-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
87 lines (75 loc) · 2.37 KB
/
index.php
File metadata and controls
87 lines (75 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
require __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
class LoginOauth2ServicePlugin extends \RainLoop\Plugins\AbstractPlugin
{
/**
* OAuth2Service Login
* This plugin allows Snappymail to login users using the JWT provided by oauth2-reciever.php
* SMTP/IMAP credentials generated by oauth2-reciever.php are read here.
*/
const
NAME = 'Login OAuth2Service',
AUTHOR = 'craftxbox',
URL = 'https://github.com/transfur-social/snappymail-plugins',
VERSION = '1.0',
RELEASE = '2023-06-21',
REQUIRED = '2.14.0',
CATEGORY = 'Login',
LICENSE = 'MIT',
DESCRIPTION = 'OAuth2Service login';
public function Init(): void
{
$this->UseLangs(true);
$this->addPartHook('PostAuthJwtLogin', 'PostAuthJwtLogin');
}
public function PostAuthJwtLogin(): bool
{
$oActions = \RainLoop\Api::Actions();
$oActions->Http()->ServerNoCache();
$oAccount = null;
$oException = null;
$payload = null;
$jwt = $_POST['jwt'];
try {
$payload = JWT::decode($jwt, new Key($this->Config()->Get('plugin', 'jwt_public_key', ''), "RS256"));
} catch (Throwable $e) {
echo "ERROR: Invalid JWT. Report this to your webmaster.";
http_response_code(400);
return true;
}
$sEmail = $payload->email;
$sub = $payload->sub;
$sPassword = file_get_contents($this->Config()->Get('plugin', 'credential_path', '') . $sub);
if (strlen($sPassword) < 8) {
echo "ERROR: Stored credentials are insufficient. Report this to your webmaster.";
http_response_code(500);
return true;
}
$oAccount = $oActions->LoginProcess($sEmail, new \SnappyMail\SensitiveString($sPassword));
if ($oAccount instanceof \RainLoop\Model\MainAccount) {
$oActions->SetAuthToken($oAccount);
$oActions->Location('./');
return true;
} else {
$oAccount = null;
echo "ERROR: Invalid credentials. Report this to your webmaster.";
http_response_code(400);
return true;
}
}
protected function configMapping(): array
{
return array(
\RainLoop\Plugins\Property::NewInstance('jwt_public_key')
->SetLabel('JWT Public Key')
->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING_TEXT)
->SetDefaultValue(''),
\RainLoop\Plugins\Property::NewInstance('credential_path')
->SetLabel('Credential Path')
->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING)
->SetDefaultValue('/var/lib/oauth2service/')
);
}
}