[Web] Auto-generated app passwords for Apple configuration profiles (#4316)
* Auto-generated app passwords for Apple configuration profiles * Change password modal: add warning about app passwordsmaster
parent
618e00f302
commit
9bfb74bb1d
|
@ -1000,7 +1000,9 @@
|
||||||
"apple_connection_profile": "Apple-Verbindungsprofil",
|
"apple_connection_profile": "Apple-Verbindungsprofil",
|
||||||
"apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP- und SMTP-Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple-Gerät.",
|
"apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP- und SMTP-Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple-Gerät.",
|
||||||
"apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.",
|
"apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.",
|
||||||
|
"apple_connection_profile_with_app_password": "Es wird ein neues App-Passwort erzeugt und in das Profil eingefügt, damit bei der Einrichtung kein Passwort eingegeben werden muss. Geben Sie das Profil nicht weiter, da es einen vollständigen Zugriff auf Ihr Postfach ermöglicht.",
|
||||||
"change_password": "Passwort ändern",
|
"change_password": "Passwort ändern",
|
||||||
|
"change_password_hint_app_passwords": "Ihre Mailbox hat {{number_of_app_passwords}} App-Passwörter, die nicht geändert werden. Um diese zu verwalten, gehen Sie bitte zum App-Passwörter-Tab.",
|
||||||
"clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen",
|
"clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen",
|
||||||
"client_configuration": "Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen",
|
"client_configuration": "Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen",
|
||||||
"create_app_passwd": "Erstelle App-Passwort",
|
"create_app_passwd": "Erstelle App-Passwort",
|
||||||
|
@ -1123,6 +1125,7 @@
|
||||||
"week": "Woche",
|
"week": "Woche",
|
||||||
"weekly": "Wöchentlich",
|
"weekly": "Wöchentlich",
|
||||||
"weeks": "Wochen",
|
"weeks": "Wochen",
|
||||||
|
"with_app_password": "mit App-Passwort",
|
||||||
"year": "Jahr",
|
"year": "Jahr",
|
||||||
"years": "Jahren"
|
"years": "Jahren"
|
||||||
},
|
},
|
||||||
|
|
|
@ -1042,7 +1042,9 @@
|
||||||
"apple_connection_profile": "Apple connection profile",
|
"apple_connection_profile": "Apple connection profile",
|
||||||
"apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) paths for an Apple device.",
|
"apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) paths for an Apple device.",
|
||||||
"apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
|
"apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
|
||||||
|
"apple_connection_profile_with_app_password": "A new app password is generated and added to the profile so that no password needs to be entered when setting up your device. Please do not share the file as it grants full access to your mailbox.",
|
||||||
"change_password": "Change password",
|
"change_password": "Change password",
|
||||||
|
"change_password_hint_app_passwords": "Your account has {{number_of_app_passwords}} app passwords that will not be changed. To manage these, go to the App passwords tab.",
|
||||||
"clear_recent_successful_connections": "Clear seen successful connections",
|
"clear_recent_successful_connections": "Clear seen successful connections",
|
||||||
"client_configuration": "Show configuration guides for email clients and smartphones",
|
"client_configuration": "Show configuration guides for email clients and smartphones",
|
||||||
"create_app_passwd": "Create app password",
|
"create_app_passwd": "Create app password",
|
||||||
|
@ -1175,6 +1177,7 @@
|
||||||
"week": "week",
|
"week": "week",
|
||||||
"weekly": "Weekly",
|
"weekly": "Weekly",
|
||||||
"weeks": "weeks",
|
"weeks": "weeks",
|
||||||
|
"with_app_password": "with app password",
|
||||||
"year": "year",
|
"year": "year",
|
||||||
"years": "years"
|
"years": "years"
|
||||||
},
|
},
|
||||||
|
|
|
@ -8,6 +8,7 @@ if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'use
|
||||||
session_destroy();
|
session_destroy();
|
||||||
// probably better than appending the whole current http query string
|
// probably better than appending the whole current http query string
|
||||||
$append_get = (isset($_GET['only_email'])) ? '&only_email' : '';
|
$append_get = (isset($_GET['only_email'])) ? '&only_email' : '';
|
||||||
|
$append_get .= (isset($_GET['app_password'])) ? '&app_password' : '';
|
||||||
header('Location: index.php?mobileconfig' . $append_get);
|
header('Location: index.php?mobileconfig' . $append_get);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
@ -38,6 +39,34 @@ if (isset($_GET['only_email'])) {
|
||||||
$onlyEmailAccount = false;
|
$onlyEmailAccount = false;
|
||||||
$description = 'IMAP, CalDAV, CardDAV';
|
$description = 'IMAP, CalDAV, CardDAV';
|
||||||
}
|
}
|
||||||
|
if (isset($_GET['app_password'])) {
|
||||||
|
