-
Notifications
You must be signed in to change notification settings - Fork 4
/
roundcube_oidc.php
136 lines (112 loc) · 4.8 KB
/
roundcube_oidc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?php
// Require composer autoload for direct installs
@include __DIR__ . '/vendor/autoload.php';
use Jumbojett\OpenIDConnectClient;
/**
* Roundcube OIDC
*
* Login to roundcube with OpenID Connect provider
*
* @license MIT License: <http://opensource.org/licenses/MIT>
* @author Varun Patil
* @category Plugin for RoundCube WebMail
*/
class roundcube_oidc extends rcube_plugin
{
public $task = 'login|logout';
private $map;
function init() {
$this->load_config('config.inc.php.dist');
$this->load_config('config.inc.php');
$this->add_hook('template_object_loginform', array($this, 'loginform'));
}
function altReturn($ERROR) {
// Get mail object
$RCMAIL = rcmail::get_instance();
// Check if overridden login page
$altLogin = $RCMAIL->config->get('oidc_login_page');
// Include and exit
if (isset($altLogin) && !empty($altLogin)) {
include $altLogin;
exit;
}
}
public function loginform($content) {
// Add the login link
$content['content'] .= "<p> <a href='?oidc=1'> Login with OIDC </a> </p>";
// Check if we are starting or resuming oidc auth
if (!isset($_GET['code']) && !isset($_GET['oidc'])) {
$this->altReturn(null);
return $content;
}
// Define error for alt login
$ERROR = '';
// Get mail object
$RCMAIL = rcmail::get_instance();
// Get master password and default imap server
$password = $RCMAIL->config->get('oidc_imap_master_password');
$imap_server = $RCMAIL->config->get('default_host');
// Build provider
$oidc = new OpenIDConnectClient(
$RCMAIL->config->get('oidc_url'),
$RCMAIL->config->get('oidc_client'),
$RCMAIL->config->get('oidc_secret')
);
$oidc->addScope($RCMAIL->config->get('oidc_scope'));
// Get user information
try {
$oidc->authenticate();
$user = json_decode(json_encode($oidc->requestUserInfo()), true);
} catch (\Exception $e) {
$ERROR = 'OIDC Authentication Failed <br/>' . $e->getMessage();
$content['content'] .= "<p class='alert-danger'> $ERROR </p>";
$this->altReturn($ERROR);
return $content;
}
// Parse fields
$uid = $user[$RCMAIL->config->get('oidc_field_uid')];
$password = get($user[$RCMAIL->config->get('oidc_field_password')], $password);
$imap_server = get($user[$RCMAIL->config->get('oidc_field_server')], $imap_server);
// Check if master user is present
$master = $RCMAIL->config->get('oidc_config_master_user');
if ($master != '') {
$uid .= $RCMAIL->config->get('oidc_master_user_separator') . $master;
}
// Trigger auth hook
$auth = $RCMAIL->plugins->exec_hook('authenticate', array(
'user' => $uid,
'pass' => $password,
'cookiecheck' => true,
'valid' => true,
));
// Login to IMAP
if ($RCMAIL->login($auth['user'], $password, $imap_server, $auth['cookiecheck'])) {
$RCMAIL->session->remove('temp');
$RCMAIL->session->regenerate_id(false);
$RCMAIL->session->set_auth_cookie();
$RCMAIL->log_login();
$query = array();
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
unset($redir['abort'], $redir['_err']);
$query = array('_action' => '');
$OUTPUT = new rcmail_html_page();
$redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
$RCMAIL->session->set_auth_cookie();
// Update user profile
$iid = $RCMAIL->user->get_identity()['identity_id'];
$claim_name = $user['name'];
if (isset($iid) && isset($claim_name)) {
$RCMAIL->user->update_identity($iid, array('name' => $claim_name));
}
$OUTPUT->redirect($redir, 0, true);
} else {
$ERROR = 'IMAP authentication failed!';
$content['content'] .= "<p class='alert-danger'> $ERROR </p>";
}
$this->altReturn($ERROR);
return $content;
}
}
function get(&$var, $default=null) {
return isset($var) ? $var : $default;
}