Page MenuHomePhorge
Files F125401179

D5888.1779456032.diff
No OneTemporary
Actions

Authored By
Unknown
Size
2 KB
Referenced Files
None
Subscribers
None

D5888.1779456032.diff
View Options

diff --git a/plugins/kolab/Kolab/Client.php b/plugins/kolab/Kolab/Client.php
--- a/plugins/kolab/Kolab/Client.php
+++ b/plugins/kolab/Kolab/Client.php
@@ -356,6 +356,27 @@
return [true, null];
}
+ /**
+ * Exhange username/password & 2fa token for otp token
+ */
+ public static function retrieveOtpToken(string $user, string $pass, $factor, $code): string|null
+ {
+ $post = [
+ 'email' => $user,
+ 'password' => $pass,
+ 'secondfactor' => $code,
+ 'mode' => 'fast,otp',
+ ];
+
+ $response = self::request('POST', 'api/auth/login', [], $post);
+
+ if ($response && isset($response->otp)) {
+ return $response->otp;
+ }
+
+ return null;
+ }
+
/**
* Clear all cache entries
*/
diff --git a/plugins/kolab/kolab.php b/plugins/kolab/kolab.php
--- a/plugins/kolab/kolab.php
+++ b/plugins/kolab/kolab.php
@@ -44,6 +44,7 @@
$this->add_hook('startup', [$this, 'startupHook']);
$this->add_hook('login_after', [$this, 'loginAfterHook']);
+ $this->add_hook('kolab_2fa_password', [$this, 'kolab2faPassword']);
// Load features and let them do the whole work
foreach ($this->features as $feature_class) {
@@ -114,4 +115,17 @@
return $args;
}
+
+ /**
+ * Handler for 'kolab_2fa_password' hook
+ *
+ * Used to exchange the password for an otp token, which allows roundcube to work with 2fa enabled when logging in with username & password.
+ */
+ public function kolab2faPassword($args): array
+ {
+ if ($token = Kolab\Client::retrieveOtpToken($args['user'], $args['pass'], $args['factor'], $args['code'])) {
+ $args['pass'] = $token;
+ }
+ return $args;
+ }
}
diff --git a/plugins/kolab_2fa/kolab_2fa.php b/plugins/kolab_2fa/kolab_2fa.php
--- a/plugins/kolab_2fa/kolab_2fa.php
+++ b/plugins/kolab_2fa/kolab_2fa.php
@@ -212,6 +212,15 @@
// accept first successful method
if ($this->login_verified) {
+ $result = $rcmail->plugins->exec_hook('kolab_2fa_password', [
+ 'user' => $_SESSION['username'],
+ 'pass' => $rcmail->decrypt($_SESSION['password']),
+ 'factor' => $factor,
+ 'code' => $code,
+ ]);
+ if (isset($result['pass'])) {
+ $_SESSION['password'] = $rcmail->encrypt($result['pass']);
+ }
break;
}
}

File Metadata

Mime Type
text/plain
Expires
Fri, May 22, 1:20 PM (18 h, 55 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18929823
Default Alt Text
D5888.1779456032.diff (2 KB)

Event Timeline