Kolab Groupware OBS

kolab-freebusy.spec Changed

debian.changelog Changed

kolab-freebusy-1.1.0.tar.gz/autogen.sh Changed

kolab-freebusy-1.1.0.tar.gz/doc/kolab-freebusy.config.ini Changed

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/HTTPAuth.php Changed

@@ -23,6 +23,7 @@
 
 namespace Kolab\FreeBusy;
 
+use \Kolab\Config;
 use \Net_LDAP3;
 use \Monolog\Logger as Monolog;
 
@@ -40,6 +41,15 @@
 	{
 		$logger = Logger::get('httpauth');
 
+		// First try token authentication if enabled and user/token detected in the URL
+		if (!empty($_SERVER['FREEBUSY_URI'])
+			&& Config::boolean($config['allow_token'])
+			&& preg_match('|([^@/]+@[^@/]+)/([a-f0-9]{32})/[^/]+$|', $_SERVER['FREEBUSY_URI'], $matches)
+			&& self::checkToken($config, $matches[1], $matches[2])
+		) {
+			return true;
+		}
+
 		// no http auth submitted, abort!
 		if (empty($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
 			$logger->addDebug('No HTTP auth submitted');
@@ -118,6 +128,40 @@
 	}
 
 	/**
+	 * Validate user token and credentials from freebusy_auth cache
+	 */
+	private static function checkToken($config, $user, $token)
+	{
+		// See 'ready' hook handler in kolab_auth plugin
+		// for details on how the token auth (cache) entries are created
+
+		// load the Roundcube framework with its autoloader
+		require_once KOLAB_FREEBUSY_ROOT . '/lib/Roundcube/bootstrap.php';
+
+		$rcube  = \rcube::get_instance(\rcube::INIT_WITH_DB | \rcube::INIT_WITH_PLUGINS);
+		$ip     = \rcube_utils::remote_addr();
+		$key    = md5("$token:$ip:$user");
+		$valid  = false;
+
+		$rcube->config->set('freebusy_auth_cache', 'db');
+		$cache = $rcube->get_cache_shared('freebusy_auth', false);
+
+		if ($cache && ($deadline = $cache->get($key))) {
+			$now      = new \DateTime('now', new \DateTimeZone('UTC'));
+			$deadline = new \DateTime($deadline);
+
+			if ($deadline >= $now) {
+				$valid = true;
+			}
+		}
+
+		$status = $valid ? 'SUCCESS' : 'FAILURE';
+		Logger::get('httpauth')->addInfo("Token: authenticating user $user/$token/$ip: $status");
+
+		return $valid;
+	}
+
+	/**
 	 * Callback for Net_LDAP3 logging
 	 */
 	public static function ldapLog($level, $msg)

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/SourceIMAP.php Changed

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/Utils.php Changed

kolab-freebusy-1.1.0.tar.gz/public_html/index.php Changed

@@ -27,6 +27,11 @@
 
 define('KOLAB_FREEBUSY_ROOT', realpath('../'));
 
+// configure env for Roundcube framework
+define('RCUBE_INSTALL_PATH', KOLAB_FREEBUSY_ROOT . '/');
+define('RCUBE_CONFIG_DIR',   KOLAB_FREEBUSY_ROOT . '/config/');
+define('RCUBE_PLUGINS_DIR',  KOLAB_FREEBUSY_ROOT . '/lib/plugins/');
+
 // suppress error notices
 ini_set('error_reporting', E_ALL &~ E_NOTICE);
 
@@ -61,8 +66,12 @@
 		$log->addDebug('Request (redirect): ' . $uri, array('ip' => $remote_ip, 'trusted' => $trusted_ip));
 	}
 
+	list($uri, $args) = explode('?', $uri);
+
 	// check HTTP authentication
 	if (!$trusted_ip && $config->httpauth) {
+		$_SERVER['FREEBUSY_URI'] = urldecode(rtrim($uri, '/'));
+
 		if (!HTTPAuth::check($config->httpauth)) {
 			$log->addDebug("Abort with 401 Unauthorized");
 			header('WWW-Authenticate: Basic realm="Kolab Free/Busy Service"');
@@ -74,12 +83,9 @@
 	#header('Content-type: text/calendar; charset=utf-8', true);
 	header('Content-type: text/plain; charset=utf-8', true);
 
-	list($uri, $args) = explode('?', $uri);
-
 	// analyse request
-	$url = array_filter(explode('/', $uri));
-	$user = strtolower(array_pop($url));
-	$action = strtolower(array_pop($url));
+	$url      = array_filter(explode('/', $uri));
+	$user     = strtolower(array_pop($url));
 	$extended = false;
 
 	// remove file extension

kolab-freebusy.dsc Changed

Changes of Revision 10