paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user)

master
andryyy 2019-12-02 11:02:19 +01:00
parent 0e6dfdd0fe
commit 653c058e33
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
13 changed files with 490 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
data/conf/dovecot/dovecot.conf
View File

@ -45,12 +45,25 @@ recipient_delimiter = +
auth_master_user_separator = *
mail_shared_explicit_inbox = yes
mail_prefetch_count = 30
# try a master passwd
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master.passwd
master = yes
pass = yes
result_failure = continue
result_internalfail = continue
}
# try an app passwd
passdb {
args = /etc/dovecot/sql/dovecot-dict-sql-app-passdb.conf
driver = sql
pass = yes
result_failure = continue
result_internalfail = continue
}
# check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
# a return of the following passdb is mandatory
passdb {
args = /etc/dovecot/sql/dovecot-dict-sql-passdb.conf
driver = sql

1
data/web/admin.php
View File

@ -98,6 +98,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<p class="help-block">
<?=$lang['admin']['customer_id'];?>: <?=(isset($_SESSION['gal']['c'])) ? $_SESSION['gal']['c'] : '?';?> -
<?=$lang['admin']['service_id'];?>: <?=(isset($_SESSION['gal']['s'])) ? $_SESSION['gal']['s'] : '?';?>
<?=$lang['admin']['sal_level'];?>: <?=(isset($_SESSION['gal']['m'])) ? $_SESSION['gal']['m'] : '?';?>
</p>
</div>
</div>

48
data/web/edit.php
View File

@ -1314,6 +1314,54 @@ if (isset($_SESSION['mailcow_cc_role'])) {
<?php
}
}
elseif (isset($_GET['app-passwd']) &&
is_numeric($_GET['app-passwd'])) {
$id = $_GET["app-passwd"];
$result = app_passwd('details', $id);
if (!empty($result)) {
?>
<h4>App</h4>
<form class="form-horizontal" data-id="editapp" role="form" method="post">
<input type="hidden" value="0" name="active">
<div class="form-group">
<label class="control-label col-sm-2" for="name">App</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="name" id="name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>" required maxlength="255">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password"><?=$lang['edit']['password'];?></label>
<div class="col-sm-10">
<input type="password" data-hibp="true" class="form-control" name="password" placeholder="">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password2"><?=$lang['edit']['password_repeat'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password2">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" value="1" name="active" <?=($result['active_int']=="1") ? "checked" : "";?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button class="btn btn-success" data-action="edit_selected" data-id="editapp" data-item="<?=htmlspecialchars($result['id']);?>" data-api-url='edit/app-passwd' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
}
}
else {

210
data/web/inc/functions.app_passwd.inc.php 100644
View File

@ -0,0 +1,210 @@
<?php
function app_passwd($_action, $_data = null) {
global $pdo;
global $lang;
$_data_log = $_data;
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
else {
$username = $_data['username'];
}
}
else {
$username = $_SESSION['mailcow_cc_username'];
}
switch ($_action) {
case 'add':
$name = trim($_data['name']);
$password = $_data['password'];
$password2 = $_data['password2'];
$active = intval($_data['active']);
$domain = mailbox('get', 'mailbox_details', $username)['domain'];
if (empty($domain)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_complexity'
);
return false;
}
if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_mismatch'
);
return false;
}
$password_hashed = hash_password($password);
}
if (empty($name)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'app_name_empty'
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
VALUES (:name, :mailbox, :domain, :password, :active)");
$stmt->execute(array(
':name' => $name,
':mailbox' => $mailbox,
':domain' => $domain,
':password' => $password,
':active' => $active
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'app_passwd_added'
);
break;
case 'edit':
$ids = (array)$_data['id'];
foreach ($ids as $id) {
$is_now = app_passwd('details', $id);
if (!empty($is_now)) {
$name = (!empty($_data['name'])) ? $_data['name'] : $is_now['name'];
$password = (!empty($_data['password'])) ? $_data['password'] : null;
$password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
}
else {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('settings_map_invalid', $id)
);
continue;
}
$name = trim($name);
if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => 'password_complexity'
);
continue;
}
if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => 'password_mismatch'
);
continue;
}
$password_hashed = hash_password($password);
$stmt = $pdo->prepare("UPDATE `app_passwd` SET
`password` = :password_hashed
WHERE `mailbox` = :username AND `id` = :id");
$stmt->execute(array(
':password_hashed' => $password_hashed,
':username' => $username,
':id' => $id
));
}
try {
$stmt = $pdo->prepare("UPDATE `app_passwd` SET
`name` = :name,
`mailbox` = :username,
`active` = :active
WHERE `id` = :id");
$stmt->execute(array(
':name' => $name,
':username' => $username,
':active' => $active,
':id' => $id
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('object_modified', htmlspecialchars($ids))
);
}
break;
case 'delete':
$ids = (array)$_data['id'];
foreach ($ids as $id) {
try {
$stmt = $pdo->prepare("DELETE FROM `app_passwd` WHERE `id`= :id AND `mailbox`= :username");
$stmt->execute(array(':id' => $id, ':username' => $username));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('app_passwd_removed', htmlspecialchars($id))
);
}
break;
case 'get':
$app_passwds = array();
$stmt = $pdo->prepare("SELECT `id`, `name` FROM `app_passwd` WHERE `mailbox` = :username");
$stmt->execute(array(':username' => $username));
$app_passwds = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $app_passwds;
break;
case 'details':
$app_passwd_data = array();
$stmt = $pdo->prepare("SELECT `id`,
`name`,
`mailbox`,
`domain`,
`created`,
`modified`,
`active` AS `active_int`,
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
FROM `app_passwd`
WHERE `id` = :id
AND `mailbox` = :username");
$stmt->execute(array(':id' => $_data, ':username' => $username));
$app_passwd_data = $stmt->fetch(PDO::FETCH_ASSOC);
return $app_passwd_data;
break;
}
}

