Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)
* [API] Fix minor issue in api docs * [GH-Actions][stale] Add neverstale label to exempt list * [Web] add github version tag * [Web] add github version tag error handling * Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php. * [Web] add github version tag - adjust css * [Compose] Update SOGo Autoreply Schedule to 5m Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436 * [Web] add github version tag - move twig globals * [Web] add github version tag - missing </div> * Passwordless SOGo auth: improvements for when accessing other users * [WebAuthn] fido2 passwordless auth - fix (#4440) * [WebAuthn] fido2 revert * [WebAuthn] set UV flags to 'discouraged' * [WebAuthn] revert - set UV flags to 'discouraged' Co-authored-by: ntimo <git@nowitzki.me> Co-authored-by: Peter <magic@kthx.at> Co-authored-by: FreddleSpl0it <patschul@posteo.de> Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com> Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
This commit is contained in:
parent
5a1ef72b82
commit
89fdd1986d
1
.gitignore
vendored
1
.gitignore
vendored
@ -56,6 +56,7 @@ data/web/templates/cache/*
|
||||
data/web/.well-known/acme-challenge
|
||||
data/web/css/build/0081-custom-mailcow.css
|
||||
data/web/inc/vars.local.inc.php
|
||||
data/web/inc/app_info.inc.php
|
||||
data/web/nextcloud*/
|
||||
data/web/rc*/
|
||||
docker-compose.override.yml
|
||||
|
@ -4805,7 +4805,7 @@ paths:
|
||||
schema:
|
||||
example:
|
||||
attr:
|
||||
rl_vlaue: "10"
|
||||
rl_value: "10"
|
||||
rl_frame: "h"
|
||||
items:
|
||||
- info@domain.tld
|
||||
@ -4815,7 +4815,7 @@ paths:
|
||||
rl_frame:
|
||||
description: contains the frame for the ratelimit h,s,m
|
||||
type: string
|
||||
rl_vlaue:
|
||||
rl_value:
|
||||
description: contains the rate for the ratelimit 10,20,50,1
|
||||
type: number
|
||||
type: object
|
||||
@ -4876,7 +4876,7 @@ paths:
|
||||
schema:
|
||||
example:
|
||||
attr:
|
||||
rl_vlaue: "10"
|
||||
rl_value: "10"
|
||||
rl_frame: "h"
|
||||
items:
|
||||
- domain.tld
|
||||
@ -4886,7 +4886,7 @@ paths:
|
||||
rl_frame:
|
||||
description: contains the frame for the ratelimit h,s,m
|
||||
type: string
|
||||
rl_vlaue:
|
||||
rl_value:
|
||||
description: contains the rate for the ratelimit 10,20,50,1
|
||||
type: number
|
||||
type: object
|
||||
|
@ -202,6 +202,11 @@ legend {
|
||||
margin-top: 27px;
|
||||
margin-bottom: 20px;
|
||||
color: #959595;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
}
|
||||
.footer .version {
|
||||
margin-left: auto;
|
||||
}
|
||||
.slave-info {
|
||||
padding: 15px 0px 15px 15px;
|
||||
|
@ -23,7 +23,12 @@ if (is_array($alertbox_log_parser)) {
|
||||
unset($_SESSION['return']);
|
||||
}
|
||||
|
||||
// globals
|
||||
$globalVariables = [
|
||||
'mailcow_info' => array(
|
||||
'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
|
||||
'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
|
||||
),
|
||||
'js_path' => '/cache/'.basename($JSPath),
|
||||
'pending_tfa_method' => @$_SESSION['pending_tfa_method'],
|
||||
'pending_mailcow_cc_username' => @$_SESSION['pending_mailcow_cc_username'],
|
||||
|
@ -10,11 +10,17 @@ $DEV_MODE = (getenv('DEV_MODE') == 'y');
|
||||
}*/
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
|
||||
|
||||
$default_autodiscover_config = $autodiscover_config;
|
||||
|
||||
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
|
||||
}
|
||||
|
||||
// auto-generated by generate-config.sh and update.sh
|
||||
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php')) {
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php';
|
||||
}
|
||||
unset($https_port);
|
||||
$autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
|
||||
|
||||
|
@ -24,4 +24,4 @@ $twig->addFunction(new TwigFunction('is_uri', function (string $uri, string $whe
|
||||
// filters
|
||||
$twig->addFilter(new TwigFilter('rot13', 'str_rot13'));
|
||||
$twig->addFilter(new TwigFilter('base64_encode', 'base64_encode'));
|
||||
$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));
|
||||
$twig->addFilter(new TwigFilter('formatBytes', 'formatBytes'));
|
@ -409,16 +409,14 @@ if (isset($_GET['query'])) {
|
||||
break;
|
||||
case "fido2-get-args":
|
||||
header('Content-Type: application/json');
|
||||
// fetch allowed credentialIds
|
||||
$cids = fido2(array("action" => "get_all_cids"));
|
||||
if (count($cids) == 0) {
|
||||
print(json_encode(array(
|
||||
'type' => 'error',
|
||||
'msg' => 'Cannot find matching credentialIds'
|
||||
)));
|
||||
}
|
||||
// Login without username, no ids!
