From 78084c5e7b7b0282a895603604c929e41f313888 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 1 Jul 2021 06:44:37 +0200
Subject: [PATCH] [Web] Log only latest datetime of a unique datetime, service
 and ip combination

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  6 +++---
 data/web/inc/functions.inc.php                | 10 +++++-----
 data/web/inc/functions.mailbox.inc.php        |  2 +-
 data/web/inc/init_db.inc.php                  | 20 +++----------------
 docker-compose.yml                            |  2 +-
 5 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 14c26f35..5ea1609d 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -156,7 +156,7 @@ function auth_password_verify(req, pass)
   while row do
     if req.password_verify(req, row.password, pass) == 1 then
       cur:close()
-      con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip)
+      con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
         VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
       return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
     end
@@ -176,7 +176,7 @@ function auth_password_verify(req, pass)
   while row do
     if req.password_verify(req, row.password, pass) == 1 then
       cur:close()
-      con:execute(string.format([[INSERT INTO sasl_logs (service, app_password, username, real_rip)
+      con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
         VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
       return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
     end
@@ -195,7 +195,7 @@ function auth_password_verify(req, pass)
   -- }]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip))
   -- http.request {
   --   method = "POST",
-  --   url = "http://nginx:8081/sasl_logs.php",
+  --   url = "http://nginx:8081/sasl_log.php",
   --   source = ltn12.source.string(reqbody),
   --   headers = {
   --     ["content-type"] = "application/json",
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 0fe12848..a8d217ee 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -258,8 +258,8 @@ function last_login($action, $username, $sasl_limit_days = 7) {
   switch ($action) {
     case 'get':
       if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
-        $stmt = $pdo->prepare('SELECT `real_rip`, MAX(`datetime`) as `datetime`, `service`, `app_password` FROM `sasl_logs`
-          LEFT OUTER JOIN `app_passwd` on `sasl_logs`.`app_password` = `app_passwd`.`id`
+        $stmt = $pdo->prepare('SELECT `real_rip`, MAX(`datetime`) as `datetime`, `service`, `app_password` FROM `sasl_log`
+          LEFT OUTER JOIN `app_passwd` on `sasl_log`.`app_password` = `app_passwd`.`id`
           WHERE `username` = :username
             AND HOUR(TIMEDIFF(NOW(), `datetime`)) < :sasl_limit_days
               GROUP BY `real_rip`, `service`, `app_password`
@@ -331,7 +331,7 @@ function last_login($action, $username, $sasl_limit_days = 7) {
     break;
     case 'reset':
       if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
-        $stmt = $pdo->prepare('DELETE FROM `sasl_logs`
+        $stmt = $pdo->prepare('DELETE FROM `sasl_log`
           WHERE `username` = :username');
         $stmt->execute(array(':username' => $username));
       }
@@ -1938,7 +1938,7 @@ function get_logs($application, $lines = false) {
   }
   if ($application == "sasl") {
     if (isset($from) && isset($to)) {
-      $stmt = $pdo->prepare("SELECT * FROM `sasl_logs` ORDER BY `id` DESC LIMIT :from, :to");
+      $stmt = $pdo->prepare("SELECT * FROM `sasl_log` ORDER BY `datetime` DESC LIMIT :from, :to");
       $stmt->execute(array(
         ':from' => $from - 1,
         ':to' => $to
@@ -1946,7 +1946,7 @@ function get_logs($application, $lines = false) {
       $data = $stmt->fetchAll(PDO::FETCH_ASSOC);
     }
     else {
-      $stmt = $pdo->prepare("SELECT * FROM `sasl_logs` ORDER BY `id` DESC LIMIT :lines");
+      $stmt = $pdo->prepare("SELECT * FROM `sasl_log` ORDER BY `datetime` DESC LIMIT :lines");
       $stmt->execute(array(
         ':lines' => $lines + 1,
       ));
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 1de79a7c..4e7993cc 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3547,7 +3547,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
 
           // Determine last logins
-          $stmt = $pdo->prepare("SELECT MAX(`datetime`) AS `datetime`, `service` FROM `sasl_logs`
+          $stmt = $pdo->prepare("SELECT MAX(`datetime`) AS `datetime`, `service` FROM `sasl_log`
             WHERE `username` = :mailbox
                 GROUP BY `service` DESC");
           $stmt->execute(array(':mailbox' => $_data));
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 29710877..c43afbf9 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "30062021_0910";
+    $db_version = "01072021_0630";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -508,9 +508,8 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "sasl_logs" => array(
+      "sasl_log" => array(
         "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
           "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
           "app_password" => "INT",
           "username" => "VARCHAR(255) NOT NULL",
@@ -519,7 +518,7 @@ function init_db_schema() {
         ),
         "keys" => array(
           "primary" => array(
-            "" => array("id")
+            "" => array("service", "real_rip", "username")
           ),
           "key" => array(
             "username" => array("username"),
@@ -1017,19 +1016,6 @@ function init_db_schema() {
         }
       }
 
-      // Remove deprecated success = 0 entries before migrating sasl_logs
-      if ($table == 'sasl_logs') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'sasl_logs'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `sasl_logs` LIKE '%success%'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $stmt = $pdo->query("DELETE FROM `sasl_logs` WHERE `success` = 0");
-          }
-        }
-      }
-
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
diff --git a/docker-compose.yml b/docker-compose.yml
index f909d647..abdb13bc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -207,7 +207,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.152
+      image: mailcow/dovecot:1.153
       depends_on:
         - mysql-mailcow
       dns: