git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/BaseHTTPQRCodeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/BaseHTTPQRCodeProvider.php
new file mode 100644
index 0000000..5cb3add
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/BaseHTTPQRCodeProvider.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace RobThree\Auth\Providers\Qr;
+
+abstract class BaseHTTPQRCodeProvider implements IQRCodeProvider
+{
+ protected $verifyssl;
+
+ protected function getContent($url)
+ {
+ $curlhandle = curl_init();
+
+ curl_setopt_array($curlhandle, array(
+ CURLOPT_URL => $url,
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_CONNECTTIMEOUT => 10,
+ CURLOPT_DNS_CACHE_TIMEOUT => 10,
+ CURLOPT_TIMEOUT => 10,
+ CURLOPT_SSL_VERIFYPEER => $this->verifyssl,
+ CURLOPT_USERAGENT => 'TwoFactorAuth'
+ ));
+ $data = curl_exec($curlhandle);
+
+ curl_close($curlhandle);
+ return $data;
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/IQRCodeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/IQRCodeProvider.php
new file mode 100644
index 0000000..83ed67b
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/IQRCodeProvider.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace RobThree\Auth\Providers\Qr;
+
+interface IQRCodeProvider
+{
+ public function getQRCodeImage($qrtext, $size);
+ public function getMimeType();
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/ImageChartsQRCodeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/ImageChartsQRCodeProvider.php
new file mode 100644
index 0000000..cc094c3
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/ImageChartsQRCodeProvider.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace RobThree\Auth\Providers\Qr;
+
+// https://image-charts.com
+class ImageChartsQRCodeProvider extends BaseHTTPQRCodeProvider
+{
+ public $errorcorrectionlevel;
+ public $margin;
+
+ function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 1)
+ {
+ if (!is_bool($verifyssl))
+ throw new \QRException('VerifySSL must be bool');
+
+ $this->verifyssl = $verifyssl;
+
+ $this->errorcorrectionlevel = $errorcorrectionlevel;
+ $this->margin = $margin;
+ }
+
+ public function getMimeType()
+ {
+ return 'image/png';
+ }
+
+ public function getQRCodeImage($qrtext, $size)
+ {
+ return $this->getContent($this->getUrl($qrtext, $size));
+ }
+
+ public function getUrl($qrtext, $size)
+ {
+ return 'https://image-charts.com/chart?cht=qr'
+ . '&chs=' . ceil($size/2) . 'x' . ceil($size/2)
+ . '&chld=' . $this->errorcorrectionlevel . '|' . $this->margin
+ . '&chl=' . rawurlencode($qrtext);
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRException.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRException.php
new file mode 100644
index 0000000..c28e829
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRException.php
@@ -0,0 +1,5 @@
+<?php
+
+use RobThree\Auth\TwoFactorAuthException;
+
+class QRException extends TwoFactorAuthException {}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRServerProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRServerProvider.php
new file mode 100644
index 0000000..928b87b
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRServerProvider.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace RobThree\Auth\Providers\Qr;
+
+// http://goqr.me/api/doc/create-qr-code/
+class QRServerProvider extends BaseHTTPQRCodeProvider
+{
+ public $errorcorrectionlevel;
+ public $margin;
+ public $qzone;
+ public $bgcolor;
+ public $color;
+ public $format;
+
+ function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 4, $qzone = 1, $bgcolor = 'ffffff', $color = '000000', $format = 'png')
+ {
+ if (!is_bool($verifyssl))
+ throw new QRException('VerifySSL must be bool');
+
+ $this->verifyssl = $verifyssl;
+
+ $this->errorcorrectionlevel = $errorcorrectionlevel;
+ $this->margin = $margin;
+ $this->qzone = $qzone;
+ $this->bgcolor = $bgcolor;
+ $this->color = $color;
+ $this->format = $format;
+ }
+
+ public function getMimeType()
+ {
+ switch (strtolower($this->format))
+ {
+ case 'png':
+ return 'image/png';
+ case 'gif':
+ return 'image/gif';
+ case 'jpg':
+ case 'jpeg':
+ return 'image/jpeg';
+ case 'svg':
+ return 'image/svg+xml';
+ case 'eps':
+ return 'application/postscript';
+ }
+ throw new \QRException(sprintf('Unknown MIME-type: %s', $this->format));
+ }
+
+ public function getQRCodeImage($qrtext, $size)
+ {
+ return $this->getContent($this->getUrl($qrtext, $size));
+ }
+
+ private function decodeColor($value)
+ {
+ return vsprintf('%d-%d-%d', sscanf($value, "%02x%02x%02x"));
+ }
+
+ public function getUrl($qrtext, $size)
+ {
+ return 'https://api.qrserver.com/v1/create-qr-code/'
+ . '?size=' . $size . 'x' . $size
+ . '&ecc=' . strtoupper($this->errorcorrectionlevel)
+ . '&margin=' . $this->margin
+ . '&qzone=' . $this->qzone
+ . '&bgcolor=' . $this->decodeColor($this->bgcolor)
+ . '&color=' . $this->decodeColor($this->color)
+ . '&format=' . strtolower($this->format)
+ . '&data=' . rawurlencode($qrtext);
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRicketProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRicketProvider.php
new file mode 100644
index 0000000..59e27cc
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Qr/QRicketProvider.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace RobThree\Auth\Providers\Qr;
+
+// http://qrickit.com/qrickit_apps/qrickit_api.php
+class QRicketProvider extends BaseHTTPQRCodeProvider
+{
+ public $errorcorrectionlevel;
+ public $margin;
+ public $qzone;
+ public $bgcolor;
+ public $color;
+ public $format;
+
+ function __construct($errorcorrectionlevel = 'L', $bgcolor = 'ffffff', $color = '000000', $format = 'p')
+ {
+ $this->verifyssl = false;
+
+ $this->errorcorrectionlevel = $errorcorrectionlevel;
+ $this->bgcolor = $bgcolor;
