-default, if only one account or no edit-rights
|
|
$tpl->disableElement('notify_save_default', !$is_multiple || !$edit_access);
|
|
$tpl->disableElement('notify_use_default', !$is_multiple);
|
|
|
|
if (!empty($content['button']))
|
|
{
|
|
$button = key($content['button']);
|
|
unset($content['button']);
|
|
switch($button)
|
|
{
|
|
case 'wizard':
|
|
// if we just came from wizard, go back to last page/step
|
|
if (isset($content['smtp_connected']))
|
|
{
|
|
return $this->smtp($content);
|
|
}
|
|
// otherwise start with first step
|
|
return $this->autoconfig($content);
|
|
|
|
case 'delete_identity':
|
|
// delete none-standard identity of current user
|
|
if (($this->is_admin || $content['acc_further_identities']) &&
|
|
$content['ident_id'] > 0 && $content['std_ident_id'] != $content['ident_id'])
|
|
{
|
|
Mail\Account::delete_identity($content['ident_id']);
|
|
$msg = lang('Identity deleted');
|
|
unset($content['identities'][$content['ident_id']]);
|
|
$content['ident_id'] = $content['std_ident_id'];
|
|
}
|
|
break;
|
|
|
|
case 'save':
|
|
case 'apply':
|
|
try {
|
|
// save none-standard identity for current user
|
|
if ($content['acc_id'] && $content['acc_id'] !== 'new' &&
|
|
($this->is_admin || $content['acc_further_identities']) &&
|
|
$content['std_ident_id'] != $content['ident_id'])
|
|
{
|
|
$content['ident_id'] = Mail\Account::save_identity(array(
|
|
'account_id' => $content['called_for'] ? $content['called_for'] : $GLOBALS['egw_info']['user']['account_id'],
|
|
)+$content);
|
|
$content['identities'][$content['ident_id']] = Mail\Account::identity_name($content);
|
|
$msg = lang('Identity saved.');
|
|
if ($edit_access) $msg .= ' '.lang('Switch back to standard identity to save account.');
|
|
}
|
|
elseif ($edit_access)
|
|
{
|
|
// if admin username/password given, check if it is valid
|
|
$account = new Mail\Account($content);
|
|
if ($account->acc_imap_administration)
|
|
{
|
|
try {
|
|
$imap = $account->imapServer(true);
|
|
if ($imap) $imap->checkAdminConnection();
|
|
}
|
|
catch(\Horde_Imap_Client_Exception $e) {
|
|
Api\Json\Response::get()->message(lang('Checking admin credentials failed').': '.$e->getMessage(), 'info');
|
|
}
|
|
}
|
|
// test sieve connection, if not called for other user, enabled and credentials available
|
|
if (!$content['called_for'] && $account->acc_sieve_enabled && $account->acc_imap_username)
|
|
{
|
|
$account->imapServer()->retrieveRules();
|
|
}
|
|
$new_account = !((int)$content['acc_id'] > 0);
|
|
// check for deliveryMode="forwardOnly", if a forwarding-address is given
|
|
if ($content['acc_smtp_type'] != 'EGroupware\\Api\\Mail\\Smtp' &&
|
|
$content['deliveryMode'] == Mail\Smtp::FORWARD_ONLY &&
|
|
empty($content['mailForwardingAddress']))
|
|
{
|
|
Etemplate::set_validation_error('mailForwardingAddress', lang('Field must not be empty !!!'));
|
|
throw new Api\Exception\WrongUserinput(lang('You need to specify a forwarding address, when checking "%1"!', lang('Forward only')));
|
|
}
|
|
// set notifications to store according to checkboxes
|
|
if ($content['notify_save_default'])
|
|
{
|
|
$content['notify_account_id'] = 0;
|
|
}
|
|
elseif (!$content['notify_use_default'])
|
|
{
|
|
$content['notify_account_id'] = $content['called_for'] ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id'];
|
|
}
|
|
// SMIME SAVE
|
|
if (isset($content['smimeKeyUpload']))
|
|
{
|
|
$content['acc_smime_cred_id'] = self::save_smime_key($content, $tpl, $content['called_for']);
|
|
unset($content['smimeKeyUpload']);
|
|
}
|
|
self::fix_account_id_0($content['account_id'], true);
|
|
$content = Mail\Account::write($content, !empty($content['called_for']) && $this->is_admin ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id']);
|
|
self::fix_account_id_0($content['account_id']);
|
|
$msg = lang('Account saved.');
|
|
// user wants default notifications
|
|
if ($content['acc_id'] && $content['notify_use_default'])
|
|
{
|
|
// delete own ones
|
|
Mail\Notifications::delete($content['acc_id'], $content['called_for'] ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id']);
|
|
// load default ones
|
|
