From 519d95cb8b4b5437a63f3a69f27ffbba2c7fd5b2 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 13 Aug 2024 09:30:54 +0200
Subject: [PATCH] [Web] extend ldap auth logging

---
 data/web/inc/functions.auth.inc.php | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
index e9a1e4a6d..9ab54e4bb 100644
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -502,12 +502,13 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {
+    // clear $_SESSION['return'] to not leak data
+    $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
       'log' => array(__FUNCTION__, $user, '*'),
-      'msg' => $e->getMessage()
+      'msg' => 'ldap_error'
     );
-    clear_session();
     return false;
   }
   try {
@@ -515,18 +516,18 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
       $_SESSION['return'][] =  array(
         'type' => 'danger',
         'log' => array(__FUNCTION__, $user, '*', $user_res),
-        'msg' => 'failed_ldap_auth'
+        'msg' => 'ldap_auth_failed'
       );
-      clear_session();
       return false;
     }
   } catch (Exception $e) {
+    // clear $_SESSION['return'] to not leak data
+    $_SESSION['return'] = array();
     $_SESSION['return'][] =  array(
       'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', $user_res),
-      'msg' => $e->getMessage()
+      'log' => array(__FUNCTION__, $user, '*'),
+      'msg' => 'ldap_error'
     );
-    clear_session();
     return false;
   }
 
@@ -534,12 +535,6 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   // also return false if no mappers were defined
   $user_template = $user_res[$iam_settings['attribute_field']][0];
   if ($create && (empty($iam_settings['mappers']) || !$user_template)){
-    $_SESSION['return'][] =  array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $user, '*', $user_res),
-      'msg' => 'no_matching_template'
-    );
-    clear_session();
     return false;
   } else if (!$create) {
     // login success - dont create mailbox