Make roundcube use internal auth

2025-01-18 03:21:36 +02:00 · 2021-02-06 18:14:58 +01:00 · 2021-02-06 18:14:58 +01:00 · 2cdee8d18e
commit 2cdee8d18e
parent 906a051925
4 changed files with 65 additions and 1 deletions
--- a/webmails/roundcube/Dockerfile
+++ b/webmails/roundcube/Dockerfile
@ -46,6 +46,7 @@ RUN apt-get update && apt-get install -y \

 COPY php.ini /php.ini
 COPY config.inc.php /var/www/html/config/
+COPY mailu.php /var/www/html/plugins/mailu/mailu.php
 COPY start.py /start.py

 EXPOSE 80/tcp
--- a/webmails/roundcube/config.inc.php
+++ b/webmails/roundcube/config.inc.php
@ -17,7 +17,8 @@ $config['plugins'] = array(
    'markasjunk',
    'managesieve',
    'enigma',
-    'carddav'
+    'carddav',
+    'mailu'
 );

 $front = getenv('FRONT_ADDRESS') ? getenv('FRONT_ADDRESS') : 'front';
@ -37,6 +38,7 @@ $config['managesieve_usetls'] = false;

 // Customization settings
 $config['support_url'] = getenv('WEB_ADMIN') ? '../..' . getenv('WEB_ADMIN') : '';
+$config['sso_logout_url'] = getenv('WEB_ADMIN').'/ui/logout';
 $config['product_name'] = 'Mailu Webmail';

 // We access the IMAP and SMTP servers locally with internal names, SSL
--- a/webmails/roundcube/mailu.php
+++ b/webmails/roundcube/mailu.php
@ -0,0 +1,59 @@
+<?php
+
+class mailu extends rcube_plugin
+{
+
+  function init()
+  {
+    $this->add_hook('startup', array($this, 'startup'));
+    $this->add_hook('authenticate', array($this, 'authenticate'));
+    $this->add_hook('login_after', array($this, 'login'));
+    $this->add_hook('login_failed', array($this, 'login_failed'));
+    $this->add_hook('logout_after', array($this, 'logout'));
+  }
+
+  function startup($args)
+  {
+    if (empty($_SESSION['user_id'])) {
+        $args['action'] = 'login';
+    }
+
+    return $args;
+  }
+
+  function authenticate($args)
+  {
+    if (!in_array('HTTP_X_REMOTE_USER', $_SERVER) || !in_array('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) {
+        header('HTTP/1.0 403 Forbidden');
+        die();
+    }
+    $args['user'] = $_SERVER['HTTP_X_REMOTE_USER'];
+    $args['pass'] = $_SERVER['HTTP_X_REMOTE_USER_TOKEN'];
+
+    $args['cookiecheck'] = false;
+    $args['valid'] = true;
+
+    return $args;
+  }
+
+  function logout($args) {
+    // Redirect to global SSO logout path.
+    $this->load_config();
+
+    $sso_logout_url = rcmail::get_instance()->config->get('sso_logout_url');
+    header("Location: " . $sso_logout_url, true);
+    exit;
+  }
+
+  function login($args)
+  {
+      header('Location: index.php');
+      exit();
+  }
+  function login_failed($args)
+  {
+      header('Location: sso.php');
+      exit();
+  }
+
+}
--- a/webmails/roundcube/start.py
+++ b/webmails/roundcube/start.py
@ -39,6 +39,8 @@ conf.jinja("/php.ini", os.environ, "/usr/local/etc/php/conf.d/roundcube.ini")
 os.system("mkdir -p /data/gpg /var/www/html/logs")
 os.system("touch /var/www/html/logs/errors.log")
 os.system("chown -R www-data:www-data /var/www/html/logs")
+os.system("chmod -R a+rX /var/www/html/")
+os.system("ln -s /var/www/html/index.php /var/www/html/sso.php")

 try:
    print("Initializing database")