After another look I think we might be doing something wrong here. A valid token should disable/skip 2FA use. Current User::findAndAuthenticate() will not skip 2FA if the password is a valid token.

• Fix comment
• ID generation for mail without Message-ID

• Incremental migration tests for Takeout
• Fixes in incremental migration across drivers

Placing this in User::validateCredentials() maybe is not a bad idea, but it creates some redundancy. See NGINXController::authorizeRequest() - AuthUtils::tokenValidate() now will be called twice. Also, test this new case in Unit/UserTest::testPasswordValidation().

• CS fixes
• Revert unneded change
• ANNOTATE base tag driver
• Improvements
• SQL driver fixes
• Small doc fix
• Fixes regarding syncroton API for tags
• Support saving task tags as categories
• Fix regression
• Regressions and cleanup

• Fix regression

• Fix regression

Patch merged.

• Support saving task tags as categories

On the other hand we use default_port everywhere, and we probably should not. I'm just wondering, why that second part of this change is not needed in Syncroton and iRony, but is in Chwala.

Ha, I missed we use parse_host() in select_host(). So, that whole change in login() seems redundant.

This could be simplified by use of rcube_utils::parse_host() which is what we already do in Syncroton and iRony.

The imap user is being created from UserSeeder in the demo config. You have to remove that part. Also, maybe the command should be db:init or data:init, but just init is also fine.

It's all right. The extra headers could also have been passed through the DAV\Search "interface", I suppose.

The client could send some HTTP header, e.g. X-Skip-Attachments: true. Since we control both sides this seems to be the best idea to me. From what I see the client could also advertise itself as "User-Agent: Lightning/1".

• Performance: Use lighter rcube_message_header instead of rcube_message

Adding methods to backend interface implementation requires some more code. Phpstan says:

Line   lib/ext/Syncroton/Command/FolderSync.php                          
------ ------------------------------------------------------------------ 
 295    Call to an undefined method Syncroton_Backend_IFolder::exists().

• Fixes regarding syncroton API for tags

• Small doc fix

• CS fixes
• ANNOTATE driver
• Improvements
• SQL driver fixes

BTW, none of the other registered passport clients are added via the migration. Maybe they should too. However, as all of them depend on existing-in-config client secrets and Ids, I'm still not sure migration is the correct place. Maybe we should have something like a "global seeder".

We call the seeder after migration, so the seeder will fail because the record already exists.

Proper fix https://github.com/roundcube/roundcubemail/commit/df02322d6a38e6691ec066d83ee7e6ca34a1054d

This warning message is not that useful without a wallet ID, I suppose.

I was thinking about removing the try/catch. If we make a top-up attempt on every WalletCheck job run there's really no need for dispatching a separate job. The only danger will be that if topUpWallet() always throws the rest of the code will never execute, but how big of a danger is that I'm not sure.

Take a look at App\Jobs\User\DeleteJob, it will add STATUS_DELETED after all code before passes (does not throw an exception). So, checking for missing STATUS_DELETED should be included, and probably should be enough to check just this one.