From 4379aafadfcac10d96eed2d0ad916f35d336894a Mon Sep 17 00:00:00 2001 From: Ronak Patel Date: Thu, 21 Apr 2022 18:09:21 +0530 Subject: [PATCH 1/8] added patch to allow murana domain --- Dockerfile | 2 +- .../015-allow-login-with-murena-domain.patch | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 patches/015-allow-login-with-murena-domain.patch diff --git a/Dockerfile b/Dockerfile index 5bc0506c..38538a3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -97,7 +97,7 @@ RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('t # Patches COPY patches/ ${TMP_PATCH_DIR}/ -RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch +RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/015-allow-login-with-murena-domain.patch RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch diff --git a/patches/015-allow-login-with-murena-domain.patch b/patches/015-allow-login-with-murena-domain.patch new file mode 100644 index 00000000..79393eb6 --- /dev/null +++ b/patches/015-allow-login-with-murena-domain.patch @@ -0,0 +1,21 @@ +--- /home/ronak/Desktop/ecloud-local/ecloud_dev_example/volumes/nextcloud/html/core/Controller/LoginController.php 2022-03-10 13:18:55.378184914 +0530 ++++ /home/ronak/Desktop/ecloud-local/ecloud_dev_example/volumes/nextcloud/html/core/Controller/LoginController-new.php 2022-03-10 13:41:35.100967179 +0530 +@@ -299,6 +299,18 @@ + return $this->generateRedirect($redirect_url); + } + ++ $user = trim($user); ++ $user = mb_strtolower($user, 'UTF-8'); ++ $domain = $this->config->getSystemValue("login_domain"); ++ $domain_suffix = "@$domain"; ++ $r_user = $user; ++ $alt_domain = $this->config->getSystemValue("alt_login_domain"); ++ $alt_domain_suffix = "@$alt_domain"; ++ $user = str_replace($alt_domain_suffix, $domain_suffix, $user); ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { ++ $user = $user . $domain_suffix; ++ } + $data = new LoginData( + $this->request, + trim($user), -- GitLab From c9e71ef759925a14daf6447fcdd92ad99fb13a83 Mon Sep 17 00:00:00 2001 From: Ronak Patel Date: Thu, 21 Apr 2022 20:16:25 +0530 Subject: [PATCH 2/8] change in 002 patch file only --- Dockerfile | 2 +- patches/002-login-without-domain.patch | 6 +++++- .../015-allow-login-with-murena-domain.patch | 21 ------------------- 3 files changed, 6 insertions(+), 23 deletions(-) delete mode 100644 patches/015-allow-login-with-murena-domain.patch diff --git a/Dockerfile b/Dockerfile index 38538a3a..5bc0506c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -97,7 +97,7 @@ RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('t # Patches COPY patches/ ${TMP_PATCH_DIR}/ -RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/015-allow-login-with-murena-domain.patch +RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 6e670628..49538975 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -15,8 +15,12 @@ diff --git files/LoginController.php files/LoginController-new.php + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); -+ $domain = $this->config->getSystemValue("mail_domain"); ++ $domain = $this->config->getSystemValue("login_domain"); + $domain_suffix = "@$domain"; ++ $r_user = $user; ++ $alt_domain = $this->config->getSystemValue("alt_login_domain"); ++ $alt_domain_suffix = "@$alt_domain"; ++ $user = str_replace($alt_domain_suffix, $domain_suffix, $user); + $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; + if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { + $user = $user . $domain_suffix; diff --git a/patches/015-allow-login-with-murena-domain.patch b/patches/015-allow-login-with-murena-domain.patch deleted file mode 100644 index 79393eb6..00000000 --- a/patches/015-allow-login-with-murena-domain.