D3803.1775565127.diff
No OneTemporary
Actions

Authored By

Unknown

Size

3 KB

Referenced Files

None

Subscribers

None

D3803.1775565127.diff
View Options

	diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
	--- a/docker/nginx/nginx.conf
	+++ b/docker/nginx/nginx.conf
	@@ -31,10 +31,13 @@
	ssl_ciphers HIGH:!aNULL:!MD5;
	}

	+ # Roundcube specific imap endpoint with proxy-protocol enabled
	server {
	listen 144 proxy_protocol;
	protocol imap;

	+ auth_http 127.0.0.1:8000/api/webhooks/nginx-roundcube;
	+
	proxy on;
	starttls on;

	diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
	--- a/src/app/Http/Controllers/API/V4/NGINXController.php
	+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
	@@ -155,10 +155,6 @@
	$password = $request->headers->get('Auth-Pass', null);
	$username = $request->headers->get('Auth-User', null);
	$ip = $request->headers->get('Client-Ip', null);
	- $proxy_ip = $request->headers->get('Proxy-Protocol-Addr', null);
	- if ($proxy_ip) {
	- $ip = $proxy_ip;
	- }

	try {
	$user = $this->authorizeRequest(
	@@ -181,6 +177,57 @@
	}
	}

	+ /**
	+ * Authentication request for roundcube imap.
	+ *
	+ * @param \Illuminate\Http\Request $request The API request.
	+ *
	+ * @return \Illuminate\Http\Response The response
	+ */
	+ public function authenticateRoundcube(Request $request)
	+ {
	+ /**
	+ * Auth-Login-Attempt: 1
	+ * Auth-Method: plain
	+ * Auth-Pass: simple123
	+ * Auth-Protocol: imap
	+ * Auth-Ssl: on
	+ * Auth-User: john@kolab.org
	+ * Client-Ip: 127.0.0.1
	+ * Host: 127.0.0.1
	+ *
	+ * Auth-SSL: on
	+ * Auth-SSL-Verify: SUCCESS
	+ * Auth-SSL-Subject: /CN=example.com
	+ * Auth-SSL-Issuer: /CN=example.com
	+ * Auth-SSL-Serial: C07AD56B846B5BFF
	+ * Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad
	+ */
	+
	+ $password = $request->headers->get('Auth-Pass', null);
	+ $username = $request->headers->get('Auth-User', null);
	+ $ip = $request->headers->get('Proxy-Protocol-Addr', null);
	+
	+ try {
	+ $user = $this->authorizeRequest(
	+ $username,
	+ $password,
	+ $ip,
	+ );
	+ } catch (\Exception $e) {
	+ return $this->byebye($request, $e->getMessage());
	+ }
	+
	+ // All checks passed
	+ switch ($request->headers->get('Auth-Protocol')) {
	+ case "imap":
	+ return $this->authenticateIMAP($request, false, $password);
	+ default:
	+ return $this->byebye($request, "unknown protocol in request");
	+ }
	+ }
	+
	+
	/**
	* Create an imap authentication response.
	*
	diff --git a/src/routes/api.php b/src/routes/api.php
	--- a/src/routes/api.php
	+++ b/src/routes/api.php
	@@ -170,6 +170,7 @@
	],
	function () {
	Route::get('nginx', [API\V4\NGINXController::class, 'authenticate']);
	+ Route::get('nginx-roundcube', [API\V4\NGINXController::class, 'authenticateRoundcube']);
	Route::get('nginx-httpauth', [API\V4\NGINXController::class, 'httpauth']);
	Route::post('policy/greylist', [API\V4\PolicyController::class, 'greylist']);
	Route::post('policy/ratelimit', [API\V4\PolicyController::class, 'ratelimit']);

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 7, 12:32 PM (1 h, 31 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18842570
Default Alt Text: D3803.1775565127.diff (3 KB)

D3803.1775565127.diffNo OneTemporaryActions

D3803.1775565127.diffView Options

File Metadata

Event Timeline

D3803.1775565127.diff
No OneTemporary
Actions

D3803.1775565127.diff
View Options