[Dovecot, Web] Fix remaining issues of app password enhancements from #4296
parent
644b1f85d1
commit
f0aae22f77
|
@ -177,7 +177,11 @@ function auth_password_verify(req, pass)
|
||||||
while row do
|
while row do
|
||||||
if req.password_verify(req, row.password, pass) == 1 then
|
if req.password_verify(req, row.password, pass) == 1 then
|
||||||
-- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
|
-- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
|
||||||
if tostring(req.real_ip) == "__IPV4_SOGO__" or row.has_prot_access == "1" then
|
if tostring(req.real_rip) == "__IPV4_SOGO__" then
|
||||||
|
cur:close()
|
||||||
|
con:close()
|
||||||
|
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
|
||||||
|
if row.has_prot_access == "1" then
|
||||||
con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
|
con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
|
||||||
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
|
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
|
||||||
cur:close()
|
cur:close()
|
||||||
|
|
|
@ -944,7 +944,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
|
||||||
':service' => $service,
|
':service' => $service,
|
||||||
':app_id' => $row['app_passwd_id'],
|
':app_id' => $row['app_passwd_id'],
|
||||||
':username' => $user,
|
':username' => $user,
|
||||||
':remote_addr' => $_SERVER['REMOTE_ADDR']
|
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
return "user";
|
return "user";
|
||||||
|
|
|
@ -57,7 +57,7 @@ elseif (isset($_GET['login'])) {
|
||||||
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
|
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
|
||||||
$stmt->execute(array(
|
$stmt->execute(array(
|
||||||
':username' => $login,
|
':username' => $login,
|
||||||
':remote_addr' => $_SERVER['REMOTE_ADDR']
|
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
|
||||||
));
|
));
|
||||||
// redirect to sogo (sogo will get the correct credentials via nginx auth_request
|
// redirect to sogo (sogo will get the correct credentials via nginx auth_request
|
||||||
header("Location: /SOGo/so/${login}");
|
header("Location: /SOGo/so/${login}");
|
||||||
|
|
Loading…
Reference in New Issue