-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathoauth2service.php
More file actions
134 lines (108 loc) · 4.69 KB
/
oauth2service.php
File metadata and controls
134 lines (108 loc) · 4.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?php
require __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
/**
* OAuth2Service provisioning tool.
* Oxymoronically has nothing to do with OAuth2 at all.
* This script fields a request from oauth2-reciever.php, verifies its JWT, and then creates a new email account.
*/
$jwt_public_key = "";
$boundary = sha1(uniqid());
$onboardingSubject = "Welcome to your new mailbox.";
//TODO This is very hacky and fragile. Updating this to use a library is preferable.
$onboardingMessage = "--$boundary
Content-Type: text/html;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-ID: text-body
<html><body><h1>Welcome to your new mailbox</h1>Your inbox is ready t=
o use.<br><br>Please use it responsibly and don't spam.<br><br>Thank =
you for chosing our mail service.</body></html>
--$boundary
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-ID: text-body
Welcome to your new mailbox
Please use it responsibly and don't spam.
Thank you for choosing our mail service.
--$boundary--";
$fromtag = "Email Service Administrator <no-reply@example.com>";
$replyto = "postmaster@example.com";
$email_domain = "example.com";
$host = "localhost:3306";
$dbname = "mail";
$user = "mail";
$pass = "changeMe123";
$jwt = $_POST['jwt'];
$payload = null;
try {
$payload = JWT::decode($jwt, new Key($jwt_public_key, "RS256"));
} catch (Throwable $e) {
echo '{"error":"invalid_s2s_jwt","message":"'.$e->getMessage().'"}';
http_response_code(400);
exit();
}
$sEmail = $payload->email;
$sPasshash = $payload->password;
$dsn = 'mysql:host=' . $host . ';dbname=' . $dbname . ';charset=utf8';
$options = array(
PDO::ATTR_EMULATE_PREPARES => true,
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
try {
$conn = new PDO($dsn, $user, $pass, $options);
$existingAccounts = $conn->query("SELECT accountpassword FROM hm_accounts WHERE accountaddress = '".$sEmail."'")->fetch();
//error if any are found
if ($existingAccounts && count($existingAccounts) > 0) {
echo '{"error":"account_exists"}';
http_response_code(400);
exit();
}
//sanity check the email
if (!filter_var($sEmail, FILTER_VALIDATE_EMAIL)) {
echo '{"error":"invalid_email"}';
http_response_code(400);
exit();
}
//sanity check the email is for our domain
if (strpos($sEmail, '@') === false || substr($sEmail, strpos($sEmail, '@') + 1) !== $email_domain) {
echo '{"error":"invalid_email"}';
http_response_code(400);
exit();
}
//sanity check the password
if (strlen($sPasshash) != 70) {
echo '{"error":"invalid_passhash"}';
http_response_code(400);
exit();
}
$domain = $conn->query("SELECT domainid FROM hm_domains WHERE domainname = '".$email_domain."'")->fetch()[0];
//find next account id
$inserted = $conn->prepare("INSERT INTO `".$dbname."`.`hm_accounts` (`accountdomainid`, `accountadminlevel`, `accountaddress`, `accountpassword`, `accountactive`, `accountisad`, `accountaddomain`, `accountadusername`, `accountmaxsize`, `accountvacationmessageon`, `accountvacationmessage`, `accountvacationsubject`, `accountpwencryption`, `accountforwardenabled`, `accountforwardaddress`, `accountforwardkeeporiginal`, `accountenablesignature`, `accountsignatureplaintext`, `accountsignaturehtml`, `accountlastlogontime`, `accountvacationexpires`, `accountvacationexpiredate`, `accountpersonfirstname`, `accountpersonlastname`) VALUES (?, 0, ?, ?, 1, 0, '', '', 0, 0, '', '', 3, 0, '', 1, 0, '', '', '1970-01-01 00:00:00', 0, '1970-01-01 00:00:00', '', '');")
->execute([$domain, $sEmail, $sPasshash]);
if ($inserted) {
$newAccount = $conn->query("SELECT accountid FROM hm_accounts WHERE accountaddress = '".$sEmail."'")->fetch()[0];
$conn->prepare("INSERT INTO `".$dbname."`.`hm_imapfolders` (folderaccountid, folderparentid, foldername,folderissubscribed,foldercreationtime,foldercurrentuid) VALUES (?,-1,'INBOX',1,'1970-01-01 00:00:00',0);")->execute([$newAccount]);
mail(
$sEmail,
$onboardingSubject,
$onboardingMessage,
["From" => $fromtag,"MIME-Version"=>"1.0", "Content-Type" => 'multipart/alternative; boundary="'.$boundary.'"', "Reply-To" => $replyto]
);
echo '{"success":"true"}';
http_response_code(201);
exit();
} else {
echo $conn->errorInfo();
echo '{"error":"internal_error"}';
http_response_code(500);
exit();
}
} catch (Exception $e) {
echo $e->getMessage();
echo '{"error":"internal_error"}';
http_response_code(500);
exit();
}
?>