Fix sasl_logs

2025-12-23 06:41:31 +00:00 · 2025-04-03 10:19:30 +02:00
parent db3a577ae3
commit 805634f9a9
6 changed files with 74 additions and 37 deletions
--- a/data/web/inc/functions.auth.inc.php
+++ b/data/web/inc/functions.auth.inc.php
@@ -9,25 +9,51 @@ function check_login($user, $pass, $app_passwd_data = false, $extra = null) {
  // Try validate admin
  if (!isset($role) || $role == "admin") {
    $result = admin_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false){
+      return $result;
+    }
  }

  // Try validate domain admin
  if (!isset($role) || $role == "domain_admin") {
    $result = domainadmin_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      return $result;
+    }
  }

  // Try validate user
  if (!isset($role) || $role == "user") {
    $result = user_login($user, $pass);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      if ($app_passwd_data['eas'] === true) {
+        $service = 'EAS';
+      } elseif ($app_passwd_data['dav'] === true) {
+        $service = 'DAV';
+      } else {
+        $service = 'MAILCOWUI';
+      }
+      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+      set_sasl_log($user, $real_rip, $service);
+      return $result;
+    }
  }

  // Try validate app password
  if (!isset($role) || $role == "app") {
    $result = apppass_login($user, $pass, $app_passwd_data);
-    if ($result !== false) return $result;
+    if ($result !== false) {
+      if ($app_passwd_data['eas'] === true) {
+        $service = 'EAS';
+      } elseif ($app_passwd_data['dav'] === true) {
+        $service = 'DAV';
+      } else {
+        $service = 'NONE';
+      }
+      $real_rip = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
+      set_sasl_log($user, $real_rip, $service, $pass);
+      return $result;
+    }
  }

  // skip log and only return false if it's an internal request
@@ -415,21 +441,7 @@ function apppass_login($user, $pass, $app_passwd_data, $extra = null){

    // verify password
    if (verify_hash($row['password'], $pass) !== false) {
-      if ($is_internal){
-        $remote_addr = $extra['remote_addr'];
-      } else {
-        $remote_addr = ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']);
-      }
-
-      $service = strtoupper($is_app_passwd);
-      $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
-      $stmt->execute(array(
-        ':service' => $service,
-        ':app_id' => $row['app_passwd_id'],
-        ':username' => $user,
-        ':remote_addr' => $remote_addr
-      ));
-
+      $_SESSION['app_passwd_id'] = $row['app_passwd_id'];
      unset($_SESSION['ldelay']);
      return "user";
    }