3
data/web/inc/functions.inc.php
View File

@ -1260,17 +1260,20 @@ function license($action, $data = null) {
$_SESSION['gal']['valid'] = "true";
$_SESSION['gal']['c'] = $json_return['c'];
$_SESSION['gal']['s'] = $json_return['s'];
$_SESSION['gal']['m'] = str_repeat('🐄', substr_count($json_return['m'], 'o'));
}
elseif ($json_return['response'] === "invalid") {
$_SESSION['gal']['valid'] = "false";
$_SESSION['gal']['c'] = $lang['mailbox']['no'];
$_SESSION['gal']['s'] = $lang['mailbox']['no'];
$_SESSION['gal']['m'] = $lang['mailbox']['no'];
}
}
else {
$_SESSION['gal']['valid'] = "false";
$_SESSION['gal']['c'] = $lang['danger']['temp_error'];
$_SESSION['gal']['s'] = $lang['danger']['temp_error'];
$_SESSION['gal']['m'] = $lang['danger']['temp_error'];
}
try {
// json_encode needs "true"/"false" instead of true/false, to not encode it to 0 or 1

35
data/web/inc/init_db.inc.php
View File

@ -3,7 +3,7 @@ function init_db_schema() {
try {
global $pdo;
$db_version = "06112019_1840";
$db_version = "01122019_0755";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -321,6 +321,37 @@ function init_db_schema() {
),
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
),
"app_passwd" => array(
"cols" => array(
"id" => "INT NOT NULL AUTO_INCREMENT",
"name" => "VARCHAR(255) NOT NULL",
"mailbox" => "VARCHAR(255) NOT NULL",
"domain" => "VARCHAR(255) NOT NULL",
"password" => "VARCHAR(255) NOT NULL",
"created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
"modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
"active" => "TINYINT(1) NOT NULL DEFAULT '1'"
),
"keys" => array(
"primary" => array(
"" => array("id")
),
"key" => array(
"mailbox" => array("mailbox"),
"password" => array("password"),
"domain" => array("domain"),
),
"fkey" => array(
"fk_username_app_passwd" => array(
"col" => "mailbox",
"ref" => "mailbox.username",
"delete" => "CASCADE",
"update" => "NO ACTION"
)
)
),
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
),
"user_acl" => array(
"cols" => array(
"username" => "VARCHAR(255) NOT NULL",
@ -335,6 +366,7 @@ function init_db_schema() {
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
"quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
"quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
),
"keys" => array(
"primary" => array(
@ -475,6 +507,7 @@ function init_db_schema() {
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
"login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
"bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
"filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
"ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",

1
data/web/inc/prerequisites.inc.php
View File

@ -205,6 +205,7 @@ if(file_exists($langFile)) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.acl.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.app_passwd.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.customize.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.address_rewriting.inc.php';

46
data/web/js/site/user.js
View File

@ -156,6 +156,51 @@ jQuery(function($){
"toggleSelector": "table tbody span.footable-toggle"
});
}
function draw_app_passwd_table() {
ft_apppasswd_table = FooTable.init('#app_passwd_table', {
"columns": [
{"name":"chkbox","title":"","style":{"maxWidth":"60px","width":"60px","text-align":"center"},"filterable": false,"sortable": false,"type":"html"},
{"sorted": true,"name":"id","title":"ID","style":{"maxWidth":"60px","width":"60px","text-align":"center"}},
{"name":"name","title":lang.app_name},
{"name":"active","filterable": false,"style":{"maxWidth":"70px","width":"70px"},"title":lang.active},
{"name":"action","filterable": false,"sortable": false,"style":{"text-align":"right","maxWidth":"180px","width":"180px"},"type":"html","title":lang.action,"breakpoints":"xs sm"}
],
"empty": lang.empty,
"rows": $.ajax({
dataType: 'json',
url: '/api/v1/get/app-passwd/all',
jsonp: false,
error: function () {
console.log('Cannot draw app passwd table');
},
success: function (data) {
$.each(data, function (i, item) {
if (acl_data.app_passwds === 1) {
item.action = '<div class="btn-group">' +
'<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
'<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
'</div>';
item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
}
else {
item.action = '<span>-</span>';
item.chkbox = '<input type="checkbox" disabled />';
}
});
}
}),
"paging": {
"enabled": true,
"limit": 5,
"size": pagination_size
},
"state": {"enabled": true},
"sorting": {
"enabled": true
},
"toggleSelector": "table tbody span.footable-toggle"
});
}
function draw_wl_policy_mailbox_table() {
ft_wl_policy_mailbox_table = FooTable.init('#wl_policy_mailbox_table', {
"columns": [
@ -244,6 +289,7 @@ jQuery(function($){
})
draw_sync_job_table();
draw_app_passwd_table();
draw_tla_table();
draw_wl_policy_mailbox_table();
draw_bl_policy_mailbox_table();

36
data/web/json_api.php
View File

@ -206,6 +206,9 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
case "tls-policy-map":
process_add_return(tls_policy_maps('add', $attr));
break;
case "app-passwd":
process_add_return(app_passwd('add', $attr));
break;
// return no route found if no case is matched
default:
http_response_code(404);
@ -282,6 +285,33 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
}
break;
case "app-passwd":
switch ($object) {
case "all":
$app_passwds = app_passwd('get');
if (!empty($app_passwds)) {
foreach ($app_passwds as $app_passwd) {
if ($details = app_passwd('details', $app_passwd['id'])) {
$data[] = $details;
}
else {
continue;
}
}
process_get_return($data);
}
else {
echo '{}';
}
break;
default:
$data = app_passwd('details', $object);
process_get_return($data);
break;
}
break;
case "mailq":
switch ($object) {
case "all":
@ -1121,6 +1151,9 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
case "oauth2-client":
process_delete_return(oauth2('delete', 'client', array('id' => $items)));
break;
case "app-passwd":
process_delete_return(app_passwd('delete', array('id' => $items)));
break;
case "relayhost":
process_delete_return(relayhost('delete', array('id' => $items)));
break;
@ -1249,6 +1282,9 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
case "recipient_map":
process_edit_return(recipient_map('edit', array_merge(array('id' => $items), $attr)));
break;
case "app-passwd":
process_edit_return(app_passwd('edit', array_merge(array('id' => $items), $attr)));
break;
case "tls-policy-map":
process_edit_return(tls_policy_maps('edit', array_merge(array('id' => $items), $attr)));
break;

16
data/web/lang/lang.de.json
View File

@ -56,7 +56,9 @@
"bcc_exists": "Ein BCC Map Eintrag %s existiert bereits als Typ %s",
"private_key_error": "Schlüsselfehler: %s",
"map_content_empty": "Inhalt darf nicht leer sein",
"app_name_empty": "App Name darf nicht leer sein",
"settings_map_invalid": "Regel ID %s ist ungültig",
"app_passwd_id_invalid": "App Passwort ID %s ist ungültig",
"global_map_invalid": "Rspamd Map %s ist ungültig",
"global_map_write_error": "Kann globale Map ID %s nicht schreiben: %s",
"invalid_host": "Ungültiger Host: %s",
@ -144,7 +146,9 @@
"bcc_edited": "BCC Map Eintrag %s wurde geändert",
"bcc_deleted": "BCC Map Einträge gelöscht: %s",
"settings_map_added": "Regel wurde gespeichert",
"app_passwd_added": "App Password wurde gespeichert",
"settings_map_removed": "Regeln wurden entfernt: %s",
"app_passwd_removed": "App Passwort ID %s wurde entfernt",
"saved_settings": "Regel wurde gespeichert",
"dkim_removed": "DKIM-Key %s wurde entfernt",
"dkim_added": "DKIM-Key %s wurde hinzugefügt",
@ -212,6 +216,10 @@
"session_ua": "Formular-Token ungültig: User-Agent-Validierungsfehler"
},
"user": {
"create_app_passwd": "Erstelle App Passwort",
"app_passwds": "App Passwörter",
"app_name": "App Name",
"app_hint": "App Passwörter sind alternative Passwörter für den <b>IMAP und SMTP</b> Login am Mailserver. Der Benutzername bleibt unverändert.<br>SOGo (und damit ActiveSync) ist mit diesem Kennwort nicht verwendbar.",
"loading": "Lade...",
"force_pw_update": "Das Passwort für diesen Benutzer <b>muss</b> geändert werden, damit die Zugriffssperre auf die Groupwarekomponenten wieder freigeschaltet wird.",
"active_sieve": "Aktiver Filter",
@ -224,8 +232,10 @@
"change_password": "Passwort ändern",
"client_configuration": "Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen",
"new_password": "Neues Passwort",
"password": "Passwort",
"save_changes": "Änderungen speichern",
"password_now": "Aktuelles Passwort (Änderungen bestätigen)",
"password_repeat": "Passwort (Wiederholung)",
"new_password_repeat": "Neues Passwort (Wiederholung)",
"new_password_description": "Mindestanforderung: 6 Zeichen lang, Buchstaben und Zahlen.",
"spam_aliases": "Temporäre E-Mail Aliasse",
@ -475,6 +485,7 @@
"validate_license_now": "GUID erneut verifizieren",
"customer_id": "Kunde",
"service_id": "Service",
"sal_level": "Moo-Level",
"lookup_mx": "Ziel gegen MX prüfen (etwa .outlook.com, um alle Ziele mit MX *.outlook.com zu routen)",
"transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (mehrere Werte getrennt durch Komma einzugeben)",
"rspamd_global_filters_agree": "Ich werde vorsichtig sein!",
@ -745,6 +756,8 @@
"generate": "generieren",
"syncjob": "Syncjob hinzufügen",
"syncjob_hint": "Passwörter werden unverschlüsselt abgelegt!",
"app_password": "App Passwort hinzufügen",
"app_name": "App Name",
"hostname": "Host",
"destination": "Ziel",
"nexthop": "Next Hop",
@ -824,7 +837,8 @@
"unlimited_quota": "Unendliche Quota für Mailboxen",
"extend_sender_acl": "Eingabe externer Absenderadressen erlauben",
"prohibited": "Untersagt durch Richtlinie",
"sogo_access": "Verwalten des SOGo Zugriffsrechts erlauben"
"sogo_access": "Verwalten des SOGo Zugriffsrechts erlauben",
"app_passwds": "App Passwörter verwalten"
},
"login": {
"username": "Benutzername",

14
data/web/lang/lang.en.json
View File

@ -56,7 +56,9 @@
"bcc_exists": "A BCC map %s exists for type %s",
"private_key_error": "Private key error: %s",
"map_content_empty": "Map content cannot be empty",
"app_name_empty": "App name cannot be empty",
"settings_map_invalid": "Settings map ID %s invalid",
"app_passwd_id_invalid": "App password ID %s invalid",
"global_map_invalid": "Global map ID %s invalid",
"global_map_write_error": "Could not write global map ID %s: %s",
"invalid_host": "Invalid host specified: %s",
@ -144,7 +146,9 @@
"bcc_edited": "BCC map entry %s edited",
"bcc_deleted": "BCC map entries deleted: %s",
"settings_map_added": "Added settings map entry",
"app_passwd_added": "Added new app password",
"settings_map_removed": "Removed settings map ID %s",
"app_passwd_removed": "Removed app password ID %s",
"saved_settings": "Saved settings",
"db_init_complete": "Database initialization completed",
"dkim_removed": "DKIM key %s has been removed",
@ -212,6 +216,10 @@
"ip_invalid": "Skipped invalid IP: %s"
},
"user": {
"create_app_passwd": "Create app password",
"app_passwds": "App passwords",
"app_name": "App name",
"app_hint": "App passwords are alternative passwords for your <b>IMAP and SMTP</b> login. The username remains unchanged.<br>SOGo (including ActiveSync) is not available through app passwords.",
"loading": "Loading...",
"force_pw_update": "You <b>must</b> set a new password to be able to access groupware related services.",
"active_sieve": "Active filter",
@ -224,9 +232,11 @@
"change_password": "Change password",
"client_configuration": "Show configuration guides for email clients and smartphones",
"new_password": "New password",
"password": "password",
"save_changes": "Save changes",
"password_now": "Current password (confirm changes)",
"new_password_repeat": "Confirmation password (repeat)",
"password_repeat": "Password (repeat)",
"new_password_description": "Requirement: 6 characters long, letters and numbers.",
"spam_aliases": "Temporary email aliases",
"alias": "Alias",
@ -487,6 +497,7 @@
"validate_license_now": "Validate GUID against license server",
"customer_id": "Customer ID",
"service_id": "Service ID",
"sal_level": "Moo level",
"lookup_mx": "Match destination against MX (.outlook.com to route all mail targeted to a MX *.outlook.com over this hop)",
"transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (multiple values can be comma-separated)",
"rspamd_global_filters_agree": "I will be careful!",
@ -748,6 +759,8 @@
"destination": "Destination",
"nexthop": "Next hop",
"port": "Port",
"app_name": "App name",
"app_password": "Add app password",
"username": "Username",
"enc_method": "Encryption method",
"mins_interval": "Polling interval (minutes)",
@ -824,6 +837,7 @@
"extend_sender_acl": "Allow to extend sender ACL by external addresses",
"prohibited": "Prohibited by ACL",
"sogo_access": "Allow management of SOGo access"
"app_passwds": "Manage app passwords"
},
"login": {
"username": "Username",

46
data/web/modals/user.php
View File

@ -162,6 +162,52 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
</div>
</div>
</div><!-- add sync job modal -->
<!-- app passwd modal -->
<div class="modal fade" id="addAppPasswdModal" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
<h3 class="modal-title"><?=$lang['add']['app_password'];?></h3>
</div>
<div class="modal-body">
<form class="form-horizontal" data-cached-form="true" role="form" data-id="add_syncjob">
<div class="form-group">
<label class="control-label col-sm-2" for="app_name"><?=$lang['add']['app_name'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="app_name" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="app_passwd"><?=$lang['user']['password'];?></label>
<div class="col-sm-10">
<input type="password" data-hibp="true" class="form-control" name="app_passwd" autocomplete="off" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="app_passwd2"><?=$lang['user']['password_repeat'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="app_passwd2" autocomplete="off" required>
<p class="help-block"><?=$lang['user']['new_password_description'];?></p>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button class="btn btn-default" data-action="add_item" data-id="add_syncjob" data-api-url='add/syncjob' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>
</div>
</div>
</form>
</div>
</div>
</div>
</div><!-- add app passwd modal -->
<!-- log modal -->
<div class="modal fade" id="syncjobLogModal" tabindex="-1" role="dialog" aria-labelledby="syncjobLogModalLabel">
<div class="modal-dialog modal-lg" role="document">

22
data/web/user.php
View File

@ -100,6 +100,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
<li role="presentation"><a href="#SpamAliases" aria-controls="SpamAliases" role="tab" data-toggle="tab"><?=$lang['user']['spam_aliases'];?></a></li>
<li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li>
<li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li>
<li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li>
</ul>
<hr>
@ -460,6 +461,27 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
</div>
</div>
</div>
<div role="tabpanel" class="tab-pane" id="AppPasswds">
<p><?=$lang['user']['app_hint'];?></p>
<div class="table-responsive">
<table class="table table-striped" id="app_passwd_table"></table>
</div>
<div class="mass-actions-user">
<div class="btn-group" data-acl="<?=$_SESSION['acl']['app_passwds'];?>">
<a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="apppasswd" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['mailbox']['toggle_all'];?></a>
<a class="btn btn-sm btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['mailbox']['quick_actions'];?> <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a data-action="edit_selected" data-id="apppasswd" data-api-url='edit/app-passwd' data-api-attr='{"active":"1"}' href="#"><?=$lang['mailbox']['activate'];?></a></li>
<li><a data-action="edit_selected" data-id="apppasswd" data-api-url='edit/app-passwd' data-api-attr='{"active":"0"}' href="#"><?=$lang['mailbox']['deactivate'];?></a></li>
<li role="separator" class="divider"></li>
<li><a data-action="delete_selected" data-id="apppasswd" data-api-url='delete/app-passwd' href="#"><?=$lang['mailbox']['remove'];?></a></li>
</ul>
<a class="btn btn-sm btn-success" href="#" data-toggle="modal" data-target="#addAppPasswdModal"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['create_app_passwd'];?></a>
</div>
</div>
</div>
</div>
</div><!-- /container -->