+ $this->color = $color;
+ $this->format = $format;
+ }
+
+ public function getMimeType()
+ {
+ switch (strtolower($this->format))
+ {
+ case 'p':
+ return 'image/png';
+ case 'g':
+ return 'image/gif';
+ case 'j':
+ return 'image/jpeg';
+ }
+ throw new \QRException(sprintf('Unknown MIME-type: %s', $this->format));
+ }
+
+ public function getQRCodeImage($qrtext, $size)
+ {
+ return $this->getContent($this->getUrl($qrtext, $size));
+ }
+
+ public function getUrl($qrtext, $size)
+ {
+ return 'http://qrickit.com/api/qr'
+ . '?qrsize=' . $size
+ . '&e=' . strtolower($this->errorcorrectionlevel)
+ . '&bgdcolor=' . $this->bgcolor
+ . '&fgdcolor=' . $this->color
+ . '&t=' . strtolower($this->format)
+ . '&d=' . rawurlencode($qrtext);
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/CSRNGProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/CSRNGProvider.php
new file mode 100644
index 0000000..8dba7fc
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/CSRNGProvider.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace RobThree\Auth\Providers\Rng;
+
+class CSRNGProvider implements IRNGProvider
+{
+ public function getRandomBytes($bytecount) {
+ return random_bytes($bytecount); // PHP7+
+ }
+
+ public function isCryptographicallySecure() {
+ return true;
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/HashRNGProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/HashRNGProvider.php
new file mode 100644
index 0000000..eb42577
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/HashRNGProvider.php
@@ -0,0 +1,28 @@
+<?php
+namespace RobThree\Auth\Providers\Rng;
+
+class HashRNGProvider implements IRNGProvider
+{
+ private $algorithm;
+
+ function __construct($algorithm = 'sha256' ) {
+ $algos = array_values(hash_algos());
+ if (!in_array($algorithm, $algos, true))
+ throw new \RNGException('Unsupported algorithm specified');
+ $this->algorithm = $algorithm;
+ }
+
+ public function getRandomBytes($bytecount) {
+ $result = '';
+ $hash = mt_rand();
+ for ($i = 0; $i < $bytecount; $i++) {
+ $hash = hash($this->algorithm, $hash.mt_rand(), true);
+ $result .= $hash[mt_rand(0, strlen($hash)-1)];
+ }
+ return $result;
+ }
+
+ public function isCryptographicallySecure() {
+ return false;
+ }
+}
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/IRNGProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/IRNGProvider.php
new file mode 100644
index 0000000..6be2800
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/IRNGProvider.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace RobThree\Auth\Providers\Rng;
+
+interface IRNGProvider
+{
+ public function getRandomBytes($bytecount);
+ public function isCryptographicallySecure();
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/MCryptRNGProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/MCryptRNGProvider.php
new file mode 100644
index 0000000..0eeab2c
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/MCryptRNGProvider.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace RobThree\Auth\Providers\Rng;
+
+class MCryptRNGProvider implements IRNGProvider
+{
+ private $source;
+
+ function __construct($source = MCRYPT_DEV_URANDOM) {
+ $this->source = $source;
+ }
+
+ public function getRandomBytes($bytecount) {
+ $result = @mcrypt_create_iv($bytecount, $this->source);
+ if ($result === false)
+ throw new \RNGException('mcrypt_create_iv returned an invalid value');
+ return $result;
+ }
+
+ public function isCryptographicallySecure() {
+ return true;
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/OpenSSLRNGProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/OpenSSLRNGProvider.php
new file mode 100644
index 0000000..dc66c64
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/OpenSSLRNGProvider.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace RobThree\Auth\Providers\Rng;
+
+class OpenSSLRNGProvider implements IRNGProvider
+{
+ private $requirestrong;
+
+ function __construct($requirestrong = true) {
+ $this->requirestrong = $requirestrong;
+ }
+
+ public function getRandomBytes($bytecount) {
+ $result = openssl_random_pseudo_bytes($bytecount, $crypto_strong);
+ if ($this->requirestrong && ($crypto_strong === false))
+ throw new \RNGException('openssl_random_pseudo_bytes returned non-cryptographically strong value');
+ if ($result === false)
+ throw new \RNGException('openssl_random_pseudo_bytes returned an invalid value');
+ return $result;
+ }
+
+ public function isCryptographicallySecure() {
+ return $this->requirestrong;
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/RNGException.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/RNGException.php
new file mode 100644
index 0000000..eb5e913
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Rng/RNGException.php
@@ -0,0 +1,5 @@
+<?php
+
+use RobThree\Auth\TwoFactorAuthException;
+
+class RNGException extends TwoFactorAuthException {}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/HttpTimeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/HttpTimeProvider.php
new file mode 100644
index 0000000..8e7806e
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/HttpTimeProvider.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace RobThree\Auth\Providers\Time;
+
+/**
+ * Takes the time from any webserver by doing a HEAD request on the specified URL and extracting the 'Date:' header
+ */
+class HttpTimeProvider implements ITimeProvider
+{
+ public $url;
+ public $options;
+ public $expectedtimeformat;
+
+ function __construct($url = 'https://google.com', $expectedtimeformat = 'D, d M Y H:i:s O+', array $options = null)
+ {
+ $this->url = $url;
+ $this->expectedtimeformat = $expectedtimeformat;
+ $this->options = $options;
+ if ($this->options === null) {
+ $this->options = array(
+