$content = array_merge($content, Mail\Notifications::read($content['acc_id'], 0));
|
|
}
|
|
// add new std identity entry
|
|
if ($new_account)
|
|
{
|
|
$content['std_ident_id'] = $content['ident_id'];
|
|
$content['identities'] = array(
|
|
$content['std_ident_id'] => lang('Standard identity'));
|
|
}
|
|
if (isset($content['accounts']))
|
|
{
|
|
if (!isset($content['accounts'][$content['acc_id']])) // insert new account as top, not bottom
|
|
{
|
|
$content['accounts'] = array($content['acc_id'] => '') + $content['accounts'];
|
|
}
|
|
$content['accounts'][$content['acc_id']] = Mail\Account::identity_name($content, false);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if ($content['notify_use_default'] && $content['notify_account_id'])
|
|
{
|
|
// delete own ones
|
|
if (Mail\Notifications::delete($content['acc_id'], $content['called_for'] ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id']))
|
|
{
|
|
$msg = lang('Notification folders updated.');
|
|
}
|
|
// load default ones
|
|
$content = array_merge($content, Mail\Notifications::read($content['acc_id'], 0));
|
|
}
|
|
if (!$content['notify_use_default'] && is_array($content['notify_folders']))
|
|
{
|
|
$content['notify_account_id'] = $content['called_for'] ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id'];
|
|
if (Mail\Notifications::write($content['acc_id'], $content['notify_account_id'],
|
|
$content['notify_folders']))
|
|
{
|
|
$msg = lang('Notification folders updated.');
|
|
}
|
|
}
|
|
if ($content['acc_user_forward'] && !empty($content['acc_smtp_type']) && $content['acc_smtp_type'] != 'EGroupware\\Api\\Mail\\Smtp')
|
|
{
|
|
$account = new Mail\Account($content);
|
|
$account->smtpServer()->saveSMTPForwarding($content['called_for'] ?
|
|
$content['called_for'] : $GLOBALS['egw_info']['user']['account_id'],
|
|
$content['mailForwardingAddress'],
|
|
$content['forwardOnly'] ? null : 'yes');
|
|
}
|
|
// smime (private) key uploaded by user himself
|
|
if (!empty($content['smimeKeyUpload']))
|
|
{
|
|
$content['acc_smime_cred_id'] = self::save_smime_key($content, $tpl);
|
|
unset($content['smimeKeyUpload']);
|
|
}
|
|
}
|
|
}
|
|
catch (Horde_Imap_Client_Exception $e)
|
|
{
|
|
_egw_log_exception($e);
|
|
$tpl->set_validation_error('acc_imap_admin_username', $msg=lang($e->getMessage()).($e->details?', '.lang($e->details):''));
|
|
$msg_type = 'error';
|
|
$content['tabs'] = 'admin.mailaccount.imap'; // should happen automatic
|
|
break;
|
|
}
|
|
catch (Horde\ManageSieve\Exception\ConnectionFailed $e)
|
|
{
|
|
_egw_log_exception($e);
|
|
$tpl->set_validation_error('acc_sieve_port', $msg=lang($e->getMessage()));
|
|
$msg_type = 'error';
|
|
$content['tabs'] = 'admin.mailaccount.sieve'; // should happen automatic
|
|
break;
|
|
}
|
|
catch (Exception $e) {
|
|
$msg = lang('Error saving account!')."\n".$e->getMessage();
|
|
$button = 'apply';
|
|
$msg_type = 'error';
|
|
}
|
|
if ($content['acc_id']) Mail::unsetCachedObjects($content['acc_id']);
|
|
if (stripos($msg,'fatal error:')!==false) $msg_type = 'error';
|
|
Framework::refresh_opener($msg, 'mail-account', $content['acc_id'], $new_account ? 'add' : 'update', null, null, null, $msg_type);
|
|
if ($button == 'save') Framework::window_close();
|
|
break;
|
|
|
|
case 'delete':
|
|
if (!Mail\Account::check_access(Acl::DELETE, $content))
|
|
{
|
|
$msg = lang('Permission denied!');
|
|
$msg_type = 'error';
|
|
}
|
|
elseif (Mail\Account::delete($content['acc_id']) > 0)
|
|
{
|
|
if ($content['acc_id']) Mail::unsetCachedObjects($content['acc_id']);
|
|
Framework::refresh_opener(lang('Account deleted.'), 'mail-account', $content['acc_id'], 'delete');
|
|
Framework::window_close();
|
|
}
|
|
else
|
|
{
|
|
$msg = lang('Failed to delete account!');
|
|
$msg_type = 'error';
|
|
}
|
|
}
|
|
}
|
|
// SMIME UPLOAD/DELETE/EXPORT control
|
|
$content['hide_smime_upload'] = false;
|
|
if (!empty($content['acc_smime_cred_id']))
|
|
{
|
|
if (!empty($content['smime_delete_p12']) &&
|
|
Mail\Credentials::delete (
|
|
$content['acc_id'],
|
|
$content['called_for'] ? $content['called_for'] : $GLOBALS['egw_info']['user']['account_id'],
|
|
Mail\Credentials::SMIME
|
|
))
|
|
{
|
|