|
||||
// $ids = fido2(array("action" => "get_all_cids"));
|
||||
// if (count($ids) == 0) {
|
||||
// return;
|
||||
// }
|
||||
$ids = NULL;
|
||||
|
||||
$getArgs = $WebAuthn->getGetArgs($cids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
|
||||
$getArgs = $WebAuthn->getGetArgs($ids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
|
||||
print(json_encode($getArgs));
|
||||
$_SESSION['challenge'] = $WebAuthn->getChallenge();
|
||||
return;
|
||||
|
@ -75,20 +75,26 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
|
||||
session_start();
|
||||
// extract email address from "/SOGo/so/user@domain/xy"
|
||||
$url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
|
||||
$email = $url_parts[3];
|
||||
// check if this email is in session allowed list
|
||||
if (
|
||||
!empty($email) &&
|
||||
filter_var($email, FILTER_VALIDATE_EMAIL) &&
|
||||
is_array($_SESSION[$session_var_user_allowed]) &&
|
||||
in_array($email, $_SESSION[$session_var_user_allowed])
|
||||
) {
|
||||
$username = $email;
|
||||
$password = $_SESSION[$session_var_pass];
|
||||
header("X-User: $username");
|
||||
header("X-Auth: Basic ".base64_encode("$username:$password"));
|
||||
header("X-Auth-Type: Basic");
|
||||
exit;
|
||||
$email_list = array(
|
||||
$url_parts[3], // Requested mailbox
|
||||
($_SESSION['mailcow_cc_username'] ?? ''), // Current user
|
||||
($_SESSION["dual-login"]["username"] ?? ''), // Dual login user
|
||||
);
|
||||
foreach($email_list as $email) {
|
||||
// check if this email is in session allowed list
|
||||
if (
|
||||
!empty($email) &&
|
||||
filter_var($email, FILTER_VALIDATE_EMAIL) &&
|
||||
is_array($_SESSION[$session_var_user_allowed]) &&
|
||||
in_array($email, $_SESSION[$session_var_user_allowed])
|
||||
) {
|
||||
$username = $email;
|
||||
$password = $_SESSION[$session_var_pass];
|
||||
header("X-User: $username");
|
||||
header("X-Auth: Basic ".base64_encode("$username:$password"));
|
||||
header("X-Auth-Type: Basic");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -38,22 +38,24 @@
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
{% include 'admin/tab-config-admins.twig' %}
|
||||
{% include 'admin/tab-ldap.twig' %}
|
||||
{% include 'admin/tab-config-oauth2.twig' %}
|
||||
{% include 'admin/tab-config-rspamd.twig' %}
|
||||
{% include 'admin/tab-routing.twig' %}
|
||||
{% include 'admin/tab-config-dkim.twig' %}
|
||||
{% include 'admin/tab-config-fwdhosts.twig' %}
|
||||
{% include 'admin/tab-config-f2b.twig' %}
|
||||
{% include 'admin/tab-config-quarantine.twig' %}
|
||||
{% include 'admin/tab-config-quota.twig' %}
|
||||
{% include 'admin/tab-config-rsettings.twig' %}
|
||||
{% include 'admin/tab-config-customize.twig' %}
|
||||
{% include 'admin/tab-config-password-policy.twig' %}
|
||||
{% include 'admin/tab-sys-mails.twig' %}
|
||||
{% include 'admin/tab-mailq.twig' %}
|
||||
{% include 'admin/tab-globalfilter-regex.twig' %}
|
||||
<div class="tab-content" style="padding-top:20px">
|
||||
{% include 'admin/tab-config-admins.twig' %}
|
||||
{% include 'admin/tab-ldap.twig' %}
|
||||
{% include 'admin/tab-config-oauth2.twig' %}
|
||||
{% include 'admin/tab-config-rspamd.twig' %}
|
||||
{% include 'admin/tab-routing.twig' %}
|
||||
{% include 'admin/tab-config-dkim.twig' %}
|
||||
{% include 'admin/tab-config-fwdhosts.twig' %}
|
||||
{% include 'admin/tab-config-f2b.twig' %}
|
||||
{% include 'admin/tab-config-quarantine.twig' %}
|
||||
{% include 'admin/tab-config-quota.twig' %}
|
||||
{% include 'admin/tab-config-rsettings.twig' %}
|
||||
{% include 'admin/tab-config-customize.twig' %}
|
||||
{% include 'admin/tab-config-password-policy.twig' %}
|
||||
{% include 'admin/tab-sys-mails.twig' %}
|
||||
{% include 'admin/tab-mailq.twig' %}
|
||||
{% include 'admin/tab-globalfilter-regex.twig' %}
