diff --git a/Dockerfile b/Dockerfile index a26a8ef88251d47187536b15d3b4c179ba6b73d8..d62f59663a499f4ae5e13892ad2e843169f0be8b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ ARG EA_JOB_ID="882534" ARG LAUNCHER_JOB_ID="881954" ARG GOOGLE_INTEGRATION_VERSION="2.2.0" ARG DASHBOARD_JOB_ID="881962" -ARG SNAPPY_VERSION="2.36.0" +ARG SNAPPY_VERSION="2.36.1" ARG SNAPPY_THEME_VERSION="4.0.0" ARG USER_MIGRATION_JOB_ID="881933" ARG MEMORIES_VERSION="6.2.2" @@ -152,6 +152,7 @@ RUN patch -u ${BASE_DIR}/lib/private/Template/JSResourceLocator.php -i ${TMP_PAT RUN patch -u ${BASE_DIR}/lib/private/L10N/Factory.php -i ${TMP_PATCH_DIR}/032-select-lang-from-session.patch # UserConfigChangedEvent Ref: https://github.com/nextcloud/server/pull/42039 RUN cd ${BASE_DIR} && patch -p1 < ${TMP_PATCH_DIR}/036-user-config-change-event.patch +RUN patch --binary -u ${BASE_DIR}/custom_apps/snappymail/lib/Util/SnappyMailHelper.php -i ${TMP_PATCH_DIR}/037-snappy-oidc-autologin.patch RUN rm -rf ${TMP_PATCH_DIR} # Custom theme diff --git a/patches/037-snappy-oidc-autologin.patch b/patches/037-snappy-oidc-autologin.patch new file mode 100644 index 0000000000000000000000000000000000000000..b68806ff9df05d6dce036eb84de526c9b6c8283c --- /dev/null +++ b/patches/037-snappy-oidc-autologin.patch @@ -0,0 +1,53 @@ +--- SnappyMailHelper.php 2024-05-01 16:45:20 ++++ SnappyMailHelper-new.php 2024-05-01 16:45:26 +@@ -91,9 +91,18 @@ + */ + if ($doLogin && $aCredentials[1] && $aCredentials[2]) { + try { +- $oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]); +- if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) { +- $oActions->SetSignMeToken($oAccount); ++ $ocSession = \OC::$server->getSession(); ++ if ($ocSession->get('is_oidc')) { ++ $pwd = new \SnappyMail\SensitiveString($aCredentials[1]); ++ $oAccount = $oActions->LoginProcess($aCredentials[1], $pwd); ++ if ($oAccount) { ++ $oActions->SetSignMeToken($oAccount); ++ } ++ } else{ ++ $oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]); ++ if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) { ++ $oActions->SetSignMeToken($oAccount); ++ } + } + } catch (\Throwable $e) { + // Login failure, reset password to prevent more attempts +@@ -140,22 +149,23 @@ + // If the current user ID is identical to login ID (not valid when using account switching), + // this has the second priority. + if ($ocSession['snappymail-nc-uid'] == $sUID) { +-/* ++ + // If OpenID Connect (OIDC) is enabled and used for login, use this. + // https://apps.nextcloud.com/apps/oidc_login + // DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917 +- if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) { ++ // if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) { + if ($ocSession->get('is_oidc')) { + // IToken->getPassword() ??? + if ($sAccessToken = $ocSession->get('oidc_access_token')) { +- return [$sUID, 'oidc@nextcloud', $sAccessToken]; ++ $sEmail = $config->getUserValue($sUID, 'settings', 'email'); ++ return [$sUID, $sEmail, $sAccessToken]; + } + \SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing'); + } else { + \SnappyMail\Log::debug('Nextcloud', 'No OIDC login'); + } +- } +-*/ ++ //} ++ + // Only use the user's password in the current session if they have + // enabled auto-login using Nextcloud username or email address. + $sEmail = '';