$app_password = true;
|
||||||
|
$description .= ' with application password';
|
||||||
|
|
||||||
|
if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE)
|
||||||
|
$platform = 'iPad';
|
||||||
|
elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE)
|
||||||
|
$platform = 'iPhone';
|
||||||
|
elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Macintosh') !== FALSE)
|
||||||
|
$platform = 'Mac';
|
||||||
|
else
|
||||||
|
$platform = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
|
||||||
|
$password = bin2hex(openssl_random_pseudo_bytes(16));
|
||||||
|
$attr = array(
|
||||||
|
'app_name' => $platform,
|
||||||
|
'app_passwd' => $password,
|
||||||
|
'app_passwd2' => $password,
|
||||||
|
'active' => 1,
|
||||||
|
'protocols' => array('imap_access', 'smtp_access'),
|
||||||
|
);
|
||||||
|
if (!$onlyEmailAccount) {
|
||||||
|
$attr['protocols'][] = 'dav_access';
|
||||||
|
}
|
||||||
|
app_passwd("add", $attr);
|
||||||
|
} else {
|
||||||
|
$app_password = false;
|
||||||
|
}
|
||||||
|
|
||||||
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
|
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
|
||||||
?>
|
?>
|
||||||
|
@ -65,6 +94,10 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
|
||||||
<true/>
|
<true/>
|
||||||
<key>IncomingMailServerUsername</key>
|
<key>IncomingMailServerUsername</key>
|
||||||
<string><?=$email?></string>
|
<string><?=$email?></string>
|
||||||
|
<?php if($app_password === true): ?>
|
||||||
|
<key>IncomingPassword</key>
|
||||||
|
<string><?=$password?></string>
|
||||||
|
<?php endif; ?>
|
||||||
<key>OutgoingMailServerAuthentication</key>
|
<key>OutgoingMailServerAuthentication</key>
|
||||||
<string>EmailAuthPassword</string>
|
<string>EmailAuthPassword</string>
|
||||||
<key>OutgoingMailServerHostName</key>
|
<key>OutgoingMailServerHostName</key>
|
||||||
|
|
|
@ -264,6 +264,9 @@
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
|
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
|
||||||
<h3 class="modal-title">{{ lang.user.change_password }}</h3>
|
<h3 class="modal-title">{{ lang.user.change_password }}</h3>
|
||||||
|
{% if number_of_app_passwords > 0 %}
|
||||||
|
<p>{{ lang.user.change_password_hint_app_passwords | replace({'{{number_of_app_passwords}}': number_of_app_passwords}) }}</p>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<form class="form-horizontal" data-cached-form="false" data-id="pwchange" role="form" method="post" autocomplete="off">
|
<form class="form-horizontal" data-cached-form="false" data-id="pwchange" role="form" method="post" autocomplete="off">
|
||||||
|
|
|
@ -101,6 +101,17 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-md-3 col-xs-12 text-right text-xs-left space20"><i class="bi bi-file-earmark-text"></i> {{ lang.user.apple_connection_profile }}<br />{{ lang.user.with_app_password }}:</div>
|
||||||
|
<div class="col-md-9 col-xs-12">
|
||||||
|
<p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?only_email&app_password">{{ lang.user.email }}</a> <small>IMAP, SMTP</small></p>
|
||||||
|
<p class="help-block">{{ lang.user.apple_connection_profile_mailonly }} {{ lang.user.apple_connection_profile_with_app_password }}</p>
|
||||||
|
{% if not skip_sogo %}
|
||||||
|
<p><i class="bi bi-file-earmark-post"></i> <a href="/mobileconfig.php?app_password">{{ lang.user.email_and_dav }}</a> <small>IMAP, SMTP, Cal/CardDAV</small></p>
|
||||||
|
<p class="help-block">{{ lang.user.apple_connection_profile_complete }} {{ lang.user.apple_connection_profile_with_app_password }}</p>
|
||||||
|
{% endif %}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<hr>
|
<hr>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm-offset-3 col-sm-9">
|
<div class="col-sm-offset-3 col-sm-9">
|
||||||
|
|
|
@ -62,6 +62,15 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
|
||||||
}
|
}
|
||||||
|
|
||||||
$template = 'user.twig';
|
$template = 'user.twig';
|
||||||
|
$number_of_app_passwords = 0;
|
||||||
|
foreach (app_passwd("get") as $app_password)
|
||||||
|
{
|
||||||
|
$app_password = app_passwd("details", $app_password['id']);
|
||||||
|
if ($app_password['active'])
|
||||||
|
{
|
||||||
|
++$number_of_app_passwords;
|
||||||
|
}
|
||||||
|
}
|
||||||
$template_data = [
|
$template_data = [
|
||||||
'acl' => $_SESSION['acl'],
|
'acl' => $_SESSION['acl'],
|
||||||
'acl_json' => json_encode($_SESSION['acl']),
|
'acl_json' => json_encode($_SESSION['acl']),
|
||||||
|
@ -78,6 +87,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
|
||||||
'user_domains' => $user_domains,
|
'user_domains' => $user_domains,
|
||||||
'pushover_data' => $pushover_data,
|
'pushover_data' => $pushover_data,
|
||||||
'lang_user' => json_encode($lang['user']),
|
'lang_user' => json_encode($lang['user']),
|
||||||
|
'number_of_app_passwords' => $number_of_app_passwords,
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue