<!DOCTYPE html> <html lang="{{ mailcow_locale|default('en') }}"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <meta name="theme-color" content="#F5D76E"/> <meta http-equiv="Referrer-Policy" content="same-origin"> <title>{{ ui_texts.title_name|raw }}</title> <link rel="stylesheet" href="{{ css_path }}"> <script> // check if darkmode is preferred by OS or set by localStorage if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("theme") !== "light" || localStorage.getItem("theme") === "dark") { var head = document.getElementsByTagName('head')[0]; var link = document.createElement('link'); link.id = 'dark-mode-theme'; link.rel = 'stylesheet'; link.type = 'text/css'; link.href = '/css/themes/mailcow-darkmode.css'; head.appendChild(link); } </script> <link rel="shortcut icon" href="/favicon.png" type="image/png"> <link rel="icon" href="/favicon.png" type="image/png"> </head> <body> <div class="overlay"></div> {% block navbar %} <nav class="navbar navbar-expand-lg navbar-light bg-light navbar-fixed-top p-0"> <div class="container-fluid"> <a class="navbar-brand" href="/"><img alt="mailcow-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}"></a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbar" aria-controls="navbar" aria-expanded="false" aria-label="Toggle navigation"> <i class="bi bi-list fs-3"></i> </button> <div id="navbar" class="navbar-collapse collapse"> <ul class="navbar-nav ms-auto"> <li class="nav-item"> <div class="nav-link form-check form-switch my-auto d-flex align-items-center"> <label class="form-check-label"><i class="bi bi-moon-fill"></i></label> <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle"> </div> </li> {% if mailcow_locale %} <li class="nav-item dropdown{% if available_languages|length == 1 %}lang-link-disabled{% endif %}"> <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false"><span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span></a> <ul class="dropdown-menu" role="menu "aria-labelledby="languageDropdown"> {% for key, val in available_languages %} <li> <a class="dropdown-item {% if mailcow_locale == key %}active{% endif %}" href="?{{ query_string({'lang': key}) }}"> <span class="flag-icon flag-icon-{{ key[-2:] }}"></span>{{ val }} </a> </li> {% endfor %} </ul> </li> {% endif %} {% if mailcow_cc_role %} <li class="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.mailcow_system }}</a> <ul class="dropdown-menu"> {% if mailcow_cc_role == 'admin' %} <li><a href="/debug" class="dropdown-item {% if is_uri('debug') %}active{% endif %}">{{ lang.header.debug }}</a></li> <li><a href="/admin" class="dropdown-item {% if is_uri('admin') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li> {% endif %} {% if mailcow_cc_role != 'admin' %} <li><a href="/user" class="dropdown-item {% if is_uri('user') %}active{% endif %}">{{ lang.header.user_settings }}</a></li> {% endif %} </ul> </li> <li class="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.email }}</a> <ul class="dropdown-menu"> {% if mailcow_cc_role == 'admin' or mailcow_cc_role == 'domainadmin' %} <li><a href="/mailbox" class="dropdown-item {% if is_uri('mailbox') %}active{% endif %}">{{ lang.header.mailcow_config }}</a></li> {% endif %} <li><a href="/quarantine" class="dropdown-item {% if is_uri('quarantine') %}active{% endif %}">{{ lang.header.quarantine }}</a></li> {% if mailcow_cc_role == 'admin' %} <li><a href="/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li> {% endif %} {% if mailcow_cc_role == 'admin' %} <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li> {% endif %} </ul> </li> {% endif %} {% if mailcow_apps or app_links %} <li class="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-expanded="false"><i class="bi bi-link-45deg me-2"></i> {{ ui_texts.apps_name|raw }}</a> <ul class="dropdown-menu"> {% for app in mailcow_apps %} {% if not skip_sogo or not is_uri('SOGo', app.link) %} <li {% if app.description %}title="{{ app.description }}"{% endif %}> <a href="{{ app.link }}" class="dropdown-item">{{ app.name }}</a> </li> {% endif %} {% endfor %} {% for row in app_links %} {% for key, val in row %} <li><a href="{{ val }}" class="dropdown-item">{{ key }}</a></li> {% endfor %} {% endfor %} </ul> </li> {% endif %} {% if not dual_login and mailcow_cc_username %} <li class="logged-in-as nav-item"><a href="#" onclick="logout.submit()" class="nav-link"><b class="username-lia">{{ mailcow_cc_username }}</b> <i class="bi bi-power ms-2"></i></a></li> {% elseif dual_login %} <li class="logged-in-as nav-item"><a href="#" onclick="logout.submit()" class="nav-link"><b class="username-lia">{{ mailcow_cc_username }} <span class="text-info">({{ dual_login.username }})</span> </b><i class="bi bi-power ms-2"></i></a></li> {% endif %} {% if not is_master %} <li class="text-warning slave-info nav-item">[ slave ]</li> {% endif %} </ul> </div><!