self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-08 04:05:03 +02:00
Code Issues Releases Activity

Merge pull request #5997 from mailcow/fix/nightly-tfa

Browse Source 
[Web] fix incorrect user role assignment after TFA verification
This commit is contained in:
FreddleSpl0it 2024-08-08 17:11:57 +02:00 committed by GitHub
commit 73d60eb085
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
data/web/inc/triggers.inc.php
View File

@ -40,21 +40,43 @@ if (!empty($_GET['sso_token'])) {
if (isset($_POST["verify_tfa_login"])) { if (isset($_POST["verify_tfa_login"])) {
if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) { if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']); if ($_SESSION['pending_mailcow_cc_role'] == "admin") {
$user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']); $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false; $_SESSION['mailcow_cc_role'] = "admin";
if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) { unset($_SESSION['pending_mailcow_cc_username']);
header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}"); unset($_SESSION['pending_mailcow_cc_role']);
die(); unset($_SESSION['pending_tfa_methods']);
} else {
header("Location: /user"); header("Location: /debug");
die(); die();
} }
} else { elseif ($_SESSION['pending_mailcow_cc_role'] == "domainadmin") {
unset($_SESSION['pending_mailcow_cc_username']); $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
unset($_SESSION['pending_mailcow_cc_role']); $_SESSION['mailcow_cc_role'] = "domainadmin";
unset($_SESSION['pending_tfa_methods']); unset($_SESSION['pending_mailcow_cc_username']);
unset($_SESSION['pending_mailcow_cc_role']);
unset($_SESSION['pending_tfa_methods']);
header("Location: /mailbox");
die();
}
elseif ($_SESSION['pending_mailcow_cc_role'] == "user") {
set_user_loggedin_session($_SESSION['pending_mailcow_cc_username']);
$user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual) {
header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}");
die();
} else {
header("Location: /user");
die();
}
}
} }
unset($_SESSION['pending_mailcow_cc_username']);
unset($_SESSION['pending_mailcow_cc_role']);
unset($_SESSION['pending_tfa_methods']);
} }
if (isset($_GET["cancel_tfa_login"])) { if (isset($_GET["cancel_tfa_login"])) {
@ -80,7 +102,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
if ($as == "admin") { if ($as == "admin") {
$_SESSION['mailcow_cc_username'] = $login_user; $_SESSION['mailcow_cc_username'] = $login_user;
$_SESSION['mailcow_cc_role'] = "admin"; $_SESSION['mailcow_cc_role'] = "admin";
header("Location: /admin"); header("Location: /debug");
} }
elseif ($as == "domainadmin") { elseif ($as == "domainadmin") {
$_SESSION['mailcow_cc_username'] = $login_user; $_SESSION['mailcow_cc_username'] = $login_user;