public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-13 09:56:01 +00:00
Code Issues Releases Wiki Activity

[Web] Fix SOGo access after Passwordless auth

Browse Source
This commit is contained in:
FreddleSpl0it
2025-03-26 08:32:34 +01:00
parent d584dd387e
commit fcb1b29c89
4 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
data/web/inc/functions.inc.php
View File

@@ -1385,6 +1385,7 @@ function fido2($_data) {
); );
break; break;
case "verify": case "verify":
$role = "";
$tokenData = json_decode($_data['token']); $tokenData = json_decode($_data['token']);
$clientDataJSON = base64_decode($tokenData->clientDataJSON); $clientDataJSON = base64_decode($tokenData->clientDataJSON);
$authenticatorData = base64_decode($tokenData->authenticatorData); $authenticatorData = base64_decode($tokenData->authenticatorData);
@@ -1418,17 +1419,17 @@ function fido2($_data) {
$stmt->execute(array(':username' => $process_fido2['username'])); $stmt->execute(array(':username' => $process_fido2['username']));
$obj_props = $stmt->fetch(PDO::FETCH_ASSOC); $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
if ($obj_props['superadmin'] === 1 && (!$_data['user'] || $_data['user'] == "admin")) { if ($obj_props['superadmin'] === 1 && (!$_data['user'] || $_data['user'] == "admin")) {
$_SESSION["mailcow_cc_role"] = "admin"; $role = "admin";
} }
elseif ($obj_props['superadmin'] === 0 && (!$_data['user'] || $_data['user'] == "domainadmin")) { elseif ($obj_props['superadmin'] === 0 && (!$_data['user'] || $_data['user'] == "domainadmin")) {
$_SESSION["mailcow_cc_role"] = "domainadmin"; $role = "domainadmin";
} }
elseif (!isset($obj_props['superadmin']) && (!$_data['user'] || $_data['user'] == "user")) { elseif (!isset($obj_props['superadmin']) && (!$_data['user'] || $_data['user'] == "user")) {
$stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username"); $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :username");
$stmt->execute(array(':username' => $process_fido2['username'])); $stmt->execute(array(':username' => $process_fido2['username']));
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row['username'] == $process_fido2['username']) { if ($row['username'] == $process_fido2['username']) {
$_SESSION["mailcow_cc_role"] = "user"; $role = "user";
} }
} }
else { else {
@@ -1439,7 +1440,7 @@ function fido2($_data) {
); );
return false; return false;
} }
if (empty($_SESSION["mailcow_cc_role"])) { if (empty($role)) {
session_unset(); session_unset();
session_destroy(); session_destroy();
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@@ -1449,15 +1450,17 @@ function fido2($_data) {
); );
return false; return false;
} }
$_SESSION["mailcow_cc_username"] = $process_fido2['username'];
$_SESSION["fido2_cid"] = $process_fido2['cid'];
unset($_SESSION["challenge"]); unset($_SESSION["challenge"]);
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array("fido2_login", $_data['user'], $process_fido2['username']), 'log' => array("fido2_login", $_data['user'], $process_fido2['username']),
'msg' => array('logged_in_as', $process_fido2['username']) 'msg' => array('logged_in_as', $process_fido2['username'])
); );
return true; return array(
"role" => $role,
"username" => $process_fido2['username'],
"cid" => $process_fido2['cid']
);
break; break;
} }
} }

7
data/web/inc/triggers.admin.inc.php
View File

@@ -19,11 +19,16 @@ if (isset($_POST["verify_tfa_login"])) {
unset($_SESSION['pending_tfa_methods']); unset($_SESSION['pending_tfa_methods']);
} }
if (isset($_POST["verify_fido2_login"])) { if (isset($_POST["verify_fido2_login"])) {
fido2(array( $res = fido2(array(
"action" => "verify", "action" => "verify",
"token" => $_POST["token"], "token" => $_POST["token"],
"user" => "admin" "user" => "admin"
)); ));
if (is_array($res) && $res['role'] == "admin" && !empty($res['username'])){
$_SESSION["mailcow_cc_username"] = $res['username'];
$_SESSION["mailcow_cc_role"] = $res['role'];
$_SESSION["fido2_cid"] = $res['cid'];
}
exit; exit;
} }

7
data/web/inc/triggers.domainadmin.inc.php
View File

@@ -30,11 +30,16 @@ if (isset($_POST["verify_tfa_login"])) {
unset($_SESSION['pending_tfa_methods']); unset($_SESSION['pending_tfa_methods']);
} }
if (isset($_POST["verify_fido2_login"])) { if (isset($_POST["verify_fido2_login"])) {
fido2(array( $res = fido2(array(
"action" => "verify", "action" => "verify",
"token" => $_POST["token"], "token" => $_POST["token"],
"user" => "domainadmin" "user" => "domainadmin"
)); ));
if (is_array($res) && $res['role'] == "domainadmin" && !empty($res['username'])){
$_SESSION["mailcow_cc_username"] = $res['username'];
$_SESSION["mailcow_cc_role"] = $res['role'];
$_SESSION["fido2_cid"] = $res['cid'];
}
exit; exit;
} }

6
data/web/inc/triggers.user.inc.php
View File

@@ -84,11 +84,15 @@ if (isset($_POST["verify_tfa_login"])) {
unset($_SESSION['pending_tfa_methods']); unset($_SESSION['pending_tfa_methods']);
} }
if (isset($_POST["verify_fido2_login"])) { if (isset($_POST["verify_fido2_login"])) {
fido2(array( $res = fido2(array(
"action" => "verify", "action" => "verify",
"token" => $_POST["token"], "token" => $_POST["token"],
"user" => "user" "user" => "user"
)); ));
if (is_array($res) && $res['role'] == "user" && !empty($res['username'])){
set_user_loggedin_session($res['username']);
$_SESSION["fido2_cid"] = $res['cid'];
}
exit; exit;
} }