Page MenuHomePhorge
Files F118362969

D3803.1775779141.diff
No OneTemporary
Actions

Authored By
Unknown
Size
3 KB
Referenced Files
None
Subscribers
None

D3803.1775779141.diff
View Options

diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -31,10 +31,13 @@
ssl_ciphers HIGH:!aNULL:!MD5;
}
+ # Roundcube specific imap endpoint with proxy-protocol enabled
server {
listen 144 proxy_protocol;
protocol imap;
+ auth_http 127.0.0.1:8000/api/webhooks/nginx-roundcube;
+
proxy on;
starttls on;
diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
--- a/src/app/Http/Controllers/API/V4/NGINXController.php
+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
@@ -179,10 +179,6 @@
$password = $request->headers->get('Auth-Pass', null);
$username = $request->headers->get('Auth-User', null);
$ip = $request->headers->get('Client-Ip', null);
- $proxy_ip = $request->headers->get('Proxy-Protocol-Addr', null);
- if ($proxy_ip) {
- $ip = $proxy_ip;
- }
try {
$user = $this->authorizeRequest(
@@ -206,6 +202,57 @@
}
/**
+ * Authentication request for roundcube imap.
+ *
+ * @param \Illuminate\Http\Request $request The API request.
+ *
+ * @return \Illuminate\Http\Response The response
+ */
+ public function authenticateRoundcube(Request $request)
+ {
+ /**
+ * Auth-Login-Attempt: 1
+ * Auth-Method: plain
+ * Auth-Pass: simple123
+ * Auth-Protocol: imap
+ * Auth-Ssl: on
+ * Auth-User: john@kolab.org
+ * Client-Ip: 127.0.0.1
+ * Host: 127.0.0.1
+ *
+ * Auth-SSL: on
+ * Auth-SSL-Verify: SUCCESS
+ * Auth-SSL-Subject: /CN=example.com
+ * Auth-SSL-Issuer: /CN=example.com
+ * Auth-SSL-Serial: C07AD56B846B5BFF
+ * Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad
+ */
+
+ $password = $request->headers->get('Auth-Pass', null);
+ $username = $request->headers->get('Auth-User', null);
+ $ip = $request->headers->get('Proxy-Protocol-Addr', null);
+
+ try {
+ $user = $this->authorizeRequest(
+ $username,
+ $password,
+ $ip,
+ );
+ } catch (\Exception $e) {
+ return $this->byebye($request, $e->getMessage());
+ }
+
+ // All checks passed
+ switch ($request->headers->get('Auth-Protocol')) {
+ case "imap":
+ return $this->authenticateIMAP($request, false, $password);
+ default:
+ return $this->byebye($request, "unknown protocol in request");
+ }
+ }
+
+
+ /**
* Create an imap authentication response.
*
* @param \Illuminate\Http\Request $request The API request.
diff --git a/src/routes/api.php b/src/routes/api.php
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -170,6 +170,7 @@
],
function () {
Route::get('nginx', [API\V4\NGINXController::class, 'authenticate']);
+ Route::get('nginx-roundcube', [API\V4\NGINXController::class, 'authenticateRoundcube']);
Route::get('nginx-httpauth', [API\V4\NGINXController::class, 'httpauth']);
Route::post('policy/greylist', [API\V4\PolicyController::class, 'greylist']);
Route::post('policy/ratelimit', [API\V4\PolicyController::class, 'ratelimit']);

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 9, 11:59 PM (19 h, 58 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18853633
Default Alt Text
D3803.1775779141.diff (3 KB)

Event Timeline