self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-07-03 00:57:33 +02:00
Code Issues Releases Activity

[Web] use global vars for iam_provider and iam_settings

Browse Source
This commit is contained in:
FreddleSpl0it
2024-11-29 15:50:35 +01:00
parent dc379267a9
commit 05e4bd7602
9 changed files with 60 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
data/web/inc/functions.auth.inc.php
View File

@ -162,6 +162,8 @@ function domainadmin_login($user, $pass){
}
function user_login($user, $pass, $extra = null){
global $pdo;
global $iam_provider;
global $iam_settings;
$is_internal = $extra['is_internal'];
@ -186,12 +188,11 @@ function user_login($user, $pass, $extra = null){
// user does not exist, try call idp login and create user if possible via rest flow
if (!$row){
$iam_settings = identity_provider('get');
if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
$result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
$result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal, 'create' => true));
if ($result !== false) return $result;
} else if ($iam_settings['authsource'] == 'ldap') {
$result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
$result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal, 'create' => true));
if ($result !== false) return $result;
}
}
@ -202,9 +203,8 @@ function user_login($user, $pass, $extra = null){
switch ($row['authsource']) {
case 'keycloak':
// user authsource is keycloak, try using via rest flow
$iam_settings = identity_provider('get');
if (intval($iam_settings['mailpassword_flow']) == 1){
$result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
$result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal));
if ($result !== false) {
// check for tfa authenticators
$authenticators = get_tfa($user);
@ -243,8 +243,7 @@ function user_login($user, $pass, $extra = null){
break;
case 'ldap':
// user authsource is ldap
$iam_settings = identity_provider('get');
$result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal));
$result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal));
if ($result !== false) {
// check for tfa authenticators
$authenticators = get_tfa($user);
@ -397,8 +396,10 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){
// Keycloak REST Api Flow - auth user by mailcow_password attribute
// This password will be used for direct UI, IMAP and SMTP Auth
// To use direct user credentials, only Authorization Code Flow is valid
function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
function keycloak_mbox_login_rest($user, $pass, $extra = null){
global $pdo;
global $iam_provider;
global $iam_settings;
$is_internal = $extra['is_internal'];
$create = $extra['create'];
@ -474,10 +475,11 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
return 'user';
}
function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
function ldap_mbox_login($user, $pass, $extra = null){
global $pdo;
global $iam_provider;
global $iam_settings;
$iam_provider = identity_provider();
$is_internal = $extra['is_internal'];
$create = $extra['create'];