diff --git a/data/web/sogossologin/sogo-auth.php b/data/web/sogossologin/sogo-auth.php new file mode 100644 index 0000000000..b3507b454b --- /dev/null +++ b/data/web/sogossologin/sogo-auth.php @@ -0,0 +1,60 @@ +prepare("SELECT * FROM `sogo_sso_tokens` WHERE `username` = :username AND `token` = :token"); + $stmt->bindParam(':username', $username); + $stmt->bindParam(':token', $token); + + $stmt->execute(); + + $res = $stmt->fetchAll(); + if(count($res) == 1){ + return true; + }else{ + return false; + } + } catch (PDOException $e) { + return false; + } +} + + + + + + +if(isset($_GET['email']) && $_GET['token']){ + require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php'; + if(checkTokenExists($pdo, $_GET['email'], $_GET['token'])){ + try { + $sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass"); + $_SESSION[$session_var_user_allowed][] = $_GET['email']; + $_SESSION[$session_var_pass] = $sogo_sso_pass; + $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES ('SSO', 0, :username, :remote_addr)"); + $stmt->execute(array( + ':username' => $_GET['email'], + ':remote_addr' => (isset($_SERVER['HTTP_X_REAL_IP']) ? $_SERVER['HTTP_X_REAL_IP'] : $_SERVER['REMOTE_ADDR']) + )); + }catch (PDOException $e){ + echo $e->getMessage(); + } + + + header("Location: /SOGo/so/{$_GET['email']}"); + }else{ + http_response_code(401); + } +} + +// if username is empty, SOGo will use the normal login methods / login form +header("X-User: "); +header("X-Auth: "); +header("X-Auth-Type: "); \ No newline at end of file diff --git a/data/web/sogossologin/sogo-tokengenerate.php b/data/web/sogossologin/sogo-tokengenerate.php new file mode 100644 index 0000000000..6e9cf71612 --- /dev/null +++ b/data/web/sogossologin/sogo-tokengenerate.php @@ -0,0 +1,76 @@ +prepare("CREATE TABLE IF NOT EXISTS `sogo_sso_tokens` ( + `id` INT AUTO_INCREMENT PRIMARY KEY, + `username` TEXT NOT NULL, + `token` TEXT NOT NULL + )"); + $stmt->execute(); + } catch (PDOException $e) { + if ($debug) echo $e->getMessage(); + } +} + +function showTables($pdo) +{ + try { + $stmt2 = $pdo->query("SHOW TABLES"); + $res = $stmt2->fetchAll(PDO::FETCH_ASSOC); + var_dump($res); + } catch (PDOException $e) { + echo $e->getMessage(); + } +} + +function writeTokenToDB($username, $token, $pdo): bool +{ + try { + $stmt = $pdo->prepare("INSERT INTO `sogo_sso_tokens` (`username`, `token`) VALUES (:username, :token)"); + $stmt->bindParam(':username', $username); + $stmt->bindParam(':token', $token); + $success = $stmt->execute(); + return $success; + } catch (PDOException $e) { + echo $e->getMessage(); + return false; + } +} + +function generateToken($username): string +{ + return md5(base64_encode($username) . random_bytes(16) . md5(time())); +} + +function getApiKey($pdo) +{ + try { + $stmt = $pdo->prepare("SELECT `api_key` FROM `api` LIMIT 1"); + $stmt->execute(); + return $stmt->fetchColumn(); + + } catch (PDOException $e) { + return null; + } +} + + +if (isset($_POST['username']) && isset($_POST['apikey'])) { + + if ($_POST['apikey'] == getApiKey($pdo)) { + $username = $_POST['username']; + $token = generateToken($username); + createIfTableDoesntExist($pdo); + writeTokenToDB($username, $token, $pdo); + echo json_encode(array( + "success" => true, + "username"=> $username, + "token" => $token + )); + } +} \ No newline at end of file