Merge pull request #1572 from Murena-SAS/fix-oidc-sso-login

oidc login

Author: the-djmaze

integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php

@@ -91,9 +91,18 @@ public static function startApp(bool $handle = false)
 */
 				if ($doLogin && $aCredentials[1] && $aCredentials[2]) {
 					try {
-						$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
-						if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) {
-							$oActions->SetSignMeToken($oAccount);
+						$ocSession = \OC::$server->getSession();
+						if ($ocSession->get('is_oidc')) {
+							$pwd = new \SnappyMail\SensitiveString($aCredentials[1]);
+							$oAccount = $oActions->LoginProcess($aCredentials[1], $pwd);
+							if ($oAccount) {
+								$oActions->SetSignMeToken($oAccount);
+							}
+						} else {
+							$oAccount = $oActions->LoginProcess($aCredentials[1], $aCredentials[2]);
+							if ($oAccount && $oConfig->Get('login', 'sign_me_auto', \RainLoop\Enumerations\SignMeType::DefaultOff) === \RainLoop\Enumerations\SignMeType::DefaultOn) {
+								$oActions->SetSignMeToken($oAccount);
+							}	
 						}
 					} catch (\Throwable $e) {
 						// Login failure, reset password to prevent more attempts
@@ -140,22 +149,22 @@ private static function getLoginCredentials() : array
 		// If the current user ID is identical to login ID (not valid when using account switching),
 		// this has the second priority.
 		if ($ocSession['snappymail-nc-uid'] == $sUID) {
-/*
+
 			// If OpenID Connect (OIDC) is enabled and used for login, use this.
 			// https://apps.nextcloud.com/apps/oidc_login
-			// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false)) {
 				if ($ocSession->get('is_oidc')) {
 					// IToken->getPassword() ???
 					if ($sAccessToken = $ocSession->get('oidc_access_token')) {
-						return [$sUID, 'oidc@nextcloud', $sAccessToken];
+						$sEmail = $config->getUserValue($sUID, 'settings', 'email');
+						return [$sUID, $sEmail, $sAccessToken];
 					}
 					\SnappyMail\Log::debug('Nextcloud', 'OIDC access_token missing');
 				} else {
 					\SnappyMail\Log::debug('Nextcloud', 'No OIDC login');
 				}
 			}
-*/
+
 			// Only use the user's password in the current session if they have
 			// enabled auto-login using Nextcloud username or email address.
 			$sEmail = '';

plugins/nextcloud/index.php

@@ -35,13 +35,13 @@ public function Init() : void
 
 			$this->addTemplate('templates/PopupsNextcloudFiles.html');
 			$this->addTemplate('templates/PopupsNextcloudCalendars.html');
-/*
+
 			$this->addHook('login.credentials.step-2', 'loginCredentials2');
 			$this->addHook('login.credentials', 'loginCredentials');
 			$this->addHook('imap.before-login', 'beforeLogin');
 			$this->addHook('smtp.before-login', 'beforeLogin');
 			$this->addHook('sieve.before-login', 'beforeLogin');
-*/
+
 		} else {
 			\SnappyMail\Log::debug('Nextcloud', 'NOT integrated');
 			// \OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-no-embed');
@@ -87,7 +87,7 @@ public function loginCredentials2(string &$sEmail, ?string &$sPassword = null) :
 	public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
 	{
 		$oSettings->username = \OC::$server->getUserSession()->getUser()->getUID();
-/*
+
 		// https://apps.nextcloud.com/apps/oidc_login
 		// DISABLED https://github.com/the-djmaze/snappymail/issues/1420#issuecomment-1933045917
 		if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)
@@ -100,7 +100,7 @@ public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetCl
 				\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
 			}
 		}
-*/
+
 	}
 
 	/*