fix mailbox tfa

2022-08-31 11:31:55 +02:00 · 2022-08-31 11:31:55 +02:00 · 2ed453a400
commit 2ed453a400
parent 90f77f6d5c
1 changed files with 18 additions and 18 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -937,11 +937,13 @@ function check_login($user, $pass, $app_passwd_data = false) {
  }
  foreach ($rows as $row) {
    // verify password
-    if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true){
    if (verify_hash($row['password'], $pass) !== false) {
+      if (!array_key_exists("app_passwd_id", $row)){ 
+        // password is not a app password
        // check for tfa authenticators
        $authenticators = get_tfa($user);
        if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
+          // authenticators found, init TFA flow
          $_SESSION['pending_mailcow_cc_username'] = $user;
          $_SESSION['pending_mailcow_cc_role'] = "user";
          $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
@ -953,6 +955,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
          );
          return "pending";
        } else {
+          // no authenticators found, login successfull
          // Reactivate TFA if it was set to "deactivate TFA for next login"
          $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
          $stmt->execute(array(':user' => $user));
@ -960,10 +963,8 @@ function check_login($user, $pass, $app_passwd_data = false) {
          unset($_SESSION['ldelay']);
          return "user";
        }
-      }
      } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
-      if (array_key_exists("app_passwd_id", $row)){
-        if (verify_hash($row['password'], $pass) !== false) {
+        // password is a app password
        $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
        $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
        $stmt->execute(array(
@ -978,7 +979,6 @@ function check_login($user, $pass, $app_passwd_data = false) {
      }
    }
  }
-  }

  if (!isset($_SESSION['ldelay'])) {
    $_SESSION['ldelay'] = "0";
@ -994,7 +994,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
  $_SESSION['return'][] =  array(
    'type' => 'danger',
    'log' => array(__FUNCTION__, $user, '*'),
-    'msg' => 'login_failed'
+    'msg' => array('login_failed', $pass, $rows, $app_passwd_data, array_key_exists("app_passwd_id", $row))
  );

  sleep($_SESSION['ldelay']);