[Dovecot, Web] Fix remaining issues of app password enhancements from #4296
parent
644b1f85d1
commit
f0aae22f77
|
@ -177,7 +177,11 @@ function auth_password_verify(req, pass)
|
|||
while row do
|
||||
if req.password_verify(req, row.password, pass) == 1 then
|
||||
-- if password is valid and protocol access is 1 OR real_rip matches SOGo, proceed
|
||||
if tostring(req.real_ip) == "__IPV4_SOGO__" or row.has_prot_access == "1" then
|
||||
if tostring(req.real_rip) == "__IPV4_SOGO__" then
|
||||
cur:close()
|
||||
con:close()
|
||||
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
|
||||
if row.has_prot_access == "1" then
|
||||
con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
|
||||
VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
|
||||
cur:close()
|
||||
|
|
|
@ -944,7 +944,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
|
|||
':service' => $service,
|
||||
':app_id' => $row['app_passwd_id'],
|
||||
':username' => $user,
|
||||
':remote_addr' => $_SERVER['REMOTE_ADDR']
|
||||
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
|
||||
));
|
||||
}
|
||||
return "user";
|
||||
|
|
|
@ -57,7 +57,7 @@ elseif (isset($_GET['login'])) {
|
|||
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)");
|
||||
$stmt->execute(array(
|
||||
':username' => $login,
|
||||
':remote_addr' => $_SERVER['REMOTE_ADDR']
|
||||
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
|
||||
));
|
||||
// redirect to sogo (sogo will get the correct credentials via nginx auth_request
|
||||
header("Location: /SOGo/so/${login}");
|
||||
|
|
Loading…
Reference in New Issue