From 3045bcf49d8f5343f2c889546269bdae19835ce3 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Wed, 23 Jun 2021 14:12:14 +0200
Subject: [PATCH] [Nginx] Allow SOGo SSO

---
 data/conf/nginx/includes/site-defaults.conf                | 7 +++----
 .../sogo_proxy_auth.conf}                                  | 6 ++----
 2 files changed, 5 insertions(+), 8 deletions(-)
 rename data/conf/nginx/{templates/sogo.auth_request.template.sh => includes/sogo_proxy_auth.conf} (66%)

diff --git a/data/conf/nginx/includes/site-defaults.conf b/data/conf/nginx/includes/site-defaults.conf
index 061f958b..77e3ff85 100644
--- a/data/conf/nginx/includes/site-defaults.conf
+++ b/data/conf/nginx/includes/site-defaults.conf
@@ -150,7 +150,6 @@
     try_files /autoconfig.php =404;
   }
 
-  # auth_request endpoint if ALLOW_ADMIN_EMAIL_LOGIN is set
   location /sogo-auth-verify {
     internal;
     proxy_set_header  X-Original-URI $request_uri;
@@ -162,7 +161,7 @@
   }
 
   location ^~ /Microsoft-Server-ActiveSync {
-    include /etc/nginx/conf.d/sogo_proxy_auth.active;
+    include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
     include /etc/nginx/conf.d/sogo_eas.active;
     proxy_connect_timeout 75;
     proxy_send_timeout 3600;
@@ -177,7 +176,7 @@
 
   location ^~ /SOGo {
     location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
-      include /etc/nginx/conf.d/sogo_proxy_auth.active;
+      include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
       include /etc/nginx/conf.d/sogo.active;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -191,7 +190,7 @@
       add_header Content-Type text/plain;
       break;
     }
-    include /etc/nginx/conf.d/sogo_proxy_auth.active;
+    include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
     include /etc/nginx/conf.d/sogo.active;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/data/conf/nginx/templates/sogo.auth_request.template.sh b/data/conf/nginx/includes/sogo_proxy_auth.conf
similarity index 66%
rename from data/conf/nginx/templates/sogo.auth_request.template.sh
rename to data/conf/nginx/includes/sogo_proxy_auth.conf
index f6d2d98e..045b98ad 100644
--- a/data/conf/nginx/templates/sogo.auth_request.template.sh
+++ b/data/conf/nginx/includes/sogo_proxy_auth.conf
@@ -1,10 +1,8 @@
-if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
-    echo 'auth_request /sogo-auth-verify;
+auth_request /sogo-auth-verify;
 auth_request_set $user $upstream_http_x_user;
 auth_request_set $auth $upstream_http_x_auth;
 auth_request_set $auth_type $upstream_http_x_auth_type;
 proxy_set_header x-webobjects-remote-user "$user";
 proxy_set_header Authorization "$auth";
 proxy_set_header x-webobjects-auth-type "$auth_type";
-'
-fi
+