mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-23 02:04:46 +02:00
[Web] use global vars for iam_provider and iam_settings
This commit is contained in:
parent
dc379267a9
commit
05e4bd7602
@ -86,8 +86,6 @@ $cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allo
|
|||||||
$cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
|
$cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
|
||||||
|
|
||||||
$f2b_data = fail2ban('get');
|
$f2b_data = fail2ban('get');
|
||||||
// identity provider
|
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
// mbox templates
|
// mbox templates
|
||||||
$mbox_templates = mailbox('get', 'mailbox_templates');
|
$mbox_templates = mailbox('get', 'mailbox_templates');
|
||||||
|
|
||||||
|
@ -55,6 +55,7 @@ $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
|||||||
|
|
||||||
// Init Identity Provider
|
// Init Identity Provider
|
||||||
$iam_provider = identity_provider('init');
|
$iam_provider = identity_provider('init');
|
||||||
|
$iam_settings = identity_provider('get');
|
||||||
|
|
||||||
$login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
|
$login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
|
||||||
$login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
|
$login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
|
||||||
|
@ -119,7 +119,6 @@ if (isset($_SESSION['mailcow_cc_role'])) {
|
|||||||
$quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
|
$quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
|
||||||
$get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
|
$get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
|
||||||
$rlyhosts = relayhost('get');
|
$rlyhosts = relayhost('get');
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
$template = 'edit/mailbox.twig';
|
$template = 'edit/mailbox.twig';
|
||||||
$template_data = [
|
$template_data = [
|
||||||
'acl' => $_SESSION['acl'],
|
'acl' => $_SESSION['acl'],
|
||||||
|
@ -162,6 +162,8 @@ function domainadmin_login($user, $pass){
|
|||||||
}
|
}
|
||||||
function user_login($user, $pass, $extra = null){
|
function user_login($user, $pass, $extra = null){
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
global $iam_provider;
|
||||||
|
global $iam_settings;
|
||||||
|
|
||||||
$is_internal = $extra['is_internal'];
|
$is_internal = $extra['is_internal'];
|
||||||
|
|
||||||
@ -186,12 +188,11 @@ function user_login($user, $pass, $extra = null){
|
|||||||
|
|
||||||
// user does not exist, try call idp login and create user if possible via rest flow
|
// user does not exist, try call idp login and create user if possible via rest flow
|
||||||
if (!$row){
|
if (!$row){
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
|
if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
|
||||||
$result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
|
$result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal, 'create' => true));
|
||||||
if ($result !== false) return $result;
|
if ($result !== false) return $result;
|
||||||
} else if ($iam_settings['authsource'] == 'ldap') {
|
} else if ($iam_settings['authsource'] == 'ldap') {
|
||||||
$result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
|
$result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal, 'create' => true));
|
||||||
if ($result !== false) return $result;
|
if ($result !== false) return $result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -202,9 +203,8 @@ function user_login($user, $pass, $extra = null){
|
|||||||
switch ($row['authsource']) {
|
switch ($row['authsource']) {
|
||||||
case 'keycloak':
|
case 'keycloak':
|
||||||
// user authsource is keycloak, try using via rest flow
|
// user authsource is keycloak, try using via rest flow
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if (intval($iam_settings['mailpassword_flow']) == 1){
|
if (intval($iam_settings['mailpassword_flow']) == 1){
|
||||||
$result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
|
$result = keycloak_mbox_login_rest($user, $pass, array('is_internal' => $is_internal));
|
||||||
if ($result !== false) {
|
if ($result !== false) {
|
||||||
// check for tfa authenticators
|
// check for tfa authenticators
|
||||||
$authenticators = get_tfa($user);
|
$authenticators = get_tfa($user);
|
||||||