|
||||
</div>
|
||||
</div> <!-- /col-md-12 -->
|
||||
</div> <!-- /row -->
|
||||
|
||||
|
@ -1,5 +1,4 @@
|
||||
<div class="tab-content" style="padding-top:20px">
|
||||
<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
|
||||
<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
|
||||
<div class="panel panel-danger">
|
||||
<div class="panel-heading xs-show">{{ lang.admin.admin_details }}</div>
|
||||
<div class="panel-body">
|
||||
@ -61,7 +60,8 @@
|
||||
<th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
|
||||
</tr>
|
||||
{% include 'fido2.twig' %}
|
||||
</table>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<br>
|
||||
</div>
|
||||
@ -221,8 +221,6 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading xs-show">{{ lang.admin.domain_admins }}</div>
|
||||
<div class="panel-body">
|
||||
@ -248,3 +246,4 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -423,6 +423,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
|
||||
{% if ui_texts.ui_footer %}
|
||||
<hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
|
||||
{% endif %}
|
||||
{% if mailcow_cc_username and mailcow_info.version_tag|default %}
|
||||
<span class="version">
|
||||
🐮 + 🐋 = 💕
|
||||
<a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">
|
||||
Version: {{ mailcow_info.version_tag }}
|
||||
</a>
|
||||
</span>
|
||||
{% endif %}
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
@ -200,7 +200,7 @@ services:
|
||||
ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
|
||||
ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
|
||||
ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
|
||||
ofelia.job-exec.sogo_eautoreply.schedule: "@every 24h"
|
||||
ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
|
||||
ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
|
||||
ofelia.job-exec.sogo_backup.schedule: "@every 24h"
|
||||
ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
|
||||
|
@ -361,3 +361,19 @@ echo "Generating snake-oil certificate..."
|
||||
openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
|
||||
echo "Copying snake-oil certificate..."
|
||||
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
|
||||
|
||||
# Set app_info.inc.php
|
||||
mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
if [ $? -eq 0 ]; then
|
||||
mailcow_git_url=$(git config --get remote.origin.url)
|
||||
echo '<?php' > data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
|
||||
echo '?>' >> data/web/inc/app_info.inc.php
|
||||
else
|
||||
echo '<?php' > data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
|
||||
echo '?>' >> data/web/inc/app_info.inc.php
|
||||
echo -e "\e[33mCannot determine current git repository version...\e[0m"
|
||||
fi
|
||||
|
16
update.sh
16
update.sh
@ -719,6 +719,22 @@ if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then
|
||||
mv data/conf/rspamd/local.d/metrics.conf data/conf/rspamd/local.d/metrics.conf_deprecated
|
||||
fi
|
||||
|
||||
# Set app_info.inc.php
|
||||
mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
if [ $? -eq 0 ]; then
|
||||
mailcow_git_url=$(git config --get remote.origin.url)
|
||||
echo '<?php' > data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
|
||||
echo '?>' >> data/web/inc/app_info.inc.php
|
||||
else
|
||||
echo '<?php' > data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
|
||||
echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
|
||||
echo '?>' >> data/web/inc/app_info.inc.php
|
||||
echo -e "\e[33mCannot determine current git repository version...\e[0m"
|
||||
fi
|
||||
|
||||
if [[ ${SKIP_START} == "y" ]]; then
|
||||
echo -e "\e[33mNot starting mailcow, please run \"docker-compose up -d --remove-orphans\" to start mailcow.\e[0m"
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user