diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index e9055744..1181b3f5 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1059,12 +1059,12 @@ function fido2($_data) {
$_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
- $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
+ $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `created`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$fns[] = array(
- "subject" => $row['certificateSubject'],
+ "subject" => (empty($row['certificateSubject']) ? 'Unknown (' . $row['created'] . ')' : $row['certificateSubject']),
"fn" => $row['friendlyName'],
"cid" => $row['cid']
);
diff --git a/data/web/inc/functions.rspamd.inc.php b/data/web/inc/functions.rspamd.inc.php
index 2d3dbf35..b0ba1f50 100644
--- a/data/web/inc/functions.rspamd.inc.php
+++ b/data/web/inc/functions.rspamd.inc.php
@@ -24,23 +24,13 @@ function rsettings($_action, $_data = null) {
);
return false;
}
- try {
- $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
- VALUES (:content, :desc, :active)");
- $stmt->execute(array(
- ':content' => $content,
- ':desc' => $desc,
- ':active' => $active
- ));
- }
- catch (PDOException $e) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('mysql_error', $e)
- );
- return false;
- }
+ $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
+ VALUES (:content, :desc, :active)");
+ $stmt->execute(array(
+ ':content' => $content,
+ ':desc' => $desc,
+ ':active' => $active
+ ));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -73,27 +63,17 @@ function rsettings($_action, $_data = null) {
continue;
}
$content = trim($content);
- try {
- $stmt = $pdo->prepare("UPDATE `settingsmap` SET
- `content` = :content,
- `desc` = :desc,
- `active` = :active
- WHERE `id` = :id");
- $stmt->execute(array(
- ':content' => $content,
- ':desc' => $desc,
- ':active' => $active,
- ':id' => $id
- ));
- }
- catch (PDOException $e) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('mysql_error', $e)
- );
- continue;
- }
+ $stmt = $pdo->prepare("UPDATE `settingsmap` SET
+ `content` = :content,
+ `desc` = :desc,
+ `active` = :active
+ WHERE `id` = :id");
+ $stmt->execute(array(
+ ':content' => $content,
+ ':desc' => $desc,
+ ':active' => $active,
+ ':id' => $id
+ ));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -112,18 +92,8 @@ function rsettings($_action, $_data = null) {
}
$ids = (array)$_data['id'];
foreach ($ids as $id) {
- try {
- $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
- $stmt->execute(array(':id' => $id));
- }
- catch (PDOException $e) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('mysql_error', $e)
- );
- return false;
- }
+ $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
+ $stmt->execute(array(':id' => $id));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -157,55 +127,12 @@ function rsettings($_action, $_data = null) {
break;
}
}
-function rspamd($_action, $_data = null) {
+function rspamd_maps($_action, $_data = null) {
global $pdo;
global $lang;
global $RSPAMD_MAPS;
$_data_log = $_data;
switch ($_action) {
- case 'add':
- if ($_SESSION['mailcow_cc_role'] != "admin") {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => 'access_denied'
- );
- return false;
- }
- $content = $_data['content'];
- $desc = $_data['desc'];
- $active = intval($_data['active']);
- if (empty($content)) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => 'map_content_empty'
- );
- return false;
- }
- try {
- $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
- VALUES (:content, :desc, :active)");
- $stmt->execute(array(
- ':content' => $content,
- ':desc' => $desc,
- ':active' => $active
- ));
- }
- catch (PDOException $e) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('mysql_error', $e)
- );
- return false;
- }
- $_SESSION['return'][] = array(
- 'type' => 'success',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => 'settings_map_added'
- );
- break;
case 'edit':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array(
@@ -255,59 +182,30 @@ function rspamd($_action, $_data = null) {
);
}
break;
- case 'delete':
- if ($_SESSION['mailcow_cc_role'] != "admin") {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => 'access_denied'