unset($content['acc_smime_password'], $content['smimeKeyUpload'], $content['smime_delete_p12'], $content['acc_smime_cred_id']);
|
|
$content['hide_smime_upload'] = false;
|
|
}
|
|
else
|
|
{
|
|
// do NOT send smime private key to client side, it's unnecessary and binary blob breaks json encoding
|
|
$content['acc_smime_password'] = Mail\Credentials::UNAVAILABLE;
|
|
|
|
$content['hide_smime_upload'] = true;
|
|
}
|
|
}
|
|
|
|
// disable delete button for new, not yet saved entries, if no delete rights or a non-standard identity selected
|
|
$readonlys['button[delete]'] = empty($content['acc_id']) ||
|
|
!Mail\Account::check_access(Acl::DELETE, $content) ||
|
|
$content['ident_id'] != $content['std_ident_id'];
|
|
|
|
// if account is for multiple user, change delete confirmation to reflect that
|
|
if (Mail\Account::is_multiple($content))
|
|
{
|
|
$tpl->setElementAttribute('button[delete]', 'onclick', "et2_dialog.confirm(widget,'This is NOT a personal mail account!\\n\\nAccount will be deleted for ALL users!\\n\\nAre you really sure you want to do that?','Delete this account')");
|
|
}
|
|
|
|
// if no edit access, make whole dialog readonly
|
|
if (!$edit_access)
|
|
{
|
|
$readonlys['__ALL__'] = true;
|
|
$readonlys['button[cancel]'] = false;
|
|
// allow to edit notification-folders
|
|
$readonlys['button[save]'] = $readonlys['button[apply]'] =
|
|
$readonlys['notify_folders'] = $readonlys['notify_use_default'] = false;
|
|
// allow to edit sMime stuff
|
|
$readonlys['smimeGenerate'] = $readonlys['smimeKeyUpload'] = $readonlys['smime_pkcs12_password'] =
|
|
$readonlys['smime_export_p12'] = $readonlys['smime_delete_p12'] = false;
|
|
}
|
|
|
|
$sel_options['acc_imap_ssl'] = $sel_options['acc_sieve_ssl'] =
|
|
$sel_options['acc_smtp_ssl'] = self::$ssl_types;
|
|
|
|
// admin access to account with no credentials available
|
|
if ($this->is_admin && (!empty($content['called_for']) || empty($content['acc_imap_host']) || $content['called_for']) ||
|
|
// if OAuth failed, do not try to connect and trigger next authentication(-failure), but show failure message
|
|
!empty($content['oauth_failure']))
|
|
{
|
|
// can't connection to imap --> allow free entries in taglists
|
|
foreach(array('acc_folder_sent', 'acc_folder_trash', 'acc_folder_draft', 'acc_folder_template', 'acc_folder_junk') as $folder)
|
|
{
|
|
$tpl->setElementAttribute($folder, 'allowFreeEntries', true);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
try {
|
|
if (($oauth = OpenIDConnectClient::providerByDomain(
|
|
$content['acc_oauth_username'] ?? $content['acc_imap_username'] ?? $content['ident_email'], $content['acc_imap_host'])))
|
|
{
|
|
$content += self::oauth2content($oauth);
|
|
}
|
|
$sel_options['acc_folder_sent'] = $sel_options['acc_folder_trash'] =
|
|
$sel_options['acc_folder_draft'] = $sel_options['acc_folder_template'] =
|
|
$sel_options['acc_folder_junk'] = $sel_options['acc_folder_archive'] =
|
|
$sel_options['notify_folders'] = $sel_options['acc_folder_ham'] =
|
|
self::mailboxes(self::imap_client ($content));
|
|
// Allow folder notification on INBOX for popup_only
|
|
if ($GLOBALS['egw_info']['user']['preferences']['notifications']['notification_chain'] == 'popup_only')
|
|
{
|
|
$sel_options['notify_folders']['INBOX'] = lang('INBOX');
|
|
}
|
|
}
|
|
catch(Exception $e) {
|
|
if (self::$debug) _egw_log_exception($e);
|
|
// let user know what the problem is and that he can fix it using wizard or deleting
|
|
$msg = lang($e->getMessage())."\n\n".lang('You can use wizard to fix account settings or delete account.');
|
|
$msg_type = 'error';
|
|
// cant connection to imap --> allow free entries in taglists
|
|
foreach(array('acc_folder_sent', 'acc_folder_trash', 'acc_folder_draft', 'acc_folder_template', 'acc_folder_junk') as $folder)
|
|
{
|
|
$tpl->setElementAttribute($folder, 'allowFreeEntries', true);
|
|
}
|
|
}
|
|
}
|
|
|
|
$sel_options['acc_imap_type'] = Mail\Types::getIMAPServerTypes(false);
|
|
$sel_options['acc_smtp_type'] = Mail\Types::getSMTPServerTypes(false);
|
|
$sel_options['acc_imap_logintype'] = self::$login_types;
|
|
$sel_options['ident_id'] = $content['identities'];
|
|
$sel_options['acc_id'] = $content['accounts'];
|
|
$sel_options['acc_further_identities'] = self::$further_identities;
|
|
|
|
// user is allowed to create or edit further identities
|
|
if ($edit_access || $content['acc_further_identities'])
|
|
{
|
|
$sel_options['ident_id']['new'] = lang('Create new identity');
|
|
$readonlys['ident_id'] = false;
|
|
|
|
// if no edit-access and identity is not standard identity --> allow to edit identity
|
|
if (!$edit_access && $content['ident_id'] != $content['std_ident_id'])
|
|
{
|
|
$readonlys += array(
|
|
'button[save]' => false, 'button[apply]' => false,
|
|
'button[placeholders]' => false,
|
|
'ident_name' => false,
|
|
'ident_realname' => false, 'ident_email' => false, 'ident_email_alias' => false,
|
|
'ident_org' => false, 'ident_signature' => false,
|
|
);
|
|
}
|
|
if ($content['ident_id'] != $content['old_ident_id'] &&
|
|
($content['old_ident_id'] || $content['ident_id'] != $content['std_ident_id']))
|
|
{
|
|
if ((int)$content['ident_id'] > 0)
|
|
{
|
|
$identity = Mail\Account::read_identity($content['ident_id'], false, $content['called_for']);
|
|
unset($identity['account_id']);
|
|
$content = array_merge($content, $identity, array('ident_email_alias' => $identity['ident_email']));
|
|
}
|
|
else
|
|
{
|
|
$content['ident_name'] = $content['ident_realname'] = $content['ident_email'] =
|
|
$content['ident_email_alias'] = $content['ident_org'] = $content['ident_signature'] = '';
|
|
}
|
|
if (empty($msg) && $edit_access && $content['ident_id'] && $content['ident_id'] != $content['std_ident_id'])
|
|
{
|
|
$msg = lang('Switch back to standard identity to save other account data.');
|
|
$msg_type = 'help';
|
|
}
|
|
$content['old_ident_id'] = $content['ident_id'];
|
|
}
|
|
}
|
|
$content['old_acc_id'] = $content['acc_id'];
|
|
|
|
// if only aliases are allowed for futher identities, add them as options
|
|
// allow admins to always add arbitrary aliases
|
|
if ($content['acc_further_identities'] == 2 && !$this->is_admin)
|
|
{
|
|
$sel_options['ident_email_alias'] = array_merge(
|
|
array('' => $content['mailLocalAddress'].' ('.lang('Default').')'),
|
|
array_combine($content['mailAlternateAddress'] ?? [], $content['mailAlternateAddress'] ?? []));
|
|
// if admin explicitly set a non-alias, we need to add it to aliases to keep it after storing signature by user
|
|
if ($content['ident_email'] !== $content['mailLocalAddress'] && !isset($sel_options['ident_email_alias'][$content['ident_email']]))
|
|
{
|
|
$sel_options['ident_email_alias'][$content['ident_email']] = $content['ident_email'];
|
|
}
|
|
// copy ident_email to select-box ident_email_alias, as et2 requires unique ids
|
|
$content['ident_email_alias'] = $content['ident_email'];
|
|
$content['select_ident_mail'] = true;
|
|
}
|
|
|
|
// only allow to delete further identities, not a standard identity
|
|
$readonlys['button[delete_identity]'] = !($content['ident_id'] > 0 && $content['ident_id'] != $content['std_ident_id']);
|
|
|
|
// disable aliases tab for default smtp class EGroupware\Api\Mail\Smtp
|
|
$readonlys['tabs']['admin.mailaccount.aliases'] = !$content['acc_smtp_type'] ||
|
|
$content['acc_smtp_type'] == 'EGroupware\\Api\\Mail\\Smtp';
|
|
if ($readonlys['tabs']['admin.mailaccount.aliases'])
|
|
{
|
|
unset($sel_options['acc_further_identities'][2]); // can limit identities to aliases without aliases ;-)
|
|
}
|
|
|
|
// allow smtp class to disable certain features in alias tab
|
|
if ($content['acc_smtp_type'] && class_exists($content['acc_smtp_type']) &&
|
|
is_a($content['acc_smtp_type'], 'EGroupware\\Api\\Mail\\Smtp\\Ldap', true))
|
|
{
|
|
$content['no_forward_available'] = !constant($content['acc_smtp_type'].'::FORWARD_ATTR');
|
|
if (!constant($content['acc_smtp_type'].'::FORWARD_ONLY_ATTR'))
|
|
{
|
|
$readonlys['deliveryMode'] = true;
|
|
}
|
|
}
|
|
|
|
// account allows users to change forwards
|
|
if (!$edit_access && !$readonlys['tabs']['admin.mailaccount.aliases'] && $content['acc_user_forward'])
|
|
{
|
|
$readonlys['mailForwardingAddress'] = false;
|
|
}
|
|
|
|
// allow imap classes to disable certain tabs or fields
|
|
