IMAP Authentication added to Baikal

Core/Frameworks/Baikal/Core/IMAP.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Baikal\Core;
+
+/**
+ * This is an authentication backend that uses imap.
+ *
+ * @copyright Copyright (C) fruux GmbH (https://fruux.com/)
+ * @author Michael Niewöhner ([email protected])
+ * @author rosali (https://github.com/rosali)
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class IMAP extends \Sabre\DAV\Auth\Backend\AbstractBasic {
+    /**
+     * IMAP server in the form {host[:port][/flag1/flag2...]}.
+     *
+     * @see http://php.net/manual/en/function.imap-open.php
+     *
+     * @var string
+     */
+    protected $mailbox;
+
+    /**
+     * Creates the backend object.
+     *
+     * @param string $mailbox
+     */
+    public function __construct($mailbox) {
+        $this->mailbox = $mailbox;
+    }
+
+    /**
+     * Connects to an IMAP server and tries to authenticate.
+     *
+     * @param string $username
+     * @param string $password
+     *
+     * @return bool
+     */
+    protected function imapOpen($username, $password) {
+        $success = false;
+
+        try {
+            $imap = imap_open($this->mailbox, $username, $password, OP_HALFOPEN | OP_READONLY, 1);
+            if ($imap) {
+                $success = true;
+            }
+        } catch (\ErrorException $e) {
+            error_log($e->getMessage());
+        }
+
+        $errors = imap_errors();
+        if ($errors) {
+            foreach ($errors as $error) {
+                error_log($error);
+            }
+        }
+
+        if (isset($imap) && $imap) {
+            imap_close($imap);
+        }
+
+        return $success;
+    }
+
+    /**
+     * Validates a username and password by trying to authenticate against IMAP.
+     *
+     * @param string $username
+     * @param string $password
+     *
+     * @return bool
+     */
+    protected function validateUserPass($username, $password) {
+        return $this->imapOpen($username, $password);
+    }
+}

Core/Frameworks/Baikal/Core/Server.php

@@ -134,6 +134,8 @@ protected function initServer() {
             $authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm);
         } elseif ($this->authType === 'Apache') {
             $authBackend = new \Sabre\DAV\Auth\Backend\Apache();
+        } elseif ($this->authType === 'IMAP') {
+            $authBackend = new \Sabre\DAV\Auth\Backend\IMAP('{' . $config['system']["imap_connection"] . '}', $GLOBALS["DB"]->getPDO(), 60);
         } else {
             $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo);
             $authBackend->setRealm($this->authRealm);

Core/Frameworks/Baikal/Model/Config/Standard.php

@@ -43,6 +43,7 @@ class Standard extends \Baikal\Model\Config {
         // could be set to different value when migrating from legacy config
         "auth_realm"            => "BaikalDAV",
         "base_uri"              => "",
+        "imap_connection"       => "localhost:993/imap/ssl/novalidate-cert",
     ];
 
     function __construct() {
@@ -79,7 +80,14 @@ function formMorphologyForThisModelInstance() {
         $oMorpho->add(new \Formal\Element\Listbox([
             "prop"    => "dav_auth_type",
             "label"   => "WebDAV authentication type",
-            "options" => ["Digest", "Basic", "Apache"],
+            "options" => ["Digest", "Basic", "Apache", "IMAP"],
+            "refreshonchange" => true,
+        ]));
+
+        $oMorpho->add(new \Formal\Element\Text([
+            "prop"  => "imap_connection",
+            "label" => "IMAP auth connection string",
+            "help"  => "For production, use your real IMAP servername with TLS (SSL[993] or StartTLS(143)), eg.: imap.server.com:993/imap/ssl",
         ]));
 
         $oMorpho->add(new \Formal\Element\Password([

Core/Frameworks/BaikalAdmin/Controller/Settings/Standard.php

@@ -27,6 +27,8 @@
 
 namespace BaikalAdmin\Controller\Settings;
 
+use Symfony\Component\Yaml\Yaml;
+
 class Standard extends \Flake\Core\Controller {
     /**
      * @var \Baikal\Model\Config\Standard
@@ -48,6 +50,7 @@ function execute() {
 
         $this->oForm = $this->oModel->formForThisModelInstance([
             "close" => false,
+            "hook.morphology"   => [$this, "morphologyHook"],
         ]);
 
         if ($this->oForm->submitted()) {
@@ -61,4 +64,21 @@ function render() {
 
         return $oView->render();
     }
+
+    function morphologyHook(\Formal\Form $oForm, \Formal\Form\Morphology $oMorpho) {
+        if ($oForm->submitted()) {
+            $bAuthtype = $oForm->postValue("dav_auth_type");
+        } else {
+            try {
+                $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
+            } catch (\Exception $e) {
+                error_log('Error reading baikal.yaml file : ' . $e->getMessage());
+            }
+            $bAuthtype = $config['system']['dav_auth_type'] ?? true;
+        }
+
+        if ($bAuthtype == "Digest" || $bAuthtype == "Basic" || $bAuthtype == "Apache") {
+            $oMorpho->remove("imap_connection");
+        }
+    }
 }