- );
- return false;
- }
- $ids = (array)$_data['id'];
- foreach ($ids as $id) {
- try {
- $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
- $stmt->execute(array(':id' => $id));
- }
- catch (PDOException $e) {
- $_SESSION['return'][] = array(
- 'type' => 'danger',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('mysql_error', $e)
- );
- return false;
- }
- $_SESSION['return'][] = array(
- 'type' => 'success',
- 'log' => array(__FUNCTION__, $_action, $_data_log),
- 'msg' => array('settings_map_removed', htmlspecialchars($id))
- );
- }
- break;
- case 'get':
- if ($_SESSION['mailcow_cc_role'] != "admin") {
- return false;
- }
- $settingsmaps = array();
- $stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`");
- $settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC);
- return $settingsmaps;
- break;
- case 'details':
- if ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
- return false;
- }
- $settingsmapdata = array();
- $stmt = $pdo->prepare("SELECT `id`,
- `desc`,
- `content`,
- `active`
- FROM `settingsmap`
- WHERE `id` = :id");
- $stmt->execute(array(':id' => $_data));
- $settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC);
- return $settingsmapdata;
- break;
}
-}
\ No newline at end of file
+}
+function rspamd_actions() {
+ if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_role"] == "admin") {
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+ $data = curl_exec($curl);
+ if ($data) {
+ $return = array();
+ $stats_array = json_decode($data, true)['actions'];
+ $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
+ unset($stats_array['greylist']);
+ foreach ($stats_array as $action => $count) {
+ $return[] = array($action, $count);
+ }
+ return $return;
+ }
+ else {
+ return false;
+ }
+ }
+ else {
+ return false;
+ }
+}
diff --git a/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem b/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem
new file mode 100644
index 00000000..9bd6ea21
--- /dev/null
+++ b/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmjCCAT8CFBZiBJbp2fT/LaRJ8Xwl9qhX62boMAoGCCqGSM49BAMCME4xCzAJ
+BgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBHbWJIMRAwDgYDVQQLDAdSb290
+IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wIBcNMTkxMjA0MDczNTM1WhgPMjA2
+OTExMjEwNzM1MzVaME4xCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBH
+bWJIMRAwDgYDVQQLDAdSb290IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6KIN2gXqaSMWdWir/Hnx58NBzjthYdNv
+k95hdt7jCpyW2cHqLdQ5Sqcvo0CuordgDOach0ZGB60w9GZY8SHJMAoGCCqGSM49
+BAMCA0kAMEYCIQDLmdy2G2mM4rZKjl6CVfjV7khilIS5D3xRQzubeqzQNAIhAKIG
+X29SfiB6K9k6Hb3q+q7bRn1o1dhV1cj592YYnu1/
+-----END CERTIFICATE-----
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index ee13c5fb..220c87cb 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -60,6 +60,7 @@ $formats = $GLOBALS['FIDO2_FORMATS'];
$WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem');
+$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem');
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 04616819..e552b025 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -401,27 +401,16 @@ if (isset($_GET['query'])) {
return;
break;
}
- if (!isset($_SESSION['pending_mailcow_cc_username'])) {
+ if (isset($_SESSION['mailcow_cc_role'])) {
switch ($category) {
case "rspamd":
switch ($object) {
case "actions":
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
- curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
- $data = curl_exec($curl);
+ $data = rspamd_actions();
if ($data) {
- $return = array();
- $stats_array = json_decode($data, true)['actions'];
- $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
- unset($stats_array['greylist']);
- foreach ($stats_array as $action => $count) {
- $return[] = array($action, $count);
- }
- echo json_encode($return, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+ echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
}
- elseif (!isset($data) || empty($data)) {
+ else {
echo '{}';
}
break;
@@ -1295,53 +1284,55 @@ if (isset($_GET['query'])) {
}
break;
case "status":
- switch ($object) {
- case "containers":
- $containers = (docker('info'));
- foreach ($containers as $container => $container_info) {