@ -243,8 +243,7 @@ function user_login($user, $pass, $extra = null){
|
|||||||
break;
|
break;
|
||||||
case 'ldap':
|
case 'ldap':
|
||||||
// user authsource is ldap
|
// user authsource is ldap
|
||||||
$iam_settings = identity_provider('get');
|
$result = ldap_mbox_login($user, $pass, array('is_internal' => $is_internal));
|
||||||
$result = ldap_mbox_login($user, $pass, $iam_settings, array('is_internal' => $is_internal));
|
|
||||||
if ($result !== false) {
|
if ($result !== false) {
|
||||||
// check for tfa authenticators
|
// check for tfa authenticators
|
||||||
$authenticators = get_tfa($user);
|
$authenticators = get_tfa($user);
|
||||||
@ -397,8 +396,10 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){
|
|||||||
// Keycloak REST Api Flow - auth user by mailcow_password attribute
|
// Keycloak REST Api Flow - auth user by mailcow_password attribute
|
||||||
// This password will be used for direct UI, IMAP and SMTP Auth
|
// This password will be used for direct UI, IMAP and SMTP Auth
|
||||||
// To use direct user credentials, only Authorization Code Flow is valid
|
// To use direct user credentials, only Authorization Code Flow is valid
|
||||||
function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
|
function keycloak_mbox_login_rest($user, $pass, $extra = null){
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
global $iam_provider;
|
||||||
|
global $iam_settings;
|
||||||
|
|
||||||
$is_internal = $extra['is_internal'];
|
$is_internal = $extra['is_internal'];
|
||||||
$create = $extra['create'];
|
$create = $extra['create'];
|
||||||
@ -474,10 +475,11 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
|
|||||||
|
|
||||||
return 'user';
|
return 'user';
|
||||||
}
|
}
|
||||||
function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
|
function ldap_mbox_login($user, $pass, $extra = null){
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
global $iam_provider;
|
||||||
|
global $iam_settings;
|
||||||
|
|
||||||
$iam_provider = identity_provider();
|
|
||||||
$is_internal = $extra['is_internal'];
|
$is_internal = $extra['is_internal'];
|
||||||
$create = $extra['create'];
|
$create = $extra['create'];
|
||||||
|
|
||||||
|
@ -1072,6 +1072,8 @@ function set_tfa($_data) {
|
|||||||
global $pdo;
|
global $pdo;
|
||||||
global $yubi;
|
global $yubi;
|
||||||
global $tfa;
|
global $tfa;
|
||||||
|
global $iam_settings;
|
||||||
|
|
||||||
$_data_log = $_data;
|
$_data_log = $_data;
|
||||||
$access_denied = null;
|
$access_denied = null;
|
||||||
!isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
|
!isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
|
||||||
@ -1100,7 +1102,6 @@ function set_tfa($_data) {
|
|||||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
if ($row) {
|
if ($row) {
|
||||||
if ($row['authsource'] == 'ldap'){
|
if ($row['authsource'] == 'ldap'){
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if (!ldap_mbox_login($username, $_data["confirm_password"], $iam_settings)) $access_denied = true;
|
if (!ldap_mbox_login($username, $_data["confirm_password"], $iam_settings)) $access_denied = true;
|
||||||
else $access_denied = false;
|
else $access_denied = false;
|
||||||
} else {
|
} else {
|
||||||
@ -2129,20 +2130,13 @@ function uuid4() {
|
|||||||
function identity_provider($_action = null, $_data = null, $_extra = null) {
|
function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||||
global $pdo;
|
global $pdo;
|
||||||
global $iam_provider;
|
global $iam_provider;
|
||||||
|
global $iam_settings;
|
||||||
|
|
||||||
$data_log = $_data;
|
$data_log = $_data;
|
||||||
if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*';
|
if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*';
|
||||||
if (isset($data_log['access_token'])) $data_log['access_token'] = '*';
|
if (isset($data_log['access_token'])) $data_log['access_token'] = '*';
|
||||||
|
|
||||||
switch ($_action) {
|
switch ($_action) {
|
||||||
case NULL:
|
|
||||||
if ($iam_provider) {
|
|
||||||
return $iam_provider;
|
|
||||||
} else {
|
|
||||||
$iam_provider = identity_provider("init");
|
|
||||||
return $iam_provider;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'get':
|
case 'get':
|
||||||
$settings = array();
|
$settings = array();
|
||||||
$stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");
|
$stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");
|
||||||
@ -2414,20 +2408,20 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
return true;
|
return true;
|
||||||
break;
|
break;
|
||||||
case "init":
|
case "init":
|
||||||
$iam_settings = identity_provider('get');
|
$settings = identity_provider('get');
|
||||||
$provider = null;
|
$provider = null;
|
||||||
|
|
||||||
switch ($iam_settings['authsource']) {
|
switch ($settings['authsource']) {
|
||||||
case "keycloak":
|
case "keycloak":
|
||||||
if ($iam_settings['server_url'] && $iam_settings['realm'] && $iam_settings['client_id'] &&
|
if ($settings['server_url'] && $settings['realm'] && $settings['client_id'] &&
|
||||||
$iam_settings['client_secret'] && $iam_settings['redirect_url'] && $iam_settings['version']){
|
$settings['client_secret'] && $settings['redirect_url'] && $settings['version']){
|
||||||
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
|
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
|
||||||
'authServerUrl' => $iam_settings['server_url'],
|
'authServerUrl' => $settings['server_url'],
|
||||||
'realm' => $iam_settings['realm'],
|
'realm' => $settings['realm'],
|
||||||
'clientId' => $iam_settings['client_id'],
|
'clientId' => $settings['client_id'],
|
||||||
'clientSecret' => $iam_settings['client_secret'],
|
'clientSecret' => $settings['client_secret'],
|
||||||
'redirectUri' => $iam_settings['redirect_url'],
|
'redirectUri' => $settings['redirect_url'],
|
||||||
'version' => $iam_settings['version'],
|
'version' => $settings['version'],
|
||||||
// 'encryptionAlgorithm' => 'RS256', // optional
|
// 'encryptionAlgorithm' => 'RS256', // optional
|
||||||
// 'encryptionKeyPath' => '../key.pem' // optional
|
// 'encryptionKeyPath' => '../key.pem' // optional
|
||||||
// 'encryptionKey' => 'contents_of_key_or_certificate' // optional
|
// 'encryptionKey' => 'contents_of_key_or_certificate' // optional
|
||||||
@ -2435,34 +2429,34 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "generic-oidc":
|
case "generic-oidc":
|
||||||
if ($iam_settings['client_id'] && $iam_settings['client_secret'] && $iam_settings['redirect_url'] &&
|
if ($settings['client_id'] && $settings['client_secret'] && $settings['redirect_url'] &&
|
||||||
$iam_settings['authorize_url'] && $iam_settings['token_url'] && $iam_settings['userinfo_url']){
|
$settings['authorize_url'] && $settings['token_url'] && $settings['userinfo_url']){
|
||||||
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
|
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
|
||||||
'clientId' => $iam_settings['client_id'],
|
'clientId' => $settings['client_id'],
|
||||||
'clientSecret' => $iam_settings['client_secret'],
|
'clientSecret' => $settings['client_secret'],
|
||||||
'redirectUri' => $iam_settings['redirect_url'],
|
'redirectUri' => $settings['redirect_url'],
|
||||||
'urlAuthorize' => $iam_settings['authorize_url'],
|
'urlAuthorize' => $settings['authorize_url'],
|
||||||
'urlAccessToken' => $iam_settings['token_url'],
|
'urlAccessToken' => $settings['token_url'],
|
||||||
'urlResourceOwnerDetails' => $iam_settings['userinfo_url'],
|
'urlResourceOwnerDetails' => $settings['userinfo_url'],
|
||||||
'scopes' => $iam_settings['client_scopes']
|
'scopes' => $settings['client_scopes']
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "ldap":
|
case "ldap":
|
||||||
if ($iam_settings['host'] && $iam_settings['port'] && $iam_settings['basedn'] &&
|
if ($settings['host'] && $settings['port'] && $settings['basedn'] &&
|
||||||
$iam_settings['binddn'] && $iam_settings['bindpass']){
|
$settings['binddn'] && $settings['bindpass']){
|
||||||
$options = array();
|
$options = array();
|
||||||
if ($iam_settings['ignore_ssl_error']) {
|
if ($settings['ignore_ssl_error']) {
|
||||||
$options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
|
$options[LDAP_OPT_X_TLS_REQUIRE_CERT] = LDAP_OPT_X_TLS_NEVER;
|
||||||
}
|
}
|
||||||
$provider = new \LdapRecord\Connection([
|
$provider = new \LdapRecord\Connection([
|
||||||
'hosts' => [$iam_settings['host']],
|
'hosts' => [$settings['host']],
|
||||||
'port' => $iam_settings['port'],
|
'port' => $settings['port'],
|
||||||
'base_dn' => $iam_settings['basedn'],
|
'base_dn' => $settings['basedn'],
|
||||||
'username' => $iam_settings['binddn'],
|
