amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-09 21:45:26 +00:00
Code Issues Projects Releases Wiki Activity

opendid part2

Browse Source
This commit is contained in:
Hivert Quentin
2025-02-27 09:21:54 +01:00
parent 912ab12165
commit db72c27980
31 changed files with 1586 additions and 459 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SoObjects/SOGo/SOGoWebAuthenticator.m
+69 -18
View File
@@ -134,11 +134,36 @@
SOGoOpenIdSession * openIdSession;
SOGoSystemDefaults *sd;
NSString *authenticationType;
NSString* loginDomain;
BOOL rc;
sd = [SOGoSystemDefaults sharedSystemDefaults];
NSLog(@"B Credentials are %@", _login);
//Basic check
if(!_login)
return NO;
if(_login && [_login length] == 0)
return NO;
loginDomain = nil;
if(*_domain == nil || [*_domain length] == 0)
{
NSRange r;
r = [_login rangeOfString: @"@"];
if (r.location != NSNotFound)
{
loginDomain = [_login substringFromIndex: r.location+1];
}
}
if(loginDomain)
NSLog(@"C domain are %@", loginDomain);
if([sd doesLoginTypeByDomain])
authenticationType = [sd getLoginTypeForDomain: loginDomain];
else
authenticationType = [sd authenticationType];
authenticationType = [sd authenticationType];
if ([authenticationType isEqualToString: @"cas"])
{
casSession = [SOGoCASSession CASSessionWithIdentifier: _pwd fromProxy: NO];
@@ -149,7 +174,7 @@
}
else if ([authenticationType isEqualToString: @"openid"])
{
openIdSession = [SOGoOpenIdSession OpenIdSessionWithToken: _pwd];
openIdSession = [SOGoOpenIdSession OpenIdSessionWithToken: _pwd domain: loginDomain];
if (openIdSession)
rc = [[openIdSession login: _login] isEqualToString: _login];
else
@@ -173,9 +198,8 @@
domain: _domain
perr: _perr
expire: _expire
grace: _grace
grace: _grace
useCache: _useCache];
//[self logWithFormat: @"Checked login with ppolicy enabled: %d %d %d", *_perr, *_expire, *_grace];
// It's important to return the real value here. The callee will handle
@@ -249,12 +273,15 @@
sessionKey = [creds objectAtIndex:1];
NSLog(@"AAAA decodevalue for");
[SOGoSession decodeValue: [SOGoSession valueForSessionKey: sessionKey]
usingKey: userKey
login: &login
domain: &domain
password: &pwd];
NSLog(@"A Credentials are %@", login);
if (![self checkLogin: login
password: pwd
domain: &domain
@@ -276,32 +303,42 @@
{
NSString *authType, *password;
SOGoSystemDefaults *sd;
SOGoUser *user;
NSRange r;
NSString *loginDomain, *login;
password = [self passwordInContext: context];
if ([password length])
{
user = [self userInContext: context];
login = [user loginInDomain];
r = [login rangeOfString: @"@"];
if (r.location != NSNotFound)
loginDomain = [login substringFromIndex: r.location+1];
else
loginDomain = nil;
sd = [SOGoSystemDefaults sharedSystemDefaults];
authType = [sd authenticationType];
if([sd doesLoginTypeByDomain])
authType = [sd getLoginTypeForDomain: loginDomain];
else
authType = [sd authenticationType];
if ([authType isEqualToString: @"cas"])
{
SOGoCASSession *session;
SOGoUser *user;
NSString *service, *scheme;
session = [SOGoCASSession CASSessionWithIdentifier: password
fromProxy: NO];
user = [self userInContext: context];
// Try configured CAS service name first
service = [[user domainDefaults] imapCASServiceName];
if (!service)
{
// We must NOT assume the scheme exists
scheme = [server scheme];
if (!scheme)
scheme = @"imap";
service = [NSString stringWithFormat: @"%@://%@",
scheme, [server host]];
}
@@ -310,17 +347,16 @@
[session invalidateTicketForService: service];
password = [session ticketForService: service];
if ([password length] || renew)
[session updateCache];
}
else if ([authType isEqualToString: @"openid"])
{
SOGoOpenIdSession* session;
NSString* currentToken;
//If the token has been refresh during the request, we need to use the new access_token
//as the one from the cookie is no more valid
session = [SOGoOpenIdSession OpenIdSessionWithToken: password];
session = [SOGoOpenIdSession OpenIdSessionWithToken: password domain: loginDomain];
password = [session getCurrentToken];
}
#if defined(SAML2_CONFIG)
@@ -453,21 +489,36 @@
{
NSArray *listCookies = nil;
SOGoSystemDefaults *sd;
NSString *authType;
NSString *authType, *username, *login, *loginDomain;
NSRange r;
SOGoUser *user;
user = [self userInContext: _ctx];
login = [user loginDomain];
r = [login rangeOfString: @"@"];
if (r.location != NSNotFound)
loginDomain = [login substringFromIndex: r.location+1];
else
loginDomain = nil;
sd = [SOGoSystemDefaults sharedSystemDefaults];
authType = [sd authenticationType];
if(loginDomain && [sd doesLoginTypeByDomain])
authType = [sd getLoginTypeForDomain: loginDomain];
else
authType = [sd authenticationType];
if([authType isEqualToString:@"openid"] && [sd openIdEnableRefreshToken])
{
NSString *currentPassword, *newPassword, *username;
NSString *currentPassword, *newPassword;
SOGoOpenIdSession *openIdSession;
WOCookie* newCookie;
currentPassword = [self passwordInContext: _ctx];
newPassword = [self imapPasswordInContext: _ctx forURL: nil forceRenew: NO];
if(currentPassword && newPassword && ![newPassword isEqualToString: currentPassword])
{
openIdSession = [SOGoOpenIdSession OpenIdSessionWithToken: newPassword];
openIdSession = [SOGoOpenIdSession OpenIdSessionWithToken: newPassword domain: loginDomain];
if (openIdSession)
username = [openIdSession login: @""]; //Force to refresh the name
else