Skip to content

Commit

Permalink
Add flag to avoid setting/creating user on login
Browse files Browse the repository at this point in the history
Fixes roundcube#9377 . Allows rcmail::login() to be reused in plugins providing
an API. The login function provides some useful logic for connecting to
IMAP sources like checking credentials for validity or converting
usernames in some cases.

Before this change the login function always also created non-existing
users or set some sesison vars, which what API plugins would like to
avoid.
  • Loading branch information
jaudriga committed May 14, 2024
1 parent 6342206 commit 4285bbb
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 5 deletions.
20 changes: 15 additions & 5 deletions program/include/rcmail.php
Original file line number Diff line number Diff line change
Expand Up @@ -645,14 +645,15 @@ public function session_init()
* Perform login to the mail server and to the webmail service.
* This will also create a new user entry if auto_create_user is configured.
*
* @param string $username Mail storage (IMAP) user name
* @param string $password Mail storage (IMAP) password
* @param string $host Mail storage (IMAP) host
* @param bool $cookiecheck Enables cookie check
* @param string $username Mail storage (IMAP) user name
* @param string $password Mail storage (IMAP) password
* @param string $host Mail storage (IMAP) host
* @param bool $cookiecheck Enables cookie check
* @param bool $just_connect Breaks after successful connect
*
* @return bool True on success, False on failure
*/
public function login($username, $password, $host = null, $cookiecheck = false)
public function login($username, $password, $host = null, $cookiecheck = false, $just_connect = false)
{
$this->login_error = null;

Expand Down Expand Up @@ -771,6 +772,15 @@ public function login($username, $password, $host = null, $cookiecheck = false)
return false;
}

// Only set user if just wanting to connect
if ($just_connect) {
if (is_object($user)) {
$this->set_user($user);
}
return true;
}


// user already registered -> update user's record
if (is_object($user)) {
// update last login timestamp
Expand Down
35 changes: 35 additions & 0 deletions program/lib/Roundcube/rcube.php
Original file line number Diff line number Diff line change
Expand Up @@ -1862,6 +1862,41 @@ public function deliver_message($message, $from, $mailto, &$error,

return $sent;
}

/**
* Helper method to establish connection to an IMAP backend.
*
* @param rcube_storage $imap IMAP storage handler
* @param string $host IMAP host
* @param string $username IMAP username
* @param string $password IMAP password
* @param int $port IMAP port to connect to
* @param string $ssl SSL schema or false if plain connection
* @param rcube_user $user Roundcube user (if it already exists)
* @param array $imap_options Additional IMAP options
*
* @return bool Return true on successful login
*/
public function imap_connect($imap, $host, $username, $password, $port, $ssl, $user = null, $imap_options = [])
{
// enable proxy authentication
if (!empty($imap_options)) {
$imap->set_options($imap_options);
}

// try to log in
if (!$imap->connect($host, $username, $password, $port, $ssl)) {
if ($user) {
$user->failed_login();
}

// Wait a second to slow down brute-force attacks (#1490549)
sleep(1);
return false;
}

return true;
}
}

/**
Expand Down

0 comments on commit 4285bbb

Please sign in to comment.