amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-21 19:35:38 +00:00
Code Issues Projects Releases Wiki Activity

feat(core): Add URL encryption for GDPR compliancy. Remove dav encryption

Browse Source
This commit is contained in:
smizrahi
2024-01-02 13:46:46 +01:00
parent 10d789fb1f
commit 2748d1dd08
11 changed files with 30 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Main/SOGo.m
+1 -2
View File
@@ -351,7 +351,6 @@ static BOOL debugLeaks;
authenticator = [SOGoWebAuthenticator sharedSOGoWebAuthenticator];
else {
authenticator = [SOGoDAVAuthenticator sharedSOGoDAVAuthenticator];
[authenticator setContext: context];
}
}
@@ -369,7 +368,7 @@ static BOOL debugLeaks;
NSData *decodedLogin;
NSString *login;
login = [SOGoUser getDecryptedUsernameIfNeeded: _key withContext: _ctx];
login = [SOGoUser getDecryptedUsernameIfNeeded: _key];
user = [SOGoUser userWithLogin: login roles: nil];
if (user)
SoObjects/Appointments/SOGoUserFolder+Appointments.m
+2 -2
View File
@@ -88,7 +88,7 @@
}
tag = [NSArray arrayWithObjects: @"href", XMLNS_WEBDAV, @"D",
[NSString stringWithFormat: @"/SOGo/dav/%@/", [self nameInContainer]],
[NSString stringWithFormat: @"/SOGo/dav/%@/", nameInContainer],
nil];
[addresses addObjectUniquely: tag];
@@ -128,7 +128,7 @@
}
tag = [NSArray arrayWithObjects: @"href", XMLNS_WEBDAV, @"D",
[NSString stringWithFormat: @"/SOGo/dav/%@/", [self nameInContainer]],
[NSString stringWithFormat: @"/SOGo/dav/%@/", nameInContainer],
nil];
[addresses addObjectUniquely: tag];
SoObjects/SOGo/SOGoDAVAuthenticator.h
-2
View File
@@ -29,8 +29,6 @@
@interface SOGoDAVAuthenticator : SoHTTPAuthenticator <SOGoAuthenticator>
WOContext *context;
+ (id) sharedSOGoDAVAuthenticator;
@end
SoObjects/SOGo/SOGoDAVAuthenticator.m
+2 -13
View File
@@ -41,19 +41,11 @@
{
static SOGoDAVAuthenticator *auth = nil;
if (!auth) {
auth = [self new];
context = nil;
}
auth = [self new];
return auth;
}
- (void) setContext: (WOContext *) _context
{
context = _context;
}
- (BOOL) checkLogin: (NSString *) _login
password: (NSString *) _pwd
{
@@ -75,10 +67,7 @@
expire: &expire
grace: &grace]
&& perr == PolicyNoError);
if (context) {
[SOGoUser getEncryptedUsernameIfNeeded: [_login stringByReplacingString: @"%40"
withString: @"@"] withContext: context]; // Create cache entry
}
if (!rc)
{
sd = [SOGoSystemDefaults sharedSystemDefaults];
SoObjects/SOGo/SOGoGCSFolder.m
+1 -1
View File
@@ -533,7 +533,7 @@ static NSArray *childRecordFields = nil;
publicParticle = @"";
path = [NSString stringWithFormat: @"/%@/dav%@/%@/%@/%@/",
appName, publicParticle,
[[SOGoUser getEncryptedUsernameIfNeeded:[self ownerInContext: nil] withContext: context] stringByEscapingURL],
[[self ownerInContext: nil] stringByEscapingURL],
[[container nameInContainer] stringByEscapingURL],
[[self realNameInContainer] stringByEscapingURL]];
currentDavURL = [self davURL];
SoObjects/SOGo/SOGoObject.m
+14 -2
View File
@@ -365,7 +365,7 @@
NSString *usersUrl;
usersUrl = [NSString stringWithFormat: @"%@%@/",
[[WOApplication application] davURLAsString], [SOGoUser getEncryptedUsernameIfNeeded: owner withContext: context]];
[[WOApplication application] davURLAsString], owner];
ownerHREF = davElementWithContent (@"href", XMLNS_WEBDAV, usersUrl);
return [davElementWithContent (@"owner", XMLNS_WEBDAV, ownerHREF)
@@ -946,6 +946,7 @@
NSMutableArray *path;
NSString *baseURL, *urlMethod, *fullHost;
NSNumber *port;
int i;
serverURL = [context serverURL];
baseURL = [[self baseURLInContext: context] stringByUnescapingURL];
@@ -973,6 +974,17 @@
else
fullHost = [serverURL host];
for (i = 0 ; i < [path count] ; i++) {
// For DAV url, the username must be decrypted
// Username is placed afted dav in url components
if ([[[path objectAtIndex: i] lowercaseString] isEqualToString:@"dav"]) {
if ([path count] > (i + 1)) {
[path replaceObjectAtIndex: (i +1)
withObject: [SOGoUser getDecryptedUsernameIfNeeded: [path objectAtIndex: (i + 1)]]];
