diff --git a/data/web/lang/lang.de.json b/data/web/lang/lang.de.json index 6aa28f23..7bb8cc3d 100644 --- a/data/web/lang/lang.de.json +++ b/data/web/lang/lang.de.json @@ -1000,7 +1000,9 @@ "apple_connection_profile": "Apple-Verbindungsprofil", "apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP- und SMTP-Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple-Gerät.", "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.", + "apple_connection_profile_with_app_password": "Es wird ein neues App-Passwort erzeugt und in das Profil eingefügt, damit bei der Einrichtung kein Passwort eingegeben werden muss. Geben Sie das Profil nicht weiter, da es einen vollständigen Zugriff auf Ihr Postfach ermöglicht.", "change_password": "Passwort ändern", + "change_password_hint_app_passwords": "Ihre Mailbox hat {{number_of_app_passwords}} App-Passwörter, die nicht geändert werden. Um diese zu verwalten, gehen Sie bitte zum App-Passwörter-Tab.", "clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen", "client_configuration": "Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen", "create_app_passwd": "Erstelle App-Passwort", @@ -1123,6 +1125,7 @@ "week": "Woche", "weekly": "Wöchentlich", "weeks": "Wochen", + "with_app_password": "mit App-Passwort", "year": "Jahr", "years": "Jahren" }, diff --git a/data/web/lang/lang.en.json b/data/web/lang/lang.en.json index e2d4779a..29c3408c 100644 --- a/data/web/lang/lang.en.json +++ b/data/web/lang/lang.en.json @@ -1042,7 +1042,9 @@ "apple_connection_profile": "Apple connection profile", "apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) paths for an Apple device.", "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.", + "apple_connection_profile_with_app_password": "A new app password is generated and added to the profile so that no password needs to be entered when setting up your device. Please do not share the file as it grants full access to your mailbox.", "change_password": "Change password", + "change_password_hint_app_passwords": "Your account has {{number_of_app_passwords}} app passwords that will not be changed. To manage these, go to the App passwords tab.", "clear_recent_successful_connections": "Clear seen successful connections", "client_configuration": "Show configuration guides for email clients and smartphones", "create_app_passwd": "Create app password", @@ -1175,6 +1177,7 @@ "week": "week", "weekly": "Weekly", "weeks": "weeks", + "with_app_password": "with app password", "year": "year", "years": "years" }, diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php index 256f6382..532e405c 100644 --- a/data/web/mobileconfig.php +++ b/data/web/mobileconfig.php @@ -8,6 +8,7 @@ if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'use session_destroy(); // probably better than appending the whole current http query string $append_get = (isset($_GET['only_email'])) ? '&only_email' : ''; + $append_get .= (isset($_GET['app_password'])) ? '&app_password' : ''; header('Location: index.php?mobileconfig' . $append_get); die(); } @@ -38,6 +39,34 @@ if (isset($_GET['only_email'])) { $onlyEmailAccount = false; $description = 'IMAP, CalDAV, CardDAV'; } +if (isset($_GET['app_password'])) { + $app_password = true; + $description .= ' with application password'; + + if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE) + $platform = 'iPad'; + elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE) + $platform = 'iPhone'; + elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Macintosh') !== FALSE) + $platform = 'Mac'; + else + $platform = $_SERVER['HTTP_USER_AGENT']; + + $password = bin2hex(openssl_random_pseudo_bytes(16)); + $attr = array( + 'app_name' => $platform, + 'app_passwd' => $password, + 'app_passwd2' => $password, + 'active' => 1, + 'protocols' => array('imap_access', 'smtp_access'), + ); + if (!$onlyEmailAccount) { + $attr['protocols'][] = 'dav_access'; + } + app_passwd("add", $attr); +} else { + $app_password = false; +} echo '' . "\n"; ?> @@ -65,6 +94,10 @@ echo '' . "\n"; IncomingMailServerUsername + + IncomingPassword + + OutgoingMailServerAuthentication EmailAuthPassword OutgoingMailServerHostName diff --git a/data/web/templates/modals/user.twig b/data/web/templates/modals/user.twig index 6de779b9..97abb0af 100644 --- a/data/web/templates/modals/user.twig +++ b/data/web/templates/modals/user.twig @@ -264,6 +264,9 @@

{{ lang.user.change_password }}

+ {% if number_of_app_passwords > 0 %} +

{{ lang.user.change_password_hint_app_passwords | replace({'{{number_of_app_passwords}}': number_of_app_passwords}) }}

+ {% endif %}
diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig index dfc397f8..c35eee39 100644 --- a/data/web/templates/user/tab-user-auth.twig +++ b/data/web/templates/user/tab-user-auth.twig @@ -101,6 +101,17 @@ {% endif %}
+
+
{{ lang.user.apple_connection_profile }}
{{ lang.user.with_app_password }}:
+
+

{{ lang.user.email }} IMAP, SMTP

+

{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}

+ {% if not skip_sogo %} +

{{ lang.user.email_and_dav }} IMAP, SMTP, Cal/CardDAV

+

{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}

+ {% endif %} +
+
diff --git a/data/web/user.php b/data/web/user.php index c4e8b8f4..5bf60917 100644 --- a/data/web/user.php +++ b/data/web/user.php @@ -62,6 +62,15 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == ' } $template = 'user.twig'; + $number_of_app_passwords = 0; + foreach (app_passwd("get") as $app_password) + { + $app_password = app_passwd("details", $app_password['id']); + if ($app_password['active']) + { + ++$number_of_app_passwords; + } + } $template_data = [ 'acl' => $_SESSION['acl'], 'acl_json' => json_encode($_SESSION['acl']), @@ -78,6 +87,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == ' 'user_domains' => $user_domains, 'pushover_data' => $pushover_data, 'lang_user' => json_encode($lang['user']), + 'number_of_app_passwords' => $number_of_app_passwords, ]; }