- $container . ' (' . $container_info['Config']['Image'] . ')';
- $containerstarttime = ($container_info['State']['StartedAt']);
- $containerstate = ($container_info['State']['Status']);
- $containerimage = ($container_info['Config']['Image']);
- $temp[$container] = array(
+ if ($_SESSION['mailcow_cc_role'] == "admin") {
+ switch ($object) {
+ case "containers":
+ $containers = (docker('info'));
+ foreach ($containers as $container => $container_info) {
+ $container . ' (' . $container_info['Config']['Image'] . ')';
+ $containerstarttime = ($container_info['State']['StartedAt']);
+ $containerstate = ($container_info['State']['Status']);
+ $containerimage = ($container_info['Config']['Image']);
+ $temp[$container] = array(
+ 'type' => 'info',
+ 'container' => $container,
+ 'state' => $containerstate,
+ 'started_at' => $containerstarttime,
+ 'image' => $containerimage
+ );
+ }
+ echo json_encode($temp, JSON_UNESCAPED_SLASHES);
+ break;
+ case "vmail":
+ $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
+ $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true));
+ $temp = array(
'type' => 'info',
- 'container' => $container,
- 'state' => $containerstate,
- 'started_at' => $containerstarttime,
- 'image' => $containerimage
+ 'disk' => $vmail_df[0],
+ 'used' => $vmail_df[2],
+ 'total'=> $vmail_df[1],
+ 'used_percent' => $vmail_df[4]
);
- }
- echo json_encode($temp, JSON_UNESCAPED_SLASHES);
+ echo json_encode($temp, JSON_UNESCAPED_SLASHES);
break;
- case "vmail":
- $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
- $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true));
- $temp = array(
+ case "solr":
+ $solr_status = solr_status();
+ $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
+ $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
+ if (strtolower(getenv('SKIP_SOLR')) != 'n') {
+ $solr_enabled = false;
+ }
+ else {
+ $solr_enabled = true;
+ }
+ echo json_encode(array(
'type' => 'info',
- 'disk' => $vmail_df[0],
- 'used' => $vmail_df[2],
- 'total'=> $vmail_df[1],
- 'used_percent' => $vmail_df[4]
- );
- echo json_encode($temp, JSON_UNESCAPED_SLASHES);
- break;
- case "solr":
- $solr_status = solr_status();
- $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
- $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
- if (strtolower(getenv('SKIP_SOLR')) != 'n') {
- $solr_enabled = false;
+ 'solr_enabled' => $solr_enabled,
+ 'solr_size' => $solr_size,
+ 'solr_documents' => $solr_documents
+ ));
+ break;
}
- else {
- $solr_enabled = true;
- }
- echo json_encode(array(
- 'type' => 'info',
- 'solr_enabled' => $solr_enabled,
- 'solr_size' => $solr_size,
- 'solr_documents' => $solr_documents
- ));
- break;
}
break;
break;
diff --git a/data/web/lang/lang.de.json b/data/web/lang/lang.de.json
index bf6272ce..46223842 100644
--- a/data/web/lang/lang.de.json
+++ b/data/web/lang/lang.de.json
@@ -419,6 +419,7 @@
"targetd_relay_domain": "Ziel-Domain %s ist eine Relay-Domain",
"temp_error": "Temporärer Fehler",
"text_empty": "Text darf nicht leer sein",
+ "tfa_token_invalid": "TFA Token ungültig",
"tls_policy_map_dest_invalid": "Ziel ist ungültig",
"tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits",
"tls_policy_map_parameter_invalid": "Parameter ist ungültig",
diff --git a/data/web/lang/lang.en.json b/data/web/lang/lang.en.json
index d34e34ac..51825450 100644
--- a/data/web/lang/lang.en.json
+++ b/data/web/lang/lang.en.json
@@ -419,6 +419,7 @@
"targetd_relay_domain": "Target domain %s is a relay domain",
"temp_error": "Temporary error",
"text_empty": "Text must not be empty",
+ "tfa_token_invalid": "TFA Token ungültig",
"tls_policy_map_dest_invalid": "Policy destination is invalid",
"tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
"tls_policy_map_parameter_invalid": "Policy parameter is invalid",
@@ -904,6 +905,7 @@
"set_tfa": "Set two-factor authentication method",
"start_u2f_validation": "Start validation",
"tfa": "Two-factor authentication",
+ "tfa_token_invalid": "TFA Token ungültig",
"totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
"u2f": "U2F authentication",
"waiting_usb_auth": "Waiting for USB device...
Please tap the button on your USB device now.",