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- /home/ronak/Desktop/ecloud-local/ecloud_dev_example/volumes/nextcloud/html/core/Controller/LoginController.php 2022-03-10 13:18:55.378184914 +0530 -+++ /home/ronak/Desktop/ecloud-local/ecloud_dev_example/volumes/nextcloud/html/core/Controller/LoginController-new.php 2022-03-10 13:41:35.100967179 +0530 -@@ -299,6 +299,18 @@ - return $this->generateRedirect($redirect_url); - } - -+ $user = trim($user); -+ $user = mb_strtolower($user, 'UTF-8'); -+ $domain = $this->config->getSystemValue("login_domain"); -+ $domain_suffix = "@$domain"; -+ $r_user = $user; -+ $alt_domain = $this->config->getSystemValue("alt_login_domain"); -+ $alt_domain_suffix = "@$alt_domain"; -+ $user = str_replace($alt_domain_suffix, $domain_suffix, $user); -+ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -+ if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { -+ $user = $user . $domain_suffix; -+ } - $data = new LoginData( - $this->request, - trim($user), -- GitLab From 53af05cfb37ad26d253f2ac0466e19003e48dcb7 Mon Sep 17 00:00:00 2001 From: Ronak Patel Date: Thu, 21 Apr 2022 20:17:25 +0530 Subject: [PATCH 3/8] replaced mail_domain --- patches/002-login-without-domain.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 49538975..57dd5d39 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -15,10 +15,10 @@ diff --git files/LoginController.php files/LoginController-new.php + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); -+ $domain = $this->config->getSystemValue("login_domain"); ++ $domain = $this->config->getSystemValue("mail_domain"); + $domain_suffix = "@$domain"; + $r_user = $user; -+ $alt_domain = $this->config->getSystemValue("alt_login_domain"); ++ $alt_domain = $this->config->getSystemValue("alt_mail_domain"); + $alt_domain_suffix = "@$alt_domain"; + $user = str_replace($alt_domain_suffix, $domain_suffix, $user); + $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -- GitLab From 27f4d2908f19bbaa1754cd051c924c39818bc22b Mon Sep 17 00:00:00 2001 From: Ronak Patel Date: Thu, 21 Apr 2022 20:57:26 +0530 Subject: [PATCH 4/8] added condition to check if mail_domain found --- patches/002-login-without-domain.patch | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 57dd5d39..2906ba36 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -16,14 +16,18 @@ diff --git files/LoginController.php files/LoginController-new.php + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); + $domain = $this->config->getSystemValue("mail_domain"); -+ $domain_suffix = "@$domain"; -+ $r_user = $user; -+ $alt_domain = $this->config->getSystemValue("alt_mail_domain"); -+ $alt_domain_suffix = "@$alt_domain"; -+ $user = str_replace($alt_domain_suffix, $domain_suffix, $user); -+ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -+ if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { -+ $user = $user . $domain_suffix; ++ if($domain){ ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ $domain_suffix = "@$domain"; ++ $r_user = $user; ++ $alt_domain = $this->config->getSystemValue("alt_mail_domain"); ++ if($alt_domain){ ++ $alt_domain_suffix = "@$alt_domain"; ++ $user = str_replace($alt_domain_suffix, $domain_suffix, $user); ++ } ++ if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { ++ $user = $user . $domain_suffix; ++ } + } + $data = new LoginData( -- GitLab From aa810ea65ddcd05c0501caf1623b575ce86fadf0 Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 22 Apr 2022 13:12:05 +0530 Subject: [PATCH 5/8] alt_mail_domain login patch --- patches/002-login-without-domain.patch | 28 +++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 2906ba36..44c144ce 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -7,27 +7,27 @@ This patch auto append the domain handled by nc, configured in env var. only the admin user (also configured in env var) will not have his login appended with a @domain suffix diff --git files/LoginController.php files/LoginController-new.php ---- files/LoginController.php 2021-02-04 11:20:48.000000000 +0100 -+++ files/LoginController-new.php 2021-02-04 