remove 'default_password_scheme' for dovecot configs as hashes can be different now and are read by given hash-algo prefix;

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2022-11-12 09:38:43 +01:00
parent f49fd5f0f7
commit 1d938f2a43
14 changed files with 248 additions and 194 deletions
--- a/lib/Froxlor/Ajax/Ajax.php
+++ b/lib/Froxlor/Ajax/Ajax.php
@@ -251,6 +251,10 @@ class Ajax
 		$allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : "";
 		$valid_until = isset($_POST['valid_until']) ? $_POST['valid_until'] : "";

+		if (empty($keyid)) {
+			return $this->errorResponse('Invalid call', 406);
+		}
+
 		// validate allowed_from
 		if (!empty($allowed_from)) {
 			$ip_list = array_map('trim', explode(",", $allowed_from));
--- a/lib/Froxlor/Api/ApiCommand.php
+++ b/lib/Froxlor/Api/ApiCommand.php
@@ -555,7 +555,7 @@ abstract class ApiCommand extends ApiParameter
 	 * @param boolean $internal
 	 *            optional whether called internally, default false
 	 *
-	 * @return ApiCommand
+	 * @return static
 	 * @throws Exception
 	 */
 	public static function getLocal($userinfo = null, $params = null, $internal = false)
--- a/lib/Froxlor/Api/Commands/EmailAccounts.php
+++ b/lib/Froxlor/Api/Commands/EmailAccounts.php
@@ -146,8 +146,20 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 				Response::standardError('passwordshouldnotbeusername', '', true);
 			}

+			// prefix hash-algo
+			switch (Settings::Get('system.passwordcryptfunc')) {
+				case PASSWORD_ARGON2I:
+					$cpPrefix = '{ARGON2I}';
+					break;
+				case PASSWORD_ARGON2ID:
+					$cpPrefix = '{ARGON2ID}';
+					break;
+				default:
+					$cpPrefix = '{BLF-CRYPT}';
+					break;
+			}
 			// encrypt the password
-			$cryptPassword = Crypt::makeCryptPassword($password);
+			$cryptPassword = $cpPrefix . Crypt::makeCryptPassword($password);

 			$email_user = substr($email_full, 0, strrpos($email_full, "@"));
 			$email_domain = substr($email_full, strrpos($email_full, "@") + 1);
@@ -376,7 +388,20 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 				Response::standardError('passwordshouldnotbeusername', '', true);
 			}
 			$password = Crypt::validatePassword($password, true);
-			$cryptPassword = Crypt::makeCryptPassword($password);
+			// prefix hash-algo
+			switch (Settings::Get('system.passwordcryptfunc')) {
+				case PASSWORD_ARGON2I:
+					$cpPrefix = '{ARGON2I}';
+					break;
+				case PASSWORD_ARGON2ID:
+					$cpPrefix = '{ARGON2ID}';
+					break;
+				default:
+					$cpPrefix = '{BLF-CRYPT}';
+					break;
+			}
+			// encrypt the password
+			$cryptPassword = $cpPrefix . Crypt::makeCryptPassword($password);
 			$upd_query .= (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "`password_enc`= :password_enc";
 			$upd_params['password_enc'] = $cryptPassword;
 			if (Settings::Get('system.mailpwcleartext') == '1') {