'username' => $settings['binddn'],
|
||||||
'password' => $iam_settings['bindpass'],
|
'password' => $settings['bindpass'],
|
||||||
'use_ssl' => $iam_settings['use_ssl'],
|
'use_ssl' => $settings['use_ssl'],
|
||||||
'use_tls' => $iam_settings['use_tls'],
|
'use_tls' => $settings['use_tls'],
|
||||||
'options' => $options
|
'options' => $options
|
||||||
]);
|
]);
|
||||||
try {
|
try {
|
||||||
@ -2477,8 +2471,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
return $provider;
|
return $provider;
|
||||||
break;
|
break;
|
||||||
case "verify-sso":
|
case "verify-sso":
|
||||||
$provider = $_data['iam_provider'];
|
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc'){
|
if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc'){
|
||||||
$_SESSION['return'][] = array(
|
$_SESSION['return'][] = array(
|
||||||
'type' => 'danger',
|
'type' => 'danger',
|
||||||
@ -2489,10 +2481,10 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
|
$token = $iam_provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
|
||||||
$_SESSION['iam_token'] = $token->getToken();
|
$_SESSION['iam_token'] = $token->getToken();
|
||||||
$_SESSION['iam_refresh_token'] = $token->getRefreshToken();
|
$_SESSION['iam_refresh_token'] = $token->getRefreshToken();
|
||||||
$info = $provider->getResourceOwner($token)->toArray();
|
$info = $iam_provider->getResourceOwner($token)->toArray();
|
||||||
} catch (Throwable $e) {
|
} catch (Throwable $e) {
|
||||||
$_SESSION['return'][] = array(
|
$_SESSION['return'][] = array(
|
||||||
'type' => 'danger',
|
'type' => 'danger',
|
||||||
@ -2577,13 +2569,11 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
return true;
|
return true;
|
||||||
break;
|
break;
|
||||||
case "refresh-token":
|
case "refresh-token":
|
||||||
$provider = $_data['iam_provider'];
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$token = $provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
|
$token = $iam_provider->getAccessToken('refresh_token', ['refresh_token' => $_SESSION['iam_refresh_token']]);
|
||||||
$_SESSION['iam_token'] = $token->getToken();
|
$_SESSION['iam_token'] = $token->getToken();
|
||||||
$_SESSION['iam_refresh_token'] = $token->getRefreshToken();
|
$_SESSION['iam_refresh_token'] = $token->getRefreshToken();
|
||||||
$info = $provider->getResourceOwner($token)->toArray();
|
$info = $iam_provider->getResourceOwner($token)->toArray();
|
||||||
} catch (Throwable $e) {
|
} catch (Throwable $e) {
|
||||||
clear_session();
|
clear_session();
|
||||||
$_SESSION['return'][] = array(
|
$_SESSION['return'][] = array(
|
||||||
@ -2609,17 +2599,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
|||||||
return true;
|
return true;
|
||||||
break;
|
break;
|
||||||
case "get-redirect":
|
case "get-redirect":
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc')
|
if ($iam_settings['authsource'] != 'keycloak' && $iam_settings['authsource'] != 'generic-oidc')
|
||||||
return false;
|
return false;
|
||||||
$provider = $_data['iam_provider'];
|
$authUrl = $iam_provider->getAuthorizationUrl();
|
||||||
$authUrl = $provider->getAuthorizationUrl();
|
$_SESSION['oauth2state'] = $iam_provider->getState();
|
||||||
$_SESSION['oauth2state'] = $provider->getState();
|
|
||||||
return $authUrl;
|
return $authUrl;
|
||||||
break;
|
break;
|
||||||
case "get-keycloak-admin-token":
|
case "get-keycloak-admin-token":
|
||||||
// get access_token for service account of mailcow client
|
// get access_token for service account of mailcow client
|
||||||
$iam_settings = identity_provider('get');
|
|
||||||
if ($iam_settings['authsource'] !== 'keycloak') return false;
|
if ($iam_settings['authsource'] !== 'keycloak') return false;
|
||||||
if (isset($iam_settings['access_token'])) {
|
if (isset($iam_settings['access_token'])) {
|
||||||
// check if access_token is valid
|
// check if access_token is valid
|
||||||
|
@ -180,6 +180,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
|
|||||||
|
|
||||||
// Init Identity Provider
|
// Init Identity Provider
|
||||||
$iam_provider = identity_provider('init');
|
$iam_provider = identity_provider('init');
|
||||||
|
$iam_settings = identity_provider('get');
|
||||||
|
|
||||||
// IMAP lib
|
// IMAP lib
|
||||||
// use Ddeboer\Imap\Server;
|
// use Ddeboer\Imap\Server;
|
||||||
@ -323,7 +324,7 @@ $UI_TEXTS = customize('get', 'ui_texts');