if (($class = Mail\Account::getIcClass($content['acc_imap_type'])) && class_exists($class) &&
|
|
($imap_ro = call_user_func(array($class, 'getUIreadonlys'))))
|
|
{
|
|
$readonlys = array_merge($readonlys, $imap_ro, array(
|
|
'tabs' => array_merge((array)$readonlys['tabs'], (array)$imap_ro['tabs']),
|
|
));
|
|
}
|
|
Framework::message($msg ? $msg : (string)$_GET['msg'], $msg_type);
|
|
|
|
// when called by admin for existing accounts, display further administrative actions
|
|
if ($content['called_for'] && (int)$content['acc_id'] > 0)
|
|
{
|
|
$admin_actions = array();
|
|
foreach(Api\Hooks::process(array(
|
|
'location' => 'emailadmin_edit',
|
|
'account_id' => $content['called_for'],
|
|
'acc_id' => $content['acc_id'],
|
|
)) as $actions)
|
|
{
|
|
if ($actions) $admin_actions = array_merge($admin_actions, $actions);
|
|
}
|
|
if ($admin_actions) $tpl->setElementAttribute('admin_actions', 'actions', $admin_actions);
|
|
}
|
|
$content['admin_actions'] = (bool)$admin_actions;
|
|
|
|
//try to fix identities with no domain part set e.g. alias as identity
|
|
if (!strpos($content['ident_email'], '@'))
|
|
{
|
|
$content['ident_email'] = Mail::fixInvalidAliasAddress (Api\Accounts::id2name($content['acc_imap_account_id'], 'account_email'), $content['ident_email']);
|
|
}
|
|
|
|
// If no EPL available, show that in spamtitan blur
|
|
$content['spamtitan_blur'] = $GLOBALS['egw_info']['user']['apps']['stylite'] ? '' : lang('SpamTitan integration requires EPL version');
|
|
|
|
$tpl->exec(static::APP_CLASS.'edit', $content, $sel_options, $readonlys, $content, 2);
|
|
}
|
|
|
|
/**
|
|
* Saves the smime key
|
|
*
|
|
* @param array $content
|
|
* @param Etemplate $tpl
|
|
* @param int $account_id =null account to save smime key for, default current user
|
|
* @return int cred_id or null on error
|
|
*/
|
|
private static function save_smime_key(array $content, Etemplate $tpl, $account_id=null)
|
|
{
|
|
if (($pkcs12 = file_get_contents($content['smimeKeyUpload']['tmp_name'])))
|
|
{
|
|
$cert_info = Mail\Smime::extractCertPKCS12($pkcs12, $content['smime_pkcs12_password']);
|
|
if (is_array($cert_info) && !empty($cert_info['cert']))
|
|
{
|
|
// save public key
|
|
$smime = new Mail\Smime;
|
|
$email = $smime->getEmailFromKey($cert_info['cert']);
|
|
$AB_bo = new addressbook_bo();
|
|
$AB_bo->set_smime_keys(array(
|
|
$email => $cert_info['cert']
|
|
));
|
|
// save private key
|
|
if (!isset($account_id)) $account_id = $GLOBALS['egw_info']['user']['account_id'];
|
|
return Mail\Credentials::write($content['acc_id'], $email, $pkcs12, Mail\Credentials::SMIME, $account_id);
|
|
}
|
|
$tpl->set_validation_error('smimeKeyUpload', lang('Could not extract private key from given p12 file. Either the p12 file is broken or password is wrong!'));
|
|
}
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Replace 0 with '' or back
|
|
*
|
|
* @param string|array &$account_id on return always array
|
|
* @param boolean $back =false
|
|
*/
|
|
private static function fix_account_id_0(&$account_id=null, $back=false)
|
|
{
|
|
if (!isset($account_id)) return;
|
|
|
|
if (!is_array($account_id))
|
|
{
|
|
$account_id = $account_id ? explode(',', $account_id) : [];
|
|
}
|
|
if ($back && !$account_id)
|
|
{
|
|
$account_id = 0;
|
|
}
|
|
if (!$back && count($account_id) === 1 && !current($account_id))
|
|
{
|
|
$account_id = [];
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Instanciate imap-client
|
|
*
|
|
* @param array $content
|
|
* @param int $timeout =null default use value returned by Mail\Imap::getTimeOut()
|
|
* @return Horde_Imap_Client_Socket
|
|
*/
|
|
protected static function imap_client(array &$content, $timeout=null)
|
|
{
|
|
$config = [
|
|
'username' => $content['acc_imap_username'],
|
|
'password' => $content['acc_imap_password'],
|
|
'hostspec' => $content['acc_imap_host'],
|
|
'port' => $content['acc_imap_port'],
|
|
'secure' => self::$ssl2secure[(string)array_search($content['acc_imap_ssl'], self::$ssl2type)],
|
|
'timeout' => $timeout > 0 ? $timeout : Mail\Imap::getTimeOut(),
|
|
'debug' => self::DEBUG_LOG,
|
|
];
|
|
if (!empty($content['acc_oauth_provider_url']) || !empty($content['acc_oauth_access_token']))
