Merge branch 'login-with-murena-patch' into 'nc-21'

ARG ECLOUD_LAUNCHER_JOB_ID="222001"

ARG GOOGLE_INTEGRATION_VERSION="1.0.6"

RUN sed -i 's/21,0,9,1/21,0,9,9/' ${BASE_DIR}/version.php

RUN sed -i 's/21,0,9,1/21,0,9,11/' ${BASE_DIR}/version.php

# Install unzip for unzipping artifacts

RUN apt-get update && apt-get install unzip 

# Patches

COPY patches/ ${TMP_PATCH_DIR}/

RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch

RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch

RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch

only the admin user (also configured in env var) will not have his login appended with a @domain suffix

diff --git files/LoginController.php files/LoginController-new.php

--- files/LoginController.php	2021-02-04 11:20:48.000000000 +0100

+++ files/LoginController-new.php	2021-02-04 11:24:27.000000000 +0100

@@ -299,6 +299,15 @@

--- ./core/Controller/LoginController.php 2022-04-22 12:31:59.886885713 +0530

+++ ./core/Controller/LoginController-new.php 2022-04-22 12:45:10.995439187 +0530

@@ -299,6 +299,23 @@

 			return $this->generateRedirect($redirect_url);

 		}

+		$user = trim($user);

+		$user = mb_strtolower($user, 'UTF-8');

+		$domain = $this->config->getSystemValue("mail_domain");

+		$domain_suffix = "@$domain";

+		$domain = $this->config->getSystemValue('mail_domain', '');

+		$domain_suffix = !empty($domain) ? '@' . $domain : '';

+		$alt_domain = $this->config->getSystemValue('alt_mail_domain', '');

+		$alt_domain_suffix = !empty($alt_domain) ? '@'  . $alt_domain : '';

+		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];

+		if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) {

+		$is_admin = strcmp($user, $admin_username) === 0;

+

+		if(!$is_admin) {

+				$user = str_replace($alt_domain_suffix, $domain_suffix, $user);

+		}

+

+		if (!$is_admin && stristr($user, $domain_suffix) === FALSE) {

+				$user = $user . $domain_suffix;

+		}

+

 		$data = new LoginData(

 			$this->request,

 			trim($user),

--- ./core/Controller/WebAuthnController.php	2022-04-22 15:05:36.640254016 +0530

+++ ./core/Controller/WebAuthnController-new.php	2022-04-22 15:06:27.590436349 +0530

@@ -74,6 +74,22 @@

 		$this->logger->debug('Converting login name to UID');

 		$uid = $loginName;

+		$uid = trim($uid);

+		$uid = mb_strtolower($uid, 'UTF-8');

+		$domain = \OC::$server->getConfig()->getSystemValue('mail_domain', '');

+		$domain_suffix = !empty($domain) ? '@' . $domain : '';

+		$alt_domain = \OC::$server->getConfig()->getSystemValue('alt_mail_domain', '');

+		$alt_domain_suffix = !empty($alt_domain) ? '@'  . $alt_domain : '';

+		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];

+		$is_admin = strcmp($uid, $admin_username) === 0;

+

+		if(!$is_admin) {

+						$uid = str_replace($alt_domain_suffix, $domain_suffix, $uid);

+		}

+

+		if (!$is_admin && stristr($uid, $domain_suffix) === FALSE) {

+						$uid = $uid . $domain_suffix;

+		}

 		Util::emitHook(

 			'\OCA\Files_Sharing\API\Server2Server',

 			'preLoginNameUsedAsUserName',

This patch adds the necessary changes to core NC controller and template for "email-recovery" app to work correctly. Instead of the user's email address, the user's recovery email address set through the "email-recovery" app is used for the password reset email. Further the user's "email" in the template(so that users cannot edit it).

diff --git ./core/Controller/LostController.php ./core/Controller/LostController.new.php

--- ./core/Controller/LostController.php	2021-03-26 09:51:09.317785801 +0530

+++ ./core/Controller/LostController.new.php	2021-03-26 09:51:35.490073707 +0530

@@ -194,6 +194,13 @@

--- ./core/Controller/LostController.php	2022-04-22 13:12:21.012446926 +0530

+++ ./core/Controller/LostController.new.php	2022-04-22 13:19:46.217355408 +0530

@@ -194,6 +194,16 @@

 	 * @throws \Exception

 	 */

 	protected function checkPasswordResetToken($token, $userId) {

+		$domain = $this->config->getSystemValue("mail_domain");

+		$domainSuffix = "@$domain";

+		$domain = $this->config->getSystemValue('mail_domain', '');

+		$domainSuffix = !empty($domain) ? '@' . $domain : '';

+		$altDomain = $this->config->getSystemValue('alt_mail_domain', '');

+		$altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : '';

+		

+		$userId = str_replace($altDomainSuffix, $domainSuffix, $userId);

+		if(stristr($userId, $domainSuffix) === FALSE ) {

+			$userId = $userId . $domainSuffix;

+		}

 		$user = $this->userManager->get($userId);

 		if ($user === null || !$user->isEnabled()) {

 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));

@@ -205,8 +212,9 @@

@@ -205,8 +215,9 @@

 		}

 		try {

 		} catch (\Exception $e) {

 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));

 		}

@@ -333,8 +341,15 @@

@@ -333,8 +344,18 @@

 	 * @throws \OCP\PreConditionNotMetException

 	 */

 	protected function sendEmail($input) {

+		$domain = $this->config->getSystemValue("mail_domain");

+		$domainSuffix = "@$domain";

+		$domain = $this->config->getSystemValue('mail_domain', '');

+		$domainSuffix = !empty($domain) ? '@' . $domain : '';

+		$altDomain = $this->config->getSystemValue('alt_mail_domain', '');

+		$altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : '';

+		

+		$input = str_replace($altDomainSuffix, $domainSuffix, $input);

+		if(stristr($input, $domainSuffix) === FALSE ) {

+			$input = $input . $domainSuffix;

+		}