diff --git a/auth-imap/README.md b/auth-imap/README.md new file mode 100644 index 00000000..38080121 --- /dev/null +++ b/auth-imap/README.md @@ -0,0 +1,9 @@ +# osTicket IMAP Authentication + +A backend that allows agents (staff) to login with their IMAP credentials . + +## Setup +* Login to the Admin Panel and install the plugin from the Manage > Plugins > Add New Plugin page. +* Click on the plugin name in the list and configure the settings. +* Enable the plugin from the Manage > Plugins page. +* You can choose if agents can login using this plugin or not. diff --git a/auth-imap/bootstrap.php b/auth-imap/bootstrap.php new file mode 100644 index 00000000..00ef9b6c --- /dev/null +++ b/auth-imap/bootstrap.php @@ -0,0 +1,8 @@ +config->get($key); + if (!$value && $required) { + throw new Exception("Please set the '{$key}'' configuration value."); + } + return $value; + } + + private function getImapResponse($username, $password) + { + $server = $this->getConfig('imap-server'); + $method = $this->getConfig('method'); + $ssltls = $this->getConfig('tls-ssl'); + $server = "{".$server."/".$method."/".$ssltls."/novalidate-cert}"; + //$additionalParams = $this->getConfig('additionalParams', false); + $return = (object)array( + 'success' => false, + 'error' => null, + 'user' => null + ); + error_log($server); + if ($imap=imap_open( $server, $username, $password, OP_HALFOPEN )) { + $return->success = true; + $return->user = $username; + } else { + $return->error = "Username/Password not found"; + } + return $return; + } +} diff --git a/auth-imap/lib/Config.php b/auth-imap/lib/Config.php new file mode 100644 index 00000000..8ff76567 --- /dev/null +++ b/auth-imap/lib/Config.php @@ -0,0 +1,94 @@ +translate(); + + return array( + + 'plugin-header' => new SectionBreakField( + array( + 'label' => $trans('Plugin Settings'), + ) + ), + + 'enabled-for' => new ChoiceField( + array( + 'label' => $trans('Authentication'), + 'choices' => array( + '0' => $trans('Disabled'), + 'staff' => $trans('Agents (Staff) Only'), + //'client' => $trans('Clients Only'), + //'all' => $trans('Agents and Clients'), + ), + ) + ), + + 'imap-header' => new SectionBreakField( + array( + 'label' => $trans('IMAP Settings'), + ) + ), + + 'imap-server' => new TextboxField( + array( + 'label' => $trans('IMAP server'), + 'configuration' => array( + 'size' => 60, + 'length' => 200 + ), + ) + ), + + 'method' => new ChoiceField( + array( + 'label' => $trans('Method'), + 'choices' => array( + 'imap4' => 'IMAP4', + 'pop3' => 'POP3', + ), + ) + ), + + 'tls-ssl' => new ChoiceField( + array( + 'label' => $trans('TLS/SSL'), + 'choices' => array( + 'tls' => 'TLS', + 'ssl' => 'SSL', + ), + ) + ), + + ); + + } +} diff --git a/auth-imap/lib/Plugin.php b/auth-imap/lib/Plugin.php new file mode 100644 index 00000000..3c57101e --- /dev/null +++ b/auth-imap/lib/Plugin.php @@ -0,0 +1,27 @@ +getConfig(); + $enabledFor = $config->get('enabled-for'); + + if ($enabledFor === 'all' || $enabledFor === 'staff') { + \StaffAuthenticationBackend::register( + new StaffAuthBackend($this->getConfig()) + ); + } + + // TODO + /*if ($enabledFor === 'all' || $enabledFor === 'client') { + \UserAuthenticationBackend::register( + new ClientAuthBackend($this->getConfig()) + ); + }*/ + } +} diff --git a/auth-imap/lib/StaffAuthBackend.php b/auth-imap/lib/StaffAuthBackend.php new file mode 100644 index 00000000..713b73ff --- /dev/null +++ b/auth-imap/lib/StaffAuthBackend.php @@ -0,0 +1,61 @@ +config = $config; + } + + public function supportsInteractiveAuthentication() + { + return true; + } + + public function authenticate($username, $password) + { + $imapResponse = $this->getImapResponse($username, $password); + if ($imapResponse->success) { + if (($user = StaffSession::lookup($username)) && $user->getId()) { + if (!$user instanceof StaffSession) { + // osTicket <= v1.9.7 or so + $user = new StaffSession($user->getId()); + } + return $user; + } else { + return new AccessDenied('Your credentials are valid but you do not have a staff account.'); + } + } elseif ($imapResponse->error) { + return new AccessDenied($imapResponse->error); + } else { + return new AccessDenied('Unable to validate login.'); + } + } + + public function renderExternalLink() + { + return false; + } + + public function supportsPasswordChange() + { + return false; + } + + public function supportsPasswordReset() + { + return false; + } +} diff --git a/auth-imap/plugin.php b/auth-imap/plugin.php new file mode 100644 index 00000000..2a32ff6c --- /dev/null +++ b/auth-imap/plugin.php @@ -0,0 +1,11 @@ + 'auth:imap', // notrans + 'version' => '1.0.0', + 'name' => 'IMAP Authentication', + 'author' => 'Valerio Pulese', + 'description' => 'Allows staff to login with IMAP credentials.', + 'url' => '', + 'plugin' => 'bootstrap.php:IMAPAuth\Plugin' +); diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php index 14966ef2..24a92050 100644 --- a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php @@ -628,7 +628,7 @@ public function startTLS() ignore errors, because the server may refuse to return attributes over unencryted connections. */ $supported_extensions = $rootDSE->getValue('supportedExtension'); - if (self::isError($supported_extensions)) { + if (self::isError($supported_extensions)||empty($supported_extensions)) { /* IGNORE error, because server may refuse attribute returning over an unencrypted connection. */ //return $this->raiseError("Unable to fetch rootDSE attribute 'supportedExtension' ".