|
|
{
|
|
$config['xoauth2_token'] = self::oauthToken($content);
|
|
$config['username'] = $content['acc_oauth_username'] ?? $content['acc_imap_username'];
|
|
if (empty($config['password'])) $config['password'] = '**oauth**'; // some password is required, even if not used
|
|
}
|
|
return new Horde_Imap_Client_Socket($config);
|
|
}
|
|
|
|
/**
|
|
* Acquire OAuth access (and refresh) token
|
|
*/
|
|
protected static function oauthToken(array &$content, bool $smtp=false)
|
|
{
|
|
if (empty($content['acc_oauth_access_token']))
|
|
{
|
|
if (empty($content['acc_oauth_client_secret']) &&
|
|
($oauth = OpenIDConnectClient::providerByDomain($content['acc_oauth_username'] ?? $content['acc_imap_username'] ?? $content['ident_email'], $content['acc_imap_host'])))
|
|
{
|
|
$content += self::oauth2content($oauth);
|
|
}
|
|
if (empty($content['acc_oauth_client_secret']))
|
|
{
|
|
throw new Exception(lang("No OAuth client secret for provider '%1'!", $content['acc_oauth_provider_url']));
|
|
}
|
|
$oidc = new OpenIDConnectClient($content['acc_oauth_provider_url'],
|
|
$content['acc_oauth_client_id'], $content['acc_oauth_client_secret']);
|
|
|
|
// Office365 requires client-ID as appid GET parameter (https://github.com/jumbojett/OpenID-Connect-PHP/issues/190)
|
|
if (!empty($content[OpenIDConnectClient::ADD_CLIENT_TO_WELL_KNOWN]))
|
|
{
|
|
$oidc->setWellKnownConfigParameters([$content[OpenIDConnectClient::ADD_CLIENT_TO_WELL_KNOWN] => $content['acc_oauth_client_id']]);
|
|
}
|
|
// Google requires access_type=offline&prompt=consent to return a refresh-token
|
|
if (!empty($content[OpenIDConnectClient::ADD_AUTH_PARAM]))
|
|
{
|
|
$oidc->addAuthParam(str_replace('$username', $content['acc_oauth_username'] ?? $content['acc_imap_username'] ?? $content['ident_email'], $content[OpenIDConnectClient::ADD_AUTH_PARAM]));
|
|
}
|
|
|
|
// we need to use response_code=query / GET request to keep our session token!
|
|
$oidc->setResponseTypes(['code']); // to be able to use query, not 'id_token'
|
|
//$oidc->setAllowImplicitFlow(true);
|
|
$oidc->addScope($content['acc_oauth_scopes']);
|
|
}
|
|
|
|
if (!empty($content['acc_oauth_access_token']) ||
|
|
!empty($content['acc_oauth_refresh_token']) && $content['acc_oauth_refresh_token'] !== Mail\Credentials::UNAVAILABLE)
|
|
{
|
|
if (empty($content['acc_oauth_access_token']))
|
|
{
|
|
$content['acc_oauth_access_token'] = $oidc->refreshToken($content['acc_oauth_refresh_token'])->access_token;
|
|
}
|
|
if (!empty($content['acc_oauth_access_token']))
|
|
{
|
|
if ($smtp)
|
|
{
|
|
return new Horde_Smtp_Password_Xoauth2($content['acc_oauth_username'] ?? $content['acc_smtp_username'], $content['acc_oauth_access_token']);
|
|
}
|
|
return new Horde_Imap_Client_Password_Xoauth2($content['acc_oauth_username'] ?? $content['acc_imap_username'], $content['acc_oauth_access_token']);
|
|
}
|
|
}
|
|
// Run OAuth authentication, will NOT return, but call success or failure callbacks below
|
|
$oidc->authenticateThen(__CLASS__.'::oauthAuthenticated', [$content], __CLASS__.'::oauthFailure', [$content]);
|
|
}
|
|
|
|
/**
|
|
* Oauth success callback calling autoconfig again
|
|
*
|
|
* @param OpenIDConnectClient $oidc
|
|
* @param array $content
|
|
* @return void
|
|
*/
|
|
public static function oauthAuthenticated(OpenIDConnectClient $oidc, array $content)
|
|
{
|
|
if (empty($content['acc_oauth_username']))
|
|
{
|
|
$content['acc_oauth_username'] = $content['acc_imap_username'] ?? $oidc->getVerifiedClaims('email') ?? $content['ident_email'];
|
|
}
|
|
if (empty($content['acc_oauth_refresh_token'] = $oidc->getRefreshToken()))
|
|
{
|
|
$content['output'] .= lang('OAuth Authentiction').': '.lang('Successfull, but NO refresh-token received!');
|
|
$content['connected'] = false;
|
|
}
|
|
$content['acc_oauth_access_token'] = $oidc->getAccessToken();
|
|
|
|
if (empty($GLOBALS['egw_info']['user']['apps']['admin']))
|
|
{
|
|
$GLOBALS['egw_info']['flags']['currentapp'] = 'mail';
|
|
$obj = new mail_wizard();
|
|
}
|
|
else
|
|
{
|
|
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';
|
|
$obj = new self;
|
|
}
|
|
unset($content['oauth_failure']);
