From 690b36479c019a9585b1bfa5a04a9cc0c5997820 Mon Sep 17 00:00:00 2001
From: Joris Baum <joris@audriga.com>
Date: Tue, 16 Apr 2024 11:47:04 +0200
Subject: [PATCH] Add flag to avoid setting/creating user on login

Fixes #9377 . Allows rcmail::login() to be reused in plugins providing
an API. The login function provides some useful logic for connecting to
IMAP sources like checking credentials for validity or converting
usernames in some cases.

Before this change the login function always also created non-existing
users or set some sesison vars, which what API plugins would like to
avoid.
---
 program/include/rcmail.php | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 895d8f816a8..2b99fad8c13 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -647,14 +647,15 @@ public function session_init()
      * Perform login to the mail server and to the webmail service.
      * This will also create a new user entry if auto_create_user is configured.
      *
-     * @param string $username    Mail storage (IMAP) user name
-     * @param string $password    Mail storage (IMAP) password
-     * @param string $host        Mail storage (IMAP) host
-     * @param bool   $cookiecheck Enables cookie check
+     * @param string $username     Mail storage (IMAP) user name
+     * @param string $password     Mail storage (IMAP) password
+     * @param string $host         Mail storage (IMAP) host
+     * @param bool   $cookiecheck  Enables cookie check
+     * @param bool   $just_connect Breaks after successful connect
      *
      * @return bool True on success, False on failure
      */
-    public function login($username, $password, $host = null, $cookiecheck = false)
+    public function login($username, $password, $host = null, $cookiecheck = false, $just_connect = false)
     {
         $this->login_error = null;
 
@@ -773,6 +774,15 @@ public function login($username, $password, $host = null, $cookiecheck = false)
             return false;
         }
 
+        // Only set user if just wanting to connect
+        if ($just_connect) {
+            if (is_object($user)) {
+                $this->set_user($user);
+            }
+            return true;
+        }
+
+
         // user already registered -> update user's record
         if (is_object($user)) {
             // update last login timestamp