}
}
}
url = [[NSURL alloc] initWithScheme: [serverURL scheme]
host: fullHost
path: [path componentsJoinedByString: @"/"]];
@@ -1227,7 +1239,7 @@
davCurrentUserPrincipal = nil;
else
{
s = [NSString stringWithFormat: @"/SOGo/dav/%@", [SOGoUser getEncryptedUsernameIfNeeded:login withContext:[self context]]];
s = [NSString stringWithFormat: @"/SOGo/dav/%@", login];
userHREF = davElementWithContent (@"href", XMLNS_WEBDAV, s);
davCurrentUserPrincipal
= [davElementWithContent (@"current-user-principal",
SoObjects/SOGo/SOGoPublicBaseFolder.m
+2 -5
View File
@@ -32,11 +32,8 @@
acquire: (BOOL) acquire
{
id userFolder;
NSString *login;
login = [SOGoUser getDecryptedUsernameIfNeeded: key withContext: localContext];
if ([key length] > 0 && [SOGoUser userWithLogin: login roles: nil])
userFolder = [SOGoUserFolder objectWithName: login inContainer: self];
if ([key length] > 0 && [SOGoUser userWithLogin: key roles: nil])
userFolder = [SOGoUserFolder objectWithName: key inContainer: self];
else
userFolder = nil;
SoObjects/SOGo/SOGoUser.h
+2 -2
View File
@@ -136,8 +136,8 @@
- (SOGoContactFolder *) personalContactsFolderInContext: (WOContext *) context;
/* Encryption */
+ (NSString *)getEncryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context;
+ (NSString *)getDecryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context;
+ (NSString *)getEncryptedUsernameIfNeeded:(NSString *)username;
+ (NSString *)getDecryptedUsernameIfNeeded:(NSString *)username;
@end
SoObjects/SOGo/SOGoUser.m
+4 -9
View File
@@ -1201,25 +1201,22 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc";
}
/* Encryption */
+ (NSString *) getEncryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context
+ (NSString *) getEncryptedUsernameIfNeeded:(NSString *)username
{
NSException *exception;
NSString *tmp, *cacheKey;
SOGoCache *cache;
WORequest *request;
if (![[SOGoSystemDefaults sharedSystemDefaults] isURLEncryptionEnabled])
return username;
request = [context request];
cache = [SOGoCache sharedCache];
cacheKey = [NSString stringWithFormat: @"%@_%@_%@", kEncryptedUserNamePrefix, username, [request requestHandlerKey]];
cacheKey = [NSString stringWithFormat: @"%@_%@", kEncryptedUserNamePrefix, username];
exception = nil;
tmp = nil;
tmp = [cache valueForKey: cacheKey];
NSLog(@"DKEY %@ - %@", cacheKey, tmp);
if (tmp) {
return tmp;
} else {
@@ -1239,19 +1236,17 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc";
}
}
+ (NSString *) getDecryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context
+ (NSString *) getDecryptedUsernameIfNeeded:(NSString *)username
{
NSException *exception;
NSString *tmp, *cacheKey;
SOGoCache *cache;
WORequest *request;
if (![[SOGoSystemDefaults sharedSystemDefaults] isURLEncryptionEnabled])
return username;
request = [context request];
cache = [SOGoCache sharedCache];
cacheKey = [NSString stringWithFormat: @"%@_%@_%@", kEncryptedUserNamePrefix, username, [request requestHandlerKey]];
cacheKey = [NSString stringWithFormat: @"%@_%@", kEncryptedUserNamePrefix, username];
exception = nil;
tmp = nil;
SoObjects/SOGo/SOGoUserFolder.m
+1 -7
View File
@@ -87,13 +87,7 @@
}
- (NSString *) nameInContainer {
return [SOGoUser getEncryptedUsernameIfNeeded: [super nameInContainer] withContext: context];
}
- (NSString *) davURLAsString
{
return [[container davURLAsString]
stringByAppendingFormat: @"%@/", [self nameInContainer]];
return [SOGoUser getEncryptedUsernameIfNeeded: [super nameInContainer]];
}
/* ownership */
UI/MainUI/SOGoRootPage.m
+1 -1
View File
@@ -343,7 +343,7 @@ static const NSString *kJwtKey = @"jwt";
forKey: @"expire"];
[json setObject: [NSNumber numberWithInt: grace]
forKey: @"grace"];
[json setObject: [SOGoUser getEncryptedUsernameIfNeeded: username withContext: context]
[json setObject: [SOGoUser getEncryptedUsernameIfNeeded: username]
forKey: @"username"];
response = [self responseWithStatus: 200