|
|
if (!empty($content['acc_id']))
|
|
{
|
|
$content['button'] = ['save' => true]; // automatic save token, refresh mail app and close popup
|
|
$obj->edit($content, lang('Use save or apply to store the received OAuth token!'), 'info');
|
|
}
|
|
else
|
|
{
|
|
$obj->autoconfig($content);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Oauth failure callback calling autoconfig again
|
|
*
|
|
* @param OpenIDConnectClientException|null $exception
|
|
* @param array $content
|
|
*/
|
|
public static function oauthFailure(Throwable $exception=null, array $content)
|
|
{
|
|
if (empty($GLOBALS['egw_info']['user']['apps']['admin']))
|
|
{
|
|
$GLOBALS['egw_info']['flags']['currentapp'] = 'mail';
|
|
$obj = new mail_wizard();
|
|
}
|
|
else
|
|
{
|
|
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';
|
|
$obj = new self;
|
|
}
|
|
$content['oauth_failure'] = $exception ?: true;
|
|
if (!empty($content['acc_id']))
|
|
{
|
|
$obj->edit($content, lang('OAuth Authentiction').': '.($exception ? $exception->getMessage() : lang('failed')), 'error');
|
|
}
|
|
else
|
|
{
|
|
$content['output'] .= lang('OAuth Authentiction').': '.($exception ? $exception->getMessage() : lang('failed'));
|
|
$content['connected'] = false;
|
|
|
|
$obj->autoconfig($content);
|
|
}
|
|
$obj->autoconfig($content);
|
|
}
|
|
|
|
/**
|
|
* Reorder SSL types to make sure we start with TLS, SSL, STARTTLS and insecure last
|
|
*
|
|
* @param array $data ssl => port pairs plus other data like value for 'username'
|
|
* @return array
|
|
*/
|
|
protected static function fix_ssl_order($data)
|
|
{
|
|
$ordered = array();
|
|
foreach(array_merge(array('TLS', 'SSL', 'STARTTLS'), array_keys($data)) as $key)
|
|
{
|
|
if (array_key_exists($key, $data)) $ordered[$key] = $data[$key];
|
|
}
|
|
return $ordered;
|
|
}
|
|
|
|
/**
|
|
* Query Mozilla's ISPDB
|
|
*
|
|
* Some providers eg. 1-and-1 do not report their hosted domains to ISPDB,
|
|
* therefore we try it with the found MX and it's domain-part (host-name removed).
|
|
*
|
|
* @param string $domain domain or email
|
|
* @param boolean $try_mx =true if domain itself is not found, try mx or domain-part (host removed) of mx
|
|
* @return array with values for keys 'displayName', 'imap', 'smtp', 'pop3', which each contain
|
|
* array of arrays with values for keys 'hostname', 'port', 'socketType'=(SSL|STARTTLS), 'username'=%EMAILADDRESS%
|
|
*/
|
|
protected static function mozilla_ispdb($domain, $try_mx=true)
|
|
{
|
|
if (strpos($domain, '@') !== false) list(,$domain) = explode('@', $domain);
|
|
|
|
$url = 'https://autoconfig.thunderbird.net/v1.1/'.$domain;
|
|
try {
|
|
$xml = simplexml_load_string(file_get_contents($url) ?: '');
|
|
if (!$xml || !$xml->emailProvider) throw new Api\Exception\NotFound();
|
|
$provider = array(
|
|
'displayName' => (string)$xml->emailProvider->displayName,
|
|
);
|
|
foreach($xml->emailProvider->children() as $tag => $server)
|
|
{
|
|
if (!in_array($tag, array('incomingServer', 'outgoingServer'))) continue;
|
|
foreach($server->attributes() as $name => $value)
|
|
{
|
|
if ($name == 'type') $type = (string)$value;
|
|
}
|
|
$data = array();
|
|
foreach($server as $name => $value)
|
|
{
|
|
foreach($value->children() as $tag => $val)
|
|
{
|
|
$data[$name][$tag] = (string)$val;
|
|
}
|
|
if (!isset($data[$name])) $data[$name] = (string)$value;
|
|
}
|
|
$provider[$type][] = $data;
|
|
}
|
|
}
|
|
catch(Exception $e) {
|
|
// ignore own not-found exception or xml parsing execptions
|
|
unset($e);
|
|
|
|
if ($try_mx && ($dns = dns_get_record($domain, DNS_MX)))
|
|
{
|
|
$domain = $dns[0]['target'];
|
|
if (!($provider = self::mozilla_ispdb($domain, false)))
|
|
{
|
|
list(,$domain) = explode('.', $domain, 2);
|
|
$provider = self::mozilla_ispdb($domain, false);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$provider = array();
|
|
}
|
|
}
|
|
//error_log(__METHOD__."('$email') returning ".array2string($provider));
|
|
return $provider;
|
|
}
|
|
|
|
/**
|
|
* Guess possible server hostnames from email address:
|
|
* - $type.$domain, mail.$domain
|
|
* - replace host in MX with imap or mail
|
|
* - MX for $domain
|
|
*
|
|
