/feat | Ability to Login to SOGo with a One-Click-Link from another Application #6070
Conversation
This reverts commit 89398c4.
|
Thanks for contributing! I noticed that you didn't select
|
|
Your branch is not based on your staging branch... Also: affected containers are not filled out! Please read the contribution guidelines to fulfill our requirements for a pr... |
|
I filled the affected containers: |
|
But no containers affected is not right. Affected are:
|
|
But are they affected even tho i didnt even change anything in the containers? |
|
You made changes to use the both containers. PHP to parse this script and sogo to authenticate with, so yes. Why do we discuss about this? Simply add this and i'm fine. |
|
Okey if this are changes then i will add it. |
Contribution Guidelines
What does this PR include?
Short Description
This PR is a little "Add-On" to the SOGo-One-Click-Auth already implemented in Mailcow.
It gives the function to create a token for an Login to SOGo From other applications only with the API token.
How does it work?
-> Body: username: {MAILBOX EMAIL ADDRESS} | apikey: {APIKEY} (JSON)
-> Body: success: true/false | username: {RETURN OF USERNAME} | token: {ONE-TIME AUTH TOKEN FOR SOGO}
-> GET Parameters: email: {MAILBOX EMAIL ADDRESS} | token: {ONE-TIME AUTH TOKEN}
Tadaaa! User is logged in to SOGo.
Yes, that means that with the API Key, everyone can login to a Mailaccount. But Admins can login from the panel either way.
And there is no difference between a comprimized Admin Mailcow Account or a leaked API-Key because the API Key can do as much as the admin account.
Affected Containers
Did you run tests?
What did you tested?
I generated a token, used the token in the URL and got logged in to SOGo
What were the final results? (Awaited, got)
Everything worked just as i intended it to.