public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-13 18:06:01 +00:00
Code Issues Releases Wiki Activity

Merge pull request #6530 from mailcow/feat/auto-create-user-option

Browse Source 
[Web] Add identity_provider option to disable auto-creation of users …
This commit is contained in:
FreddleSpl0it
2025-05-12 13:24:34 +02:00
committed by GitHub
parent 1bcab9a9a5 1b2f424edc
commit 7f47a3f00e
5 changed files with 78 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
data/web/inc/functions.auth.inc.php
View File

@@ -262,10 +262,6 @@ function user_login($user, $pass, $extra = null){
return false;
}
if (intval($row['attributes']['force_pw_update']) == 1) {
$_SESSION['pending_pw_update'] = true;
}
// check for tfa authenticators
$authenticators = get_tfa($user);
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -318,10 +314,6 @@ function user_login($user, $pass, $extra = null){
return false;
}
if (intval($row['attributes']['force_pw_update']) == 1) {
$_SESSION['pending_pw_update'] = true;
}
// check for tfa authenticators
$authenticators = get_tfa($user);
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
@@ -485,6 +477,9 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
}
return false;
}
if (!$iam_provider) {
return false;
}
// get access_token for service account of mailcow client
$admin_token = identity_provider("get-keycloak-admin-token");
@@ -554,6 +549,17 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){
return 'user';
}
// check if login provisioning is enabled before creating user
if (!$iam_settings['login_provisioning']){
if (!$is_internal){
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, "Auto-create users on login is deactivated"),
'msg' => 'login_failed'
);
}
return false;
}
// check if matching attribute exist
if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
if (!empty($iam_settings['default_template'])) {
@@ -667,6 +673,17 @@ function ldap_mbox_login($user, $pass, $extra = null){
return 'user';
}
// check if login provisioning is enabled before creating user
if (!$iam_settings['login_provisioning']){
if (!$is_internal){
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, "Auto-create users on login is deactivated"),
'msg' => 'login_failed'
);
}
return false;
}
// check if matching attribute exist
if (empty($iam_settings['mappers']) || !$user_template || $mapper_key === false) {
if (!empty($iam_settings['default_template'])) {