git subrepo commit (merge) mailcow/src/mailcow-dockerized

subrepo: subdir:   "mailcow/src/mailcow-dockerized"
  merged:   "32243e56"
upstream: origin:   "https://github.com/mailcow/mailcow-dockerized.git"
  branch:   "master"
  commit:   "e2b4b6f6"
git-subrepo: version:  "0.4.3"
  origin:   "???"
  commit:   "???"
Change-Id: I51e2016ef5ab88a8b0bdc08551b18f48ceef0aa5
diff --git a/mailcow/src/mailcow-dockerized/data/web/mobileconfig.php b/mailcow/src/mailcow-dockerized/data/web/mobileconfig.php
index 256f638..44aaa30 100644
--- a/mailcow/src/mailcow-dockerized/data/web/mobileconfig.php
+++ b/mailcow/src/mailcow-dockerized/data/web/mobileconfig.php
@@ -8,6 +8,7 @@
   session_destroy();
   // probably better than appending the whole current http query string
   $append_get = (isset($_GET['only_email'])) ? '&only_email' : '';
+  $append_get .= (isset($_GET['app_password'])) ? '&app_password' : '';
   header('Location: index.php?mobileconfig' . $append_get);
   die();
 }
@@ -38,6 +39,34 @@
   $onlyEmailAccount = false;
   $description = 'IMAP, CalDAV, CardDAV'; 
 }
+if (isset($_GET['app_password'])) {
+  $app_password = true;
+  $description .= ' with application password';
+  
+  if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE)
+      $platform = 'iPad';
+  elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE)
+      $platform = 'iPhone';
+  elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Macintosh') !== FALSE)
+      $platform = 'Mac';
+  else
+      $platform = $_SERVER['HTTP_USER_AGENT'];
+  
+  $password = bin2hex(openssl_random_pseudo_bytes(16));
+  $attr = array(
+      'app_name' => $platform,
+      'app_passwd' => $password,
+      'app_passwd2' => $password,
+      'active' => 1,
+      'protocols' => array('imap_access', 'smtp_access'),
+  );
+  if (!$onlyEmailAccount) {
+      $attr['protocols'][] = 'dav_access';
+  }
+  app_passwd("add", $attr);
+} else {
+  $app_password = false;
+}
 
 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 ?>
@@ -65,6 +94,10 @@
         <true/>
         <key>IncomingMailServerUsername</key>
         <string><?=$email?></string>
+        <?php if($app_password === true): ?>
+        <key>IncomingPassword</key>
+        <string><?=$password?></string>
+        <?php endif; ?>
         <key>OutgoingMailServerAuthentication</key>
         <string>EmailAuthPassword</string>
         <key>OutgoingMailServerHostName</key>
@@ -120,6 +153,10 @@
         <true/>
         <key>CalDAVUsername</key>
         <string><?=$email?></string>
+        <?php if($app_password === true): ?>
+        <key>CalDAVPassword</key>
+        <string><?=$password?></string>
+        <?php endif; ?>
         <key>PayloadDescription</key>
         <string>Configures CalDAV account.</string>
         <key>PayloadDisplayName</key>
@@ -148,6 +185,10 @@
         <true/>
         <key>CardDAVUsername</key>
         <string><?=$email?></string>
+        <?php if($app_password === true): ?>
+        <key>CardDAVPassword</key>
+        <string><?=$password?></string>
+        <?php endif; ?>
         <key>PayloadDescription</key>
         <string>Configures CardDAV accounts</string>
         <key>PayloadDisplayName</key>