Open stonerl opened 10 years ago
I think that you can specify specific users. This was brought up in the owncloud forums: http://forum.owncloud.org/viewtopic.php?f=29&t=23307
The example listed was (but I didn't try it as I have no need to):
'user_backends' => array (
0 => array (
'class' => 'OC_User_IMAP',
'arguments' => array (
0 => '{LoginID_user1.mail.myserver.ex:993/imap/ssl/novalidate-cert}',
1 => '{loginID_user2.mail.myserver.ex:993/imap/ssl/novalidate-cert}',
),
),
),
I use a different approach now (btw. This was my post, but that only works if your server expects such an address, it would no t work with gmail). I will make a pull-request as soon as my other changes (#1898) are merged. I changed the file imap.php like this:
public function checkPassword($uid, $password) {
if (!function_exists('imap_open')) {
OCP\Util::writeLog('user_external', 'ERROR: PHP imap extension is not installed', OCP\Util::ERROR);
return false;
}
$filename = dirname(__FILE__) . '/../imap_users.csv';
if (file_exists($filename)) {
$user_allowed = false;
if (($handle = fopen($filename, "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE && $user_allowed !== TRUE) {
if (in_array($uid, $data)) {
$user_allowed = true;
}
}
fclose($handle);
if ($user_allowed !== TRUE) {
return false;
}
}
}
if (substr($this->mailbox, 1, 1) === '.') {
$this->mailbox = ltrim($this->mailbox, '{');
$this->mailbox = '{' . $uid . $this->mailbox;
}
$mbox = @imap_open($this->mailbox, $uid, $password, OP_HALFOPEN, 1);
imap_errors();
imap_alerts();
if($mbox !== FALSE) {
imap_close($mbox);
$uid = mb_strtolower($uid);
$this->storeUser($uid);
return $uid;
}else{
return false;
}
}
I only need a comma separated csv file in the user_external folder which would look like this:
LoginName,Name
jane.doe@gmail.com,Jane Doe
john.doe@gmail.com,John Doe
So now only those two gmail user can access my owncloud.
The other modification targets what I mentioned in the forum post. My University uses this url-scheme to access the imap server:
uni-loginid.mail.my-uni.org
Therefore I had to do what I mentioned in the forum. But this is IMHO a bad solution. Now I change the mailboxstring and check for a dot(.) as second character:
{.mail.my-uni.org:993/imap/ssl/novalidate-cert}
If the second character is a dot I assemble a new mailbox string:
{$uid.mail.my-uni.org:993/imap/ssl/novalidate-cert}
where $uid == uni-loginid
I think that this is a very universal approach, which does not interfere with the current behavior.
You should create an input in the admin settings to manage the contents of that file. :)
Anything new on this?
I see one design-flaw in the IMAP-Backend. Maybe I miss something but in it's current state, everyone could just log in to an owncloud that has IMAP-Authentication enabled.
e.g. If I use imap.gmail.com as my authentication-server, everyone with an Gmail-Account could access my ownCloud and create an account. And I don't think that this should be possible.
Either on the user-settings-page or the admin-settings-page, there should be an option to add the usernames that are allowed to enter ones server using IMAP.