-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/feat | Ability to Login to SOGo with a One-Click-Link from another Application #6070
base: staging
Are you sure you want to change the base?
Conversation
This reverts commit 89398c4.
Your branch is not based on your staging branch... Also: affected containers are not filled out! Please read the contribution guidelines to fulfill our requirements for a pr... |
I filled the affected containers: |
But no containers affected is not right. Affected are:
|
But are they affected even tho i didnt even change anything in the containers? |
You made changes to use the both containers. PHP to parse this script and sogo to authenticate with, so yes. Why do we discuss about this? Simply add this and i'm fine. |
Okey if this are changes then i will add it. |
Contribution Guidelines
What does this PR include?
Short Description
This PR is a little "Add-On" to the SOGo-One-Click-Auth already implemented in Mailcow.
It gives the function to create a token for an Login to SOGo From other applications only with the API token.
How does it work?
-> Body: username: {MAILBOX EMAIL ADDRESS} | apikey: {APIKEY} (JSON)
-> Body: success: true/false | username: {RETURN OF USERNAME} | token: {ONE-TIME AUTH TOKEN FOR SOGO}
-> GET Parameters: email: {MAILBOX EMAIL ADDRESS} | token: {ONE-TIME AUTH TOKEN}
Tadaaa! User is logged in to SOGo.
Yes, that means that with the API Key, everyone can login to a Mailaccount. But Admins can login from the panel either way.
And there is no difference between a comprimized Admin Mailcow Account or a leaked API-Key because the API Key can do as much as the admin account.
Affected Containers
Did you run tests?
What did you tested?
I generated a token, used the token in the URL and got logged in to SOGo
What were the final results? (Awaited, got)
Everything worked just as i intended it to.