From 3a4c0c84a3e79058750f0786f5fddc42a29e576b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 26 Sep 2023 16:06:35 +0200
Subject: [PATCH] fix keycloak mailpassword flow

---
 data/conf/dovecot/auth/mailcowauth.php |  1 +
 data/web/inc/functions.auth.inc.php    | 13 ++++---------
 docker-compose.yml                     |  2 ++
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index e38abd82b..d2da46598 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -43,6 +43,7 @@ catch (PDOException $e) {
 require_once 'functions.inc.php';
 require_once 'functions.auth.inc.php';
 require_once 'sessions.inc.php';
+require_once 'functions.mailbox.inc.php';
 
 // Init provider
 $iam_provider = identity_provider('init');
diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index 8c35c1184..7183cc8c1 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -178,7 +178,7 @@ function user_login($user, $pass, $extra = null){
   // user does not exist, try call keycloak login and create user if possible via rest flow
   if (!$row){
     $iam_settings = identity_provider('get');
-    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailboxpassword_flow']) == 1){
+    if ($iam_settings['authsource'] == 'keycloak' && intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal, 'create' => true));
       if ($result !== false) return $result;
     }
@@ -190,7 +190,7 @@ function user_login($user, $pass, $extra = null){
   if ($row['authsource'] == 'keycloak'){
     // user authsource is keycloak, try using via rest flow
     $iam_settings = identity_provider('get');
-    if (intval($iam_settings['mailboxpassword_flow']) == 1){
+    if (intval($iam_settings['mailpassword_flow']) == 1){
       $result = keycloak_mbox_login_rest($user, $pass, $iam_settings, array('is_internal' => $is_internal));
       return $result;
     } else {
@@ -367,8 +367,8 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
 
   // get mapped template, if not set return false
   // also return false if no mappers were defined
-  $user_template = $user_data['attributes']['mailcow_template'][0];
-  if ($create && (empty($iam_settings['mappers']) || $user_template)){
+  $user_template = $user_res['attributes']['mailcow_template'][0];
+  if ($create && (empty($iam_settings['mappers']) || !$user_template)){
     return false;
   } else if (!$create) {
     // login success - dont create mailbox
@@ -393,11 +393,6 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){
   ));
   if (!$create_res) return false;
 
-  // check if created mailbox from template is even active
-  // maybe dont even create it if active != 1
-  if ($mailbox_attributes['active'] != 1){
-    return false;
-  }
 
   $_SESSION['return'][] =  array(
     'type' => 'success',
diff --git a/docker-compose.yml b/docker-compose.yml
index a330e1689..fa915bafa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -124,6 +124,8 @@ services:
         - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
         - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
         - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
+        - ./data/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
+        - ./data/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z