|
|||||||
if (file_exists('/web/css/themes/'.$UI_THEME.'-bootstrap.css'))
|
if (file_exists('/web/css/themes/'.$UI_THEME.'-bootstrap.css'))
|
||||||
$css_minifier->add('/web/css/themes/'.$UI_THEME.'-bootstrap.css');
|
$css_minifier->add('/web/css/themes/'.$UI_THEME.'-bootstrap.css');
|
||||||
else
|
else
|
||||||
$css_minifier->add('/web/css/themes/lumen-bootstrap.css');
|
$css_minifier->add('/web/css/themes/lumen-bootstrap.css');
|
||||||
// minify css build files
|
// minify css build files
|
||||||
foreach ($css_dir as $css_file) {
|
foreach ($css_dir as $css_file) {
|
||||||
$css_minifier->add('/web/css/build/' . $css_file);
|
$css_minifier->add('/web/css/build/' . $css_file);
|
||||||
|
@ -3,18 +3,18 @@
|
|||||||
if ($iam_provider){
|
if ($iam_provider){
|
||||||
if (isset($_GET['iam_sso'])){
|
if (isset($_GET['iam_sso'])){
|
||||||
// redirect for sso
|
// redirect for sso
|
||||||
$redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
|
$redirect_uri = identity_provider('get-redirect');
|
||||||
$redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
|
$redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
|
||||||
header('Location: ' . $redirect_uri);
|
header('Location: ' . $redirect_uri);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
|
if ($_SESSION['iam_token'] && $_SESSION['iam_refresh_token']) {
|
||||||
// Session found, try to refresh
|
// Session found, try to refresh
|
||||||
$isRefreshed = identity_provider('refresh-token', array('iam_provider' => $iam_provider));
|
$isRefreshed = identity_provider('refresh-token');
|
||||||
|
|
||||||
if (!$isRefreshed){
|
if (!$isRefreshed){
|
||||||
// Session could not be refreshed, redirect to provider
|
// Session could not be refreshed, redirect to provider
|
||||||
$redirect_uri = identity_provider('get-redirect', array('iam_provider' => $iam_provider));
|
$redirect_uri = identity_provider('get-redirect');
|
||||||
$redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
|
$redirect_uri = !empty($redirect_uri) ? $redirect_uri : '/';
|
||||||
header('Location: ' . $redirect_uri);
|
header('Location: ' . $redirect_uri);
|
||||||
die();
|
die();
|
||||||
@ -23,7 +23,7 @@ if ($iam_provider){
|
|||||||
// Check given state against previously stored one to mitigate CSRF attack
|
// Check given state against previously stored one to mitigate CSRF attack
|
||||||
// Recieved access token in $_GET['code']
|
// Recieved access token in $_GET['code']
|
||||||
// extract info and verify user
|
// extract info and verify user
|
||||||
identity_provider('verify-sso', array('iam_provider' => $iam_provider));
|
identity_provider('verify-sso');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
|
|||||||
header('Location: /mailbox');
|
header('Location: /mailbox');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
|
elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
|
||||||
$user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
|
$user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
|
||||||
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
|
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
|
||||||
if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
|
if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
|
||||||
@ -32,7 +32,7 @@ $_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
|
|||||||
|
|
||||||
$has_iam_sso = false;
|
$has_iam_sso = false;
|
||||||
if ($iam_provider){
|
if ($iam_provider){
|
||||||
$has_iam_sso = identity_provider("get-redirect", array('iam_provider' => $iam_provider)) ? true : false;
|
$has_iam_sso = identity_provider("get-redirect") ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1708,7 +1708,7 @@ if (isset($_GET['query'])) {
|
|||||||
$score = array("score" => preg_replace("/\s+/", "", $score));
|
$score = array("score" => preg_replace("/\s+/", "", $score));
|
||||||
process_get_return($score);
|
process_get_return($score);
|
||||||
case "identity_provider":
|
case "identity_provider":
|
||||||
process_get_return(identity_provider('get'));
|
process_get_return($iam_settings);
|
||||||
break;
|
break;
|
||||||
break;
|
break;
|
||||||
// return no route found if no case is matched
|
// return no route found if no case is matched
|
||||||
|
Loading…
Reference in New Issue
Block a user