[Web] organize auth functions+api auth w/ dovecot

2025-12-13 09:56:01 +00:00 · 2023-03-12 19:06:03 +01:00
parent 50d4d59626
commit 6adad79e5c
11 changed files with 400 additions and 294 deletions
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1002,6 +1002,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $local_part   = strtolower(trim($_data['local_part']));
          $domain       = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
          $username     = $local_part . '@' . $domain;
+          $authsource   = 'mailcow';
          if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
@@ -1018,6 +1019,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
            return false;
          }
+          if (in_array($_data['authsource'], array('mailcow', 'keycloak'))){
+            $authsource = $_data['authsource'];
+          }
          if (empty($name)) {
            $name = $local_part;
          }
@@ -1035,6 +1039,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $name         = ltrim(rtrim($_data['name'], '>'), '<');
          $tags         = (isset($_data['tags'])) ? $_data['tags'] : $MAILBOX_DEFAULT_ATTRIBUTES['tags'];
          $quota_m      = (isset($_data['quota'])) ? intval($_data['quota']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['quota']) / 1024 ** 2;
+          if ($authsource != 'mailcow'){
+            $password = '';
+            $password2 = '';
+            $password_hashed = '';
+          }
          if ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
@@ -1153,10 +1162,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
            return false;
          }
-          if (password_check($password, $password2) !== true) {
-            return false;
+          if ($authsource == 'mailcow'){
+            if (password_check($password, $password2) !== true) {
+              return false;
+            }
+            $password_hashed = hash_password($password);
          }
-          $password_hashed = hash_password($password);
          if ($MailboxData['count'] >= $DomainData['mailboxes']) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
@@ -1182,8 +1193,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
            return false;
          }
-          $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `quota`, `local_part`, `domain`, `attributes`, `active`)
-            VALUES (:username, :password_hashed, :name, :quota_b, :local_part, :domain, :mailbox_attrs, :active)");
+          $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `quota`, `local_part`, `domain`, `attributes`, `authsource`, `active`)
+            VALUES (:username, :password_hashed, :name, :quota_b, :local_part, :domain, :mailbox_attrs, :authsource, :active)");
          $stmt->execute(array(
            ':username' => $username,
            ':password_hashed' => $password_hashed,
@@ -1192,6 +1203,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            ':local_part' => $local_part,
            ':domain' => $domain,
            ':mailbox_attrs' => $mailbox_attrs,
+            ':authsource' => $authsource,
            ':active' => $active
          ));
          $stmt = $pdo->prepare("UPDATE `mailbox` SET
@@ -4422,6 +4434,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              `mailbox`.`quota`,
              `mailbox`.`created`,
              `mailbox`.`modified`,
+              `mailbox`.`authsource`,
              `quota2`.`bytes`,
              `attributes`,
              `custom_attributes`,
@@ -4443,6 +4456,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              `mailbox`.`quota`,
              `mailbox`.`created`,
              `mailbox`.`modified`,
+              `mailbox`.`authsource`,
              `quota2replica`.`bytes`,
              `attributes`,
              `custom_attributes`,
@@ -4472,6 +4486,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100);
          $mailboxdata['created'] = $row['created'];
          $mailboxdata['modified'] = $row['modified'];
+          $mailboxdata['authsource'] = ($row['authsource']) ? $row['authsource'] : 'mailcow';

          if ($mailboxdata['percent_in_use'] === '- ') {
            $mailboxdata['percent_class'] = "info";