From 2748d1dd081358c353624591fe302b1684488a4e Mon Sep 17 00:00:00 2001 From: smizrahi Date: Tue, 2 Jan 2024 13:46:46 +0100 Subject: [PATCH] feat(core): Add URL encryption for GDPR compliancy. Remove dav encryption --- Main/SOGo.m | 3 +-- .../Appointments/SOGoUserFolder+Appointments.m | 4 ++-- SoObjects/SOGo/SOGoDAVAuthenticator.h | 2 -- SoObjects/SOGo/SOGoDAVAuthenticator.m | 15 ++------------- SoObjects/SOGo/SOGoGCSFolder.m | 2 +- SoObjects/SOGo/SOGoObject.m | 16 ++++++++++++++-- SoObjects/SOGo/SOGoPublicBaseFolder.m | 7 ++----- SoObjects/SOGo/SOGoUser.h | 4 ++-- SoObjects/SOGo/SOGoUser.m | 13 ++++--------- SoObjects/SOGo/SOGoUserFolder.m | 8 +------- UI/MainUI/SOGoRootPage.m | 2 +- 11 files changed, 30 insertions(+), 46 deletions(-) diff --git a/Main/SOGo.m b/Main/SOGo.m index f625e71f9..d4edb3719 100644 --- a/Main/SOGo.m +++ b/Main/SOGo.m @@ -351,7 +351,6 @@ static BOOL debugLeaks; authenticator = [SOGoWebAuthenticator sharedSOGoWebAuthenticator]; else { authenticator = [SOGoDAVAuthenticator sharedSOGoDAVAuthenticator]; - [authenticator setContext: context]; } } @@ -369,7 +368,7 @@ static BOOL debugLeaks; NSData *decodedLogin; NSString *login; - login = [SOGoUser getDecryptedUsernameIfNeeded: _key withContext: _ctx]; + login = [SOGoUser getDecryptedUsernameIfNeeded: _key]; user = [SOGoUser userWithLogin: login roles: nil]; if (user) diff --git a/SoObjects/Appointments/SOGoUserFolder+Appointments.m b/SoObjects/Appointments/SOGoUserFolder+Appointments.m index 83ace9099..2d630d316 100644 --- a/SoObjects/Appointments/SOGoUserFolder+Appointments.m +++ b/SoObjects/Appointments/SOGoUserFolder+Appointments.m @@ -88,7 +88,7 @@ } tag = [NSArray arrayWithObjects: @"href", XMLNS_WEBDAV, @"D", - [NSString stringWithFormat: @"/SOGo/dav/%@/", [self nameInContainer]], + [NSString stringWithFormat: @"/SOGo/dav/%@/", nameInContainer], nil]; [addresses addObjectUniquely: tag]; @@ -128,7 +128,7 @@ } tag = [NSArray arrayWithObjects: @"href", XMLNS_WEBDAV, @"D", - [NSString stringWithFormat: @"/SOGo/dav/%@/", [self nameInContainer]], + [NSString stringWithFormat: @"/SOGo/dav/%@/", nameInContainer], nil]; [addresses addObjectUniquely: tag]; diff --git a/SoObjects/SOGo/SOGoDAVAuthenticator.h b/SoObjects/SOGo/SOGoDAVAuthenticator.h index 57dea67f8..acbdb2349 100644 --- a/SoObjects/SOGo/SOGoDAVAuthenticator.h +++ b/SoObjects/SOGo/SOGoDAVAuthenticator.h @@ -29,8 +29,6 @@ @interface SOGoDAVAuthenticator : SoHTTPAuthenticator -WOContext *context; - + (id) sharedSOGoDAVAuthenticator; @end diff --git a/SoObjects/SOGo/SOGoDAVAuthenticator.m b/SoObjects/SOGo/SOGoDAVAuthenticator.m index 82d1b3a08..5a5531dad 100644 --- a/SoObjects/SOGo/SOGoDAVAuthenticator.m +++ b/SoObjects/SOGo/SOGoDAVAuthenticator.m @@ -41,19 +41,11 @@ { static SOGoDAVAuthenticator *auth = nil; - if (!auth) { - auth = [self new]; - context = nil; - } + auth = [self new]; return auth; } -- (void) setContext: (WOContext *) _context -{ - context = _context; -} - - (BOOL) checkLogin: (NSString *) _login password: (NSString *) _pwd { @@ -75,10 +67,7 @@ expire: &expire grace: &grace] && perr == PolicyNoError); - if (context) { - [SOGoUser getEncryptedUsernameIfNeeded: [_login stringByReplacingString: @"%40" - withString: @"@"] withContext: context]; // Create cache entry - } + if (!rc) { sd = [SOGoSystemDefaults sharedSystemDefaults]; diff --git a/SoObjects/SOGo/SOGoGCSFolder.m b/SoObjects/SOGo/SOGoGCSFolder.m index f5bc834a3..58a958de8 100644 --- a/SoObjects/SOGo/SOGoGCSFolder.m +++ b/SoObjects/SOGo/SOGoGCSFolder.m @@ -533,7 +533,7 @@ static NSArray *childRecordFields = nil; publicParticle = @""; path = [NSString stringWithFormat: @"/%@/dav%@/%@/%@/%@/", appName, publicParticle, - [[SOGoUser getEncryptedUsernameIfNeeded:[self ownerInContext: nil] withContext: context] stringByEscapingURL], + [[self ownerInContext: nil] stringByEscapingURL], [[container nameInContainer] stringByEscapingURL], [[self realNameInContainer] stringByEscapingURL]]; currentDavURL = [self davURL]; diff --git a/SoObjects/SOGo/SOGoObject.m b/SoObjects/SOGo/SOGoObject.m index 744fa224a..6435f932c 100644 --- a/SoObjects/SOGo/SOGoObject.m +++ b/SoObjects/SOGo/SOGoObject.m @@ -365,7 +365,7 @@ NSString *usersUrl; usersUrl = [NSString stringWithFormat: @"%@%@/", - [[WOApplication application] davURLAsString], [SOGoUser getEncryptedUsernameIfNeeded: owner withContext: context]]; + [[WOApplication application] davURLAsString], owner]; ownerHREF = davElementWithContent (@"href", XMLNS_WEBDAV, usersUrl); return [davElementWithContent (@"owner", XMLNS_WEBDAV, ownerHREF) @@ -946,6 +946,7 @@ NSMutableArray *path; NSString *baseURL, *urlMethod, *fullHost; NSNumber *port; + int i; serverURL = [context serverURL]; baseURL = [[self baseURLInContext: context] stringByUnescapingURL]; @@ -973,6 +974,17 @@ else fullHost = [serverURL host]; + for (i = 0 ; i < [path count] ; i++) { + // For DAV url, the username must be decrypted + // Username is placed afted dav in url components + if ([[[path objectAtIndex: i] lowercaseString] isEqualToString:@"dav"]) { + if ([path count] > (i + 1)) { + [path replaceObjectAtIndex: (i +1) + withObject: [SOGoUser getDecryptedUsernameIfNeeded: [path objectAtIndex: (i + 1)]]]; + } + } + } + url = [[NSURL alloc] initWithScheme: [serverURL scheme] host: fullHost path: [path componentsJoinedByString: @"/"]]; @@ -1227,7 +1239,7 @@ davCurrentUserPrincipal = nil; else { - s = [NSString stringWithFormat: @"/SOGo/dav/%@", [SOGoUser getEncryptedUsernameIfNeeded:login withContext:[self context]]]; + s = [NSString stringWithFormat: @"/SOGo/dav/%@", login]; userHREF = davElementWithContent (@"href", XMLNS_WEBDAV, s); davCurrentUserPrincipal = [davElementWithContent (@"current-user-principal", diff --git a/SoObjects/SOGo/SOGoPublicBaseFolder.m b/SoObjects/SOGo/SOGoPublicBaseFolder.m index 2e7f7fab7..1452213b5 100644 --- a/SoObjects/SOGo/SOGoPublicBaseFolder.m +++ b/SoObjects/SOGo/SOGoPublicBaseFolder.m @@ -32,11 +32,8 @@ acquire: (BOOL) acquire { id userFolder; - NSString *login; - - login = [SOGoUser getDecryptedUsernameIfNeeded: key withContext: localContext]; - if ([key length] > 0 && [SOGoUser userWithLogin: login roles: nil]) - userFolder = [SOGoUserFolder objectWithName: login inContainer: self]; + if ([key length] > 0 && [SOGoUser userWithLogin: key roles: nil]) + userFolder = [SOGoUserFolder objectWithName: key inContainer: self]; else userFolder = nil; diff --git a/SoObjects/SOGo/SOGoUser.h b/SoObjects/SOGo/SOGoUser.h index c82456138..a15e2d0e3 100644 --- a/SoObjects/SOGo/SOGoUser.h +++ b/SoObjects/SOGo/SOGoUser.h @@ -136,8 +136,8 @@ - (SOGoContactFolder *) personalContactsFolderInContext: (WOContext *) context; /* Encryption */ -+ (NSString *)getEncryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context; -+ (NSString *)getDecryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context; ++ (NSString *)getEncryptedUsernameIfNeeded:(NSString *)username; ++ (NSString *)getDecryptedUsernameIfNeeded:(NSString *)username; @end diff --git a/SoObjects/SOGo/SOGoUser.m b/SoObjects/SOGo/SOGoUser.m index 652d66e51..4dfc86e5e 100644 --- a/SoObjects/SOGo/SOGoUser.m +++ b/SoObjects/SOGo/SOGoUser.m @@ -1201,25 +1201,22 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc"; } /* Encryption */ -+ (NSString *) getEncryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context ++ (NSString *) getEncryptedUsernameIfNeeded:(NSString *)username { NSException *exception; NSString *tmp, *cacheKey; SOGoCache *cache; - WORequest *request; if (![[SOGoSystemDefaults sharedSystemDefaults] isURLEncryptionEnabled]) return username; - request = [context request]; cache = [SOGoCache sharedCache]; - cacheKey = [NSString stringWithFormat: @"%@_%@_%@", kEncryptedUserNamePrefix, username, [request requestHandlerKey]]; + cacheKey = [NSString stringWithFormat: @"%@_%@", kEncryptedUserNamePrefix, username]; exception = nil; tmp = nil; tmp = [cache valueForKey: cacheKey]; - NSLog(@"DKEY %@ - %@", cacheKey, tmp); if (tmp) { return tmp; } else { @@ -1239,19 +1236,17 @@ static const NSString *kEncryptedUserNamePrefix = @"uenc"; } } -+ (NSString *) getDecryptedUsernameIfNeeded:(NSString *)username withContext:(WOContext *)context ++ (NSString *) getDecryptedUsernameIfNeeded:(NSString *)username { NSException *exception; NSString *tmp, *cacheKey; SOGoCache *cache; - WORequest *request; if (![[SOGoSystemDefaults sharedSystemDefaults] isURLEncryptionEnabled]) return username; - request = [context request]; cache = [SOGoCache sharedCache]; - cacheKey = [NSString stringWithFormat: @"%@_%@_%@", kEncryptedUserNamePrefix, username, [request requestHandlerKey]]; + cacheKey = [NSString stringWithFormat: @"%@_%@", kEncryptedUserNamePrefix, username]; exception = nil; tmp = nil; diff --git a/SoObjects/SOGo/SOGoUserFolder.m b/SoObjects/SOGo/SOGoUserFolder.m index ba81d87da..57f3b46b3 100644 --- a/SoObjects/SOGo/SOGoUserFolder.m +++ b/SoObjects/SOGo/SOGoUserFolder.m @@ -87,13 +87,7 @@ } - (NSString *) nameInContainer { - return [SOGoUser getEncryptedUsernameIfNeeded: [super nameInContainer] withContext: context]; -} - -- (NSString *) davURLAsString -{ - return [[container davURLAsString] - stringByAppendingFormat: @"%@/", [self nameInContainer]]; + return [SOGoUser getEncryptedUsernameIfNeeded: [super nameInContainer]]; } /* ownership */ diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m index 32f1237e7..237abbfc9 100644 --- a/UI/MainUI/SOGoRootPage.m +++ b/UI/MainUI/SOGoRootPage.m @@ -343,7 +343,7 @@ static const NSString *kJwtKey = @"jwt"; forKey: @"expire"]; [json setObject: [NSNumber numberWithInt: grace] forKey: @"grace"]; - [json setObject: [SOGoUser getEncryptedUsernameIfNeeded: username withContext: context] + [json setObject: [SOGoUser getEncryptedUsernameIfNeeded: username] forKey: @"username"]; response = [self responseWithStatus: 200