* @param string $email email address
|
|
* @param string $type ='imap' 'imap' or 'smtp', used as hostname beside 'mail'
|
|
* @return array of hostname => true pairs
|
|
*/
|
|
protected function guess_hosts($email, $type='imap')
|
|
{
|
|
list(,$domain) = explode('@', $email);
|
|
|
|
$hosts = array();
|
|
|
|
// try usuall names
|
|
$hosts[$type.'.'.$domain] = true;
|
|
$hosts['mail.'.$domain] = true;
|
|
if ($type == 'smtp') $hosts['send.'.$domain] = true;
|
|
|
|
if (($dns = dns_get_record($domain, DNS_MX)))
|
|
{
|
|
//error_log(__METHOD__."('$email') dns_get_record('$domain', DNS_MX) returned ".array2string($dns));
|
|
// hosts for office365 are outlook|smpt.office365.com for MX *.mail.protection.outlook.com
|
|
if (substr($dns[0]['target'], -28) == '.mail.protection.outlook.com')
|
|
{
|
|
$hosts[($type == 'imap' ? 'outlook' : 'smtp').'.office365.com'] = true;
|
|
}
|
|
$hosts[preg_replace('/^[^.]+/', $type, $dns[0]['target'])] = true;
|
|
$hosts[preg_replace('/^[^.]+/', 'mail', $dns[0]['target'])] = true;
|
|
if ($type == 'smtp') $hosts[preg_replace('/^[^.]+/', 'send', $dns[0]['target'])] = true;
|
|
$hosts[$dns[0]['target']] = true;
|
|
}
|
|
|
|
// verify hosts in dns
|
|
foreach(array_keys($hosts) as $host)
|
|
{
|
|
if (!dns_get_record($host, DNS_A)) unset($hosts[$host]);
|
|
}
|
|
//error_log(__METHOD__."('$email') returning ".array2string($hosts));
|
|
return $hosts;
|
|
}
|
|
|
|
/**
|
|
* Set mail account status wheter to 'active' or '' (inactive)
|
|
*
|
|
* @param array $_data account an array of data called via long task running dialog
|
|
* $_data:array (
|
|
* id => account_id,
|
|
* quota => quotaLimit,
|
|
* domain => mailLocalAddress,
|
|
* status => mail activation status('active'|'')
|
|
* )
|
|
* @param string $etemplate_exec_id to check against CSRF
|
|
* @return json response
|
|
*/
|
|
public function ajax_activeAccounts($_data, $etemplate_exec_id)
|
|
{
|
|
Api\Etemplate\Request::csrfCheck($etemplate_exec_id, __METHOD__, func_get_args());
|
|
|
|
if (!$this->is_admin) die('no rights to be here!');
|
|
$response = Api\Json\Response::get();
|
|
if (($account = $GLOBALS['egw']->accounts->read($_data['id'])))
|
|
{
|
|
if ($_data['quota'] !== '' || $_data['accountStatus'] !== '' || strpos($_data['domain'], '.'))
|
|
{
|
|
$ea_account = Mail\Account::get_default(false, false, false, true, $_data['id'], true);
|
|
if (!$ea_account || !Mail\Account::is_multiple($ea_account))
|
|
{
|
|
$msg = $account['account_fullname'].' (#'.$_data['id'].'): '.lang('No default account found!');
|
|
return $response->data($msg);
|
|
}
|
|
|
|
if ($ea_account && ($userData = $ea_account->getUserData()))
|
|
{
|
|
$userData = array(
|
|
'acc_smtp_type' => $ea_account->acc_smtp_type,
|
|
'accountStatus' => $_data['status'],
|
|
'quotaLimit' => $_data['quota'] ?: $userData['quotaLimit'],
|
|
'mailLocalAddress' => $userData['mailLocalAddress'],
|
|
);
|
|
|
|
if (strpos($_data['domain'], '.') !== false)
|
|
{
|
|
$userData['mailLocalAddress'] = preg_replace('/@'.preg_quote($ea_account->acc_domain, '/').'$/', '@'.$_data['domain'], $userData['mailLocalAddress']);
|
|
|
|
foreach($userData['mailAlternateAddress'] as &$alias)
|
|
{
|
|
$alias = preg_replace('/@'.preg_quote($ea_account->acc_domain, '/').'$/', '@'.$_data['domain'], $alias);
|
|
}
|
|
}
|
|
// fulfill the saveUserData requirements
|
|
$userData += $ea_account->params;
|
|
$ea_account->saveUserData($_data['id'], $userData);
|
|
$msg = $account['account_fullname'].' (#'.$_data['id'].'): '.
|
|
($userData['accountStatus'] === 'active' ? lang('activated') : lang('deactivated'));
|
|
}
|
|
else
|
|
{
|
|
$msg = lang('No profile defined for user %1', $account['account_fullname'].' (#'.$_data['id'].")\n");
|
|
}
|
|
}
|
|
}
|
|
$response->data($msg);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Trivial file logger, as Horde\ManageSieve does not support just a file
|
|
*/
|
|
class admin_mail_logger
|
|
{
|
|
private $fp;
|
|
|
|
public function __construct($log)
|
|
{
|
|
$this->fp = is_resource($log) ? $log : fopen($log, 'a');
|
|
}
|
|
|
|
public function debug($msg)
|
|
{
|
|
fwrite($this->fp, $msg."\n");
|
|
}
|
|
} |