--/.nav-collapse --> </div><!--/.container-fluid --> </nav> {% endblock navbar %} <form action="/" method="post" id="logout"><input type="hidden" name="logout"></form> {% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active and not is_root_uri %} <div class="container mt-4"> <div class="alert alert-{{ ui_texts.ui_announcement_type }}">{{ ui_texts.ui_announcement_text }}</div> </div> {% endif %} <div class="container my-4"> {% block content %}{% endblock %} </div> {% include 'modals/footer.twig' %} <script src="{{ js_path }}"></script> <script> var lang_footer = {{ lang_footer|raw }}; var lang_acl = {{ lang_acl|raw }}; var lang_tfa = {{ lang_tfa|raw }}; var lang_fido2 = {{ lang_fido2|raw }}; var docker_timeout = {{ docker_timeout|raw }} * 1000; var mailcow_cc_role = '{{ mailcow_cc_role }}'; var last_login = '{{ last_login }}'; var mailcow_info = { version_tag: '{{ mailcow_info.version_tag }}', last_version_tag: '{{ mailcow_info.last_version_tag }}', updatedAt: '{{ mailcow_info.updated_at }}', project_url: '{{ mailcow_info.git_project_url }}', project_owner: '{{ mailcow_info.git_owner }}', project_repo: '{{ mailcow_info.git_repo }}', branch: '{{ mailcow_info.mailcow_branch }}' }; $(window).scroll(function() { sessionStorage.scrollTop = $(this).scrollTop(); }); // Select language and reopen active URL without POST function setLang(sel) { $.post( '{{ uri }}', {lang: sel} ); window.location.href = window.location.pathname + window.location.search; } // FIDO2 functions function arrayBufferToBase64(buffer) { let binary = ''; let bytes = new Uint8Array(buffer); let len = bytes.byteLength; for (let i = 0; i < len; i++) { binary += String.fromCharCode( bytes[ i ] ); } return window.btoa(binary); } function recursiveBase64StrToArrayBuffer(obj) { let prefix = '=?BINARY?B?'; let suffix = '?='; if (typeof obj === 'object') { for (let key in obj) { if (typeof obj[key] === 'string') { let str = obj[key]; if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) { str = str.substring(prefix.length, str.length - suffix.length); let binary_string = window.atob(str); let len = binary_string.length; let bytes = new Uint8Array(len); for (let i = 0; i < len; i++) { bytes[i] = binary_string.charCodeAt(i); } obj[key] = bytes.buffer; } } else { recursiveBase64StrToArrayBuffer(obj[key]); } } } } $(window).on('load', function() { $(".overlay").hide(); }); $(document).ready(function() { $(document).on('shown.bs.modal', function(e) { modal_id = $(e.relatedTarget).data('target'); $(modal_id).attr("aria-hidden","false"); }); // TFA, CSRF, Alerts in footer.inc.php // Other general functions in mailcow.js {% for alert_type, alert_msg in alerts %} mailcow_alert_box('{{ alert_msg|raw|e("js") }}', '{{ alert_type }}'); {% endfor %} // Confirm TFA modal {% if pending_tfa_methods %} new bootstrap.Modal(document.getElementById("ConfirmTFAModal"), { backdrop: 'static', keyboard: false }).show(); // validate Time based OTP tfa $("#pending_tfa_tab_totp").click(function(){ $(".webauthn-authenticator-selection").removeClass("active"); $("#collapseWebAuthnTFA").collapse('hide'); // select default if only one authenticator exists if ($('.totp-authenticator-selection').length == 1){ $('.totp-authenticator-selection').addClass("active"); var id = $('.totp-authenticator-selection').children('input').first().val(); $("#totp_selected_id").val(id); $("#collapseTotpTFA").collapse('show'); } }); $(".totp-authenticator-selection").click(function(){ $(".totp-authenticator-selection").removeClass("active"); $(this).addClass("active"); var id = $(this).children('input').first().val(); $("#totp_selected_id").val(id); $("#collapseTotpTFA").collapse('show'); }); if ($('.totp-authenticator-selection').length == 1 && $('#pending_tfa_tab_yubi_otp').length == 0 && $('.webauthn-authenticator-selection').length == 0){ // select default if only one authenticator exists $('.totp-authenticator-selection').addClass("active"); var id = $('.totp-authenticator-selection').children('input').first().val(); $("#totp_selected_id").val(id); $("#collapseTotpTFA").collapse('show'); setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 1000); } $('#pending_tfa_tab_totp').on('shown.bs.tab', function() { // autofocus setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200); }); // validate Yubi OTP tfa if ($('.webauthn-authenticator-selection').length == 0){ // autofocus setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 1000); } $('#pending_tfa_tab_yubi_otp').on('shown.bs.tab', function() { // autofocus $("#collapseYubiTFA").find('input[name="token"]').focus(); }); // validate WebAuthn tfa $("#pending_tfa_tab_webauthn").click(function(){ $(".totp-authenticator-selection").removeClass("active"); $("#collapseTotpTFA").collapse('hide'); }); $(".webauthn-authenticator-selection").click(function(){ $(".webauthn-authenticator-selection").removeClass("active"); $(this).addClass("active"); var id = $(this).children('input').first().val(); $("#webauthn_selected_id").val(id); var webauthn_status_auth = document.getElementById('webauthn_status_auth'); webauthn_status_auth.style.setProperty('display', 'flex', 'important'); var webauthn_return_code = document.getElementById('webauthn_return_code'); webauthn_return_code.style.setProperty('display', 'none', 'important'); $("#collapseWebAuthnTFA").collapse('show'); $(this).find('input[name=token]').focus(); if(document.getElementById("webauthn_auth_data") !== null) { // Check Browser support if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { window.alert('Browser not supported for WebAuthn.'); return; } // fetch webauthn auth args window.fetch("/api/v1/get/webauthn-tfa-get-args", {method:'GET',cache:'no-cache'}).then(response => { return response.json(); }).then(json => { console.log(json); if (json.success === false) throw new Error(); if (json.type === "error") throw new Error(json.msg); recursiveBase64StrToArrayBuffer(json); return json; }).then(getCredentialArgs => { // get credentials return navigator.credentials.get(getCredentialArgs); }).then(cred => { return { id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null, clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null, authenticatorData: cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null, signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null }; }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) { // send request by submit var form = document.getElementById('webauthn_auth_form'); var auth = document.getElementById('webauthn_auth_data'); auth.value = AuthenticatorAttestationResponse; form.submit(); }).catch(function(err) { var webauthn_status_auth = document.getElementById('webauthn_status_auth'); webauthn_status_auth.style.setProperty('display', 'none', 'important'); var webauthn_return_code = document.getElementById('webauthn_return_code'); webauthn_return_code.style.setProperty('display', 'block', 'important'); webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry; }); } }); $('#ConfirmTFAModal').on('hidden.bs.modal', function(){ // cancel pending login $.ajax({ type: "GET", cache: false, dataType: 'script', url: '/inc/ajax/destroy_tfa_auth.php', complete: function(data){ window.location = window.location.href.split("#")[0]; } }); }); {% endif %} // Validate FIDO2 $("#fido2-login").click(function(){ $('#fido2-alerts').html(); if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { window.alert('Browser not supported.'); return; } window.fetch("/api/v1/get/fido2-get-args", {method:'GET',cache:'no-cache'}).then(function(response) { return response.json(); }).then(function(json) { if (json.success === false) { throw new Error(); } recursiveBase64StrToArrayBuffer(json); return json; }).then(function(getCredentialArgs) { return navigator.credentials.get(getCredentialArgs); }).then(function(cred) { return { id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null, clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null, authenticatorData: cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null, signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null }; }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) { return window.fetch("/api/v1/process/fido2-args", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'}); }).then(function(response) { return response.json(); }).then(function(json) { if (json.success) { window.location = window.location.href.split("#")[0]; } else { throw new Error(); } }).catch(function(err) { if (typeof err.message === 'undefined') { mailcow_alert_box(lang_fido2.fido2_validation_failed, "danger"); } else { mailcow_alert_box(lang_fido2.fido2_validation_failed + ":<br><i>" + err.message + "</i>", "danger"); } }); }); // Set TFA/FIDO2 $("#register-fido2, #register-fido2-touchid").click(function(){ let t = $(this); $("option:selected").prop("selected", false); if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { window.alert('Browser not supported.'); return; } window.fetch("/api/v1/get/fido2-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}", {method:'GET',cache:'no-cache'}).then(function(response) { return response.json(); }).then(function(json) { if (json.success === false) { throw new Error(json.msg); } recursiveBase64StrToArrayBuffer(json); // set attestation to node if we are registering apple touch id if(t.attr('id') === 'register-fido2-touchid') { json.publicKey.attestation = 'none'; json.publicKey.authenticatorSelection.authenticatorAttachment = "platform"; } return json; }).then(function(createCredentialArgs) { console.log(createCredentialArgs); return navigator.credentials.create(createCredentialArgs); }).then(function(cred) { return { clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null, attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null }; }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) { return window.fetch("/api/v1/add/fido2-registration", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'}); }).then(function(response) { return response.json(); }).then(function(json) { if (json.success) { window.location = window.location.href.split("#")[0]; } else { throw new Error(json.msg); } }).catch(function(err) { $('#fido2-alerts').html('<span class="text-danger"><b>' + err.message + '</b></span>'); }); }); $('#selectTFA').change(function () { if ($(this).val() == "yubi_otp") { $('#YubiOTPModal').modal('show'); $("option:selected").prop("selected", false); } if ($(this).val() == "totp") { $('#TOTPModal').modal('show'); request_token = $('#tfa-qr-img').data('totp-secret'); $.ajax({ url: '/inc/ajax/qr_gen.php', data: { token: request_token, }, }).done(function (result) { $("#tfa-qr-img").attr("src", result); }); $("option:selected").prop("selected", false); } if ($(this).val() == "webauthn") { // check if Browser is supported if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { window.alert('Browser not supported.'); return; } // show modal $('#WebAuthnModal').modal('show'); $("option:selected").prop("selected", false); $("#start_webauthn_register").click(() => { var key_id = document.getElementsByName('key_id')[1].value; var confirm_password = document.getElementsByName('confirm_password')[1].value; // fetch WebAuthn create args window.fetch("/api/v1/get/webauthn-tfa-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}", {method:'GET',cache:'no-cache'}).then(response => { return response.json(); }).then(json => { console.log(json); if (json.success === false) throw new Error(json.msg); recursiveBase64StrToArrayBuffer(json); return json; }).then(createCredentialArgs => { // create credentials return navigator.credentials.create(createCredentialArgs); }).then(cred => { return { clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null, attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null, key_id: key_id, tfa_method: "webauthn", confirm_password: confirm_password }; }).then(JSON.stringify).then(AuthenticatorAttestationResponse => { // send request return window.fetch("/api/v1/add/webauthn-tfa-registration", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'}); }).then(response => { return response.json(); }).then(json => { if (json.success) { // reload on success window.location = window.location.href.split("#")[0]; } else { throw new Error(json.msg); } }).catch(function(err) { console.log(err); var webauthn_return_code = document.getElementById('webauthn_return_code'); webauthn_return_code.style.display = webauthn_return_code.style.display === 'none' ? '' : null; webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry; }); }); } if ($(this).val() == "none") { $('#DisableTFAModal').modal('show'); $("option:selected").prop("selected", false); } }); {% if mailcow_cc_username %} // Reload after session timeout var session_lifetime = {{ (session_lifetime * 1000) + 15000 }}; setTimeout(function() { location.reload(); }, session_lifetime); {% endif %} // CSRF $('<input type="hidden" value="{{ csrf_token }}">').attr('name', 'csrf_token').appendTo('form'); if (sessionStorage.scrollTop != "undefined") { $(window).scrollTop(sessionStorage.scrollTop); } }); </script> <div class="container footer"> {% if ui_texts.ui_footer %} <hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span> {% endif %} {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "master" and mailcow_info.version_tag|default %} <span class="version"> 🐮 + 🐋 = 💕 Version: <a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">{{ mailcow_info.version_tag }} </a> </span> {% endif %} {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "nightly" and mailcow_info.version_tag|default %} <span class="version"> 🛠️🐮 + 🐋 = 💕 Nightly: <a href="{{ mailcow_info.git_project_url }}/commit/{{ mailcow_info.git_commit }}" target="_blank">{{ mailcow_info.version_tag }} </a><br> <span style="text-align:right;display:block;">Build: {{ mailcow_info.git_commit_date }}</span> </span> {% endif %} </div> </body> </html>