11:24:27.000000000 +0100 -@@ -299,6 +299,15 @@ +--- files/LoginController.php 2022-04-22 12:31:59.886885713 +0530 ++++ files/LoginController-new.php 2022-04-22 12:45:10.995439187 +0530 +@@ -299,6 +299,23 @@ return $this->generateRedirect($redirect_url); } + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); -+ $domain = $this->config->getSystemValue("mail_domain"); -+ if($domain){ -+ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -+ $domain_suffix = "@$domain"; -+ $r_user = $user; -+ $alt_domain = $this->config->getSystemValue("alt_mail_domain"); -+ if($alt_domain){ -+ $alt_domain_suffix = "@$alt_domain"; ++ $domain = $this->config->getSystemValue('mail_domain', ''); ++ $domain_suffix = !empty($domain) ? '@' . $domain : ''; ++ $alt_domain = $this->config->getSystemValue('alt_mail_domain', ''); ++ $alt_domain_suffix = !empty($alt_domain) ? '@' . $alt_domain : ''; ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ $is_admin = strcmp($user, $admin_username) === 0; ++ ++ if(!$is_admin) { + $user = str_replace($alt_domain_suffix, $domain_suffix, $user); -+ } -+ if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) { ++ } ++ ++ if (!$is_admin && stristr($user, $domain_suffix) === FALSE) { + $user = $user . $domain_suffix; -+ } + } + $data = new LoginData( -- GitLab From 05836a5f3f702c493ece7b16197fc0c268ea1797 Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 22 Apr 2022 13:22:03 +0530 Subject: [PATCH 6/8] alt_mail_domain reset password patch --- patches/006-recovery-email-changes.patch | 28 ++++++++++++++---------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/patches/006-recovery-email-changes.patch b/patches/006-recovery-email-changes.patch index adc5377e..607524ac 100644 --- a/patches/006-recovery-email-changes.patch +++ b/patches/006-recovery-email-changes.patch @@ -5,15 +5,18 @@ Subject: [PATCH] Makes password reset links use recovery email set through "emai This patch adds the necessary changes to core NC controller and template for "email-recovery" app to work correctly. Instead of the user's email address, the user's recovery email address set through the "email-recovery" app is used for the password reset email. Further the user's "email" in the template(so that users cannot edit it). diff --git ./core/Controller/LostController.php ./core/Controller/LostController.new.php ---- ./core/Controller/LostController.php 2021-03-26 09:51:09.317785801 +0530 -+++ ./core/Controller/LostController.new.php 2021-03-26 09:51:35.490073707 +0530 -@@ -194,6 +194,13 @@ +--- ./core/Controller/LostController.php 2022-04-22 13:12:21.012446926 +0530 ++++ ./core/Controller/LostController.new.php 2022-04-22 13:19:46.217355408 +0530 +@@ -194,6 +194,16 @@ * @throws \Exception */ protected function checkPasswordResetToken($token, $userId) { -+ $domain = $this->config->getSystemValue("mail_domain"); -+ $domainSuffix = "@$domain"; -+ ++ $domain = $this->config->getSystemValue('mail_domain', ''); ++ $domainSuffix = !empty($domain) ? '@' . $domain : ''; ++ $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); ++ $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; ++ ++ $userId = str_replace($altDomainSuffix, $domainSuffix, $userId); + if(stristr($userId, $domainSuffix) === FALSE ) { + $userId = $userId . $domainSuffix; + } @@ -21,7 +24,7 @@ diff --git ./core/Controller/LostController.php ./core/Controller/LostController $user = $this->userManager->get($userId); if ($user === null || !$user->isEnabled()) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); -@@ -205,8 +212,9 @@ +@@ -205,8 +215,9 @@ } try { @@ -33,13 +36,16 @@ diff --git ./core/Controller/LostController.php ./core/Controller/LostController } catch (\Exception $e) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } -@@ -333,8 +341,15 @@ +@@ -333,8 +344,18 @@ * @throws \OCP\PreConditionNotMetException */ protected function sendEmail($input) { -+ $domain = $this->config->getSystemValue("mail_domain"); -+ $domainSuffix = "@$domain"; -+ ++ $domain = $this->config->getSystemValue('mail_domain', ''); ++ $domainSuffix = !empty($domain) ? '@' . $domain : ''; ++ $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); ++ $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; ++ ++ $input = str_replace($altDomainSuffix, $domainSuffix, $input); + if(stristr($input, $domainSuffix) === FALSE ) { + $input = $input . $domainSuffix; + } -- GitLab From 1cea202410b2e697b313ccdc6c7dfb13b7b86de2 Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 22 Apr 2022 13:28:52 +0530 Subject: [PATCH 7/8] Bump version number --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5bc0506c..1dc9243b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ARG EA_TAG="1.1.0" ARG ECLOUD_LAUNCHER_JOB_ID="222001" ARG GOOGLE_INTEGRATION_VERSION="1.0.6" -RUN sed -i 's/21,0,9,1/21,0,9,9/' ${BASE_DIR}/version.php +RUN sed -i 's/21,0,9,1/21,0,9,10/' ${BASE_DIR}/version.php # Install unzip for unzipping artifacts RUN apt-get update && apt-get install unzip -- GitLab From 96dec6d16057b2fb3811c11c310e0d98db435b0a Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 22 Apr 2022 15:12:04 +0530 Subject: [PATCH 8/8] Fixed passwordless login without domain --- Dockerfile | 4 ++-- patches/002-login-without-domain.patch | 29 ++++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1dc9243b..5cd2a66c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ARG EA_TAG="1.1.0" ARG ECLOUD_LAUNCHER_JOB_ID="222001" ARG GOOGLE_INTEGRATION_VERSION="1.0.6" -RUN sed -i 's/21,0,9,1/21,0,9,10/' ${BASE_DIR}/version.php +RUN sed -i 's/21,0,9,1/21,0,9,11/' ${BASE_DIR}/version.php # Install unzip for unzipping artifacts RUN apt-get update && apt-get install unzip @@ -97,7 +97,7 @@ RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('t # Patches COPY patches/ ${TMP_PATCH_DIR}/ -RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch +RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 44c144ce..fb91e4ae 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -7,8 +7,8 @@ This patch auto append the domain handled by nc, configured in env var. only the admin user (also configured in env var) will not have his login appended with a @domain suffix diff --git files/LoginController.php files/LoginController-new.php ---- files/LoginController.php 2022-04-22 12:31:59.886885713 +0530 -+++ files/LoginController-new.php 2022-04-22 12:45:10.995439187 +0530 +--- ./core/Controller/LoginController.php 2022-04-22 12:31:59.886885713 +0530 ++++ ./core/Controller/LoginController-new.php 2022-04-22 12:45:10.995439187 +0530 @@ -299,6 +299,23 @@ return $this->generateRedirect($redirect_url); } @@ -33,3 +33,28 @@ diff --git files/LoginController.php files/LoginController-new.php $data = new LoginData( $this->request, trim($user), +--- ./core/Controller/WebAuthnController.php 2022-04-22 15:05:36.640254016 +0530 ++++ ./core/Controller/WebAuthnController-new.php 2022-04-22 15:06:27.590436349 +0530 +@@ -74,6 +74,22 @@ + + $this->logger->debug('Converting login name to UID'); + $uid = $loginName; ++ $uid = trim($uid); ++ $uid = mb_strtolower($uid, 'UTF-8'); ++ $domain = \OC::$server->getConfig()->getSystemValue('mail_domain', ''); ++ $domain_suffix = !empty($domain) ? '@' . $domain : ''; ++ $alt_domain = \OC::$server->getConfig()->getSystemValue('alt_mail_domain', ''); ++ $alt_domain_suffix = !empty($alt_domain) ? '@' . $alt_domain : ''; ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ $is_admin = strcmp($uid, $admin_username) === 0; ++ ++ if(!$is_admin) { ++ $uid = str_replace($alt_domain_suffix, $domain_suffix, $uid); ++ } ++ ++ if (!$is_admin && stristr($uid, $domain_suffix) === FALSE) { ++ $uid = $uid . $domain_suffix; ++ } + Util::emitHook( + '\OCA\Files_Sharing\API\Server2Server', + 'preLoginNameUsedAsUserName', -- GitLab