From e695303cf40cb884fc503941756b6fceec0de30c Mon Sep 17 00:00:00 2001 From: Joris Baum Date: Tue, 16 Apr 2024 11:47:04 +0200 Subject: [PATCH] Add flag to avoid setting/creating user on login Fixes #9377 . Allows rcmail::login() to be reused in plugins providing an API. The login function provides some useful logic for connecting to IMAP sources like checking credentials for validity or converting usernames in some cases. Before this change the login function always also created non-existing users or set some sesison vars, which what API plugins would like to avoid. --- program/include/rcmail.php | 20 ++++++++++++++----- program/lib/Roundcube/rcube.php | 35 +++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/program/include/rcmail.php b/program/include/rcmail.php index de332923b07..bbbf31d75c2 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -645,14 +645,15 @@ public function session_init() * Perform login to the mail server and to the webmail service. * This will also create a new user entry if auto_create_user is configured. * - * @param string $username Mail storage (IMAP) user name - * @param string $password Mail storage (IMAP) password - * @param string $host Mail storage (IMAP) host - * @param bool $cookiecheck Enables cookie check + * @param string $username Mail storage (IMAP) user name + * @param string $password Mail storage (IMAP) password + * @param string $host Mail storage (IMAP) host + * @param bool $cookiecheck Enables cookie check + * @param bool $just_connect Breaks after successful connect * * @return bool True on success, False on failure */ - public function login($username, $password, $host = null, $cookiecheck = false) + public function login($username, $password, $host = null, $cookiecheck = false, $just_connect = false) { $this->login_error = null; @@ -771,6 +772,15 @@ public function login($username, $password, $host = null, $cookiecheck = false) return false; } + // Only set user if just wanting to connect + if ($just_connect) { + if (is_object($user)) { + $this->set_user($user); + } + return true; + } + + // user already registered -> update user's record if (is_object($user)) { // update last login timestamp diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 69354e038f2..4d97fd5cda9 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -1862,6 +1862,41 @@ public function deliver_message($message, $from, $mailto, &$error, return $sent; } + + /** + * Helper method to establish connection to an IMAP backend. + * + * @param rcube_storage $imap IMAP storage handler + * @param string $host IMAP host + * @param string $username IMAP username + * @param string $password IMAP password + * @param int $port IMAP port to connect to + * @param string $ssl SSL schema or false if plain connection + * @param rcube_user $user Roundcube user (if it already exists) + * @param array $imap_options Additional IMAP options + * + * @return bool Return true on successful login + */ + public function imap_connect($imap, $host, $username, $password, $port, $ssl, $user = null, $imap_options = []) + { + // enable proxy authentication + if (!empty($imap_options)) { + $imap->set_options($imap_options); + } + + // try to log in + if (!$imap->connect($host, $username, $password, $port, $ssl)) { + if ($user) { + $user->failed_login(); + } + + // Wait a second to slow down brute-force attacks (#1490549) + sleep(1); + return false; + } + + return true; + } } /**