From 4aadfd75c82b4ad33aa26953c18c3694d52a15b6 Mon Sep 17 00:00:00 2001 From: KoS Date: Sun, 23 Oct 2016 19:25:44 +0200 Subject: [PATCH 1/2] IMAP login can be restricted to a specific domain name. --- user_external/lib/imap.php | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/user_external/lib/imap.php b/user_external/lib/imap.php index 3ccebf094..4c5c57a78 100644 --- a/user_external/lib/imap.php +++ b/user_external/lib/imap.php @@ -17,16 +17,19 @@ */ class OC_User_IMAP extends \OCA\user_external\Base { private $mailbox; + private $domain; /** * Create new IMAP authentication provider * * @param string $mailbox PHP imap_open mailbox definition, e.g. * {127.0.0.1:143/imap/readonly} + * @param string $domain If provided, loging will be restricted to this domain */ - public function __construct($mailbox) { + public function __construct($mailbox, $domain = '') { parent::__construct($mailbox); $this->mailbox=$mailbox; + $this->domain=$domain; } /** @@ -42,7 +45,23 @@ public function checkPassword($uid, $password) { OCP\Util::writeLog('user_external', 'ERROR: PHP imap extension is not installed', OCP\Util::ERROR); return false; } - $mbox = @imap_open($this->mailbox, $uid, $password, OP_HALFOPEN, 1); + + // Check if we only want logins from ONE domain and strip the domain part from UID + if($this->domain != '') { + $pieces = explode('@', $uid); + if(count($pieces) == 1) { + $username = $uid . "@" . $this->domain; + }elseif((count($pieces) == 2) and ($pieces[1] == $this->domain)) { + $username = $uid; + $uid = $pieces[0]; + }else{ + return false; + } + }else{ + $username = $uid; + } + + $mbox = @imap_open($this->mailbox, $username, $password, OP_HALFOPEN, 1); imap_errors(); imap_alerts(); if($mbox !== FALSE) { From eb092576f2234374fd0a851b657b1b07f7545c5d Mon Sep 17 00:00:00 2001 From: KoS Date: Sun, 23 Oct 2016 19:28:10 +0200 Subject: [PATCH 2/2] IMAP login can be restricted to a specific domain name. --- user_external/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user_external/README.md b/user_external/README.md index 3138f023a..c6ab2661d 100644 --- a/user_external/README.md +++ b/user_external/README.md @@ -66,12 +66,16 @@ Add the following to your `config.php`: array( 'class' => 'OC_User_IMAP', 'arguments' => array( - '{127.0.0.1:143/imap/readonly}', + '{127.0.0.1:143/imap/readonly}', 'example.com' ), ), ), This connects to the IMAP server on IP `127.0.0.1`, in readonly mode. +If a domain name (e.g. example.com) is specified, then this makes sure that +only users from this domain will be allowed to login. After successfull +login the domain part will be striped and the rest used as username in +NextCloud. e.g. 'username@example.com' will be 'username' in NextCloud. Read the [imap_open][0] PHP manual page to learn more about the allowed parameters.