replace ropc flow with keycloak rest api flow

mailcow · Feb 8, 2024 · d4ae616 · d4ae616
1 parent b7a1825
commit d4ae616
Show file tree

Hide file tree

Showing 2 changed files with 297 additions and 183 deletions.
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -172,14 +172,13 @@ function auth_password_verify(request, password)
   -- check against app passwds for imap and smtp
   -- app passwords are only available for imap, smtp, sieve and pop3 when using sasl
   if request.service == "smtp" or request.service == "imap" or request.service == "sieve" or request.service == "pop3" then
+    skip_sasl_log = true
     req.protocol = {}
-    req.protocol[request.service] = true
-    req_json = json.encode(req)
-
-    req.protocol.ignore_hasaccess = false
-    if tostring(req.real_rip) == "__IPV4_SOGO__" then
-      req.protocol.ignore_hasaccess = true
+    if tostring(req.real_rip) != "__IPV4_SOGO__" then
+      skip_sasl_log = false
+      req.protocol[request.service] = true
     end
+    req_json = json.encode(req)
 
     local b, c = https.request {
       method = "POST",
@@ -193,7 +192,7 @@ function auth_password_verify(request, password)
     }
     local api_response = json.decode(table.concat(res))
     if api_response.role == 'user' then
-      if req.protocol.ignore_hasaccess == false then
+      if skip_sasl_log == true then
         con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
           VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
       end