From d38c37125393faf4eef00590b8437cfd862bef66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20Kellerer?= <juergen@k123.eu>
Date: Wed, 27 Oct 2021 09:39:34 +0200
Subject: [PATCH] Removed toggle ALLOW_APP_PASSWORDS_IN_EAS

---
 data/web/autodiscover.php | 3 +--
 data/web/inc/vars.inc.php | 3 ---
 data/web/sogo-auth.php    | 2 +-
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 5834235b..cc6807ba 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -68,8 +68,7 @@ if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
   exit(0);
 }
 
-$allow_app_passwords = $ALLOW_APP_PASSWORDS_IN_EAS === true || $autodiscover_config['autodiscoverType'] == 'imap';
-$login_role = check_login($login_user, $login_pass, $allow_app_passwords);
+$login_role = check_login($login_user, $login_pass, true);
 
 if ($login_role === "user") {
   header("Content-Type: application/xml");
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 8a83f964..91d2145d 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -188,9 +188,6 @@ $MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format'] = 'maildir:';
 // Show last IMAP and POP3 logins
 $SHOW_LAST_LOGIN = true;
 
-// Allow app passwords in CardDav, CalDav and ActiveSync
-$ALLOW_APP_PASSWORDS_IN_EAS = true;
-
 // UV flag handling in FIDO2/WebAuthn - defaults to false to allow iOS logins
 // true = required
 // false = preferred
diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 7784a181..a4b8ffcf 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -15,7 +15,7 @@ if (isset($_SERVER['PHP_AUTH_USER'])) {
   $username = $_SERVER['PHP_AUTH_USER'];
   $password = $_SERVER['PHP_AUTH_PW'];
   $is_eas = preg_match('/^(\/SOGo|)\/(dav|Microsoft-Server-ActiveSync).*/', $_SERVER['HTTP_X_ORIGINAL_URI']);
-  $login_check = check_login($username, $password, $is_eas && $ALLOW_APP_PASSWORDS_IN_EAS);
+  $login_check = check_login($username, $password, $is_eas);
   if ($login_check === 'user') {
     header("X-User: $username");
     header("X-Auth: Basic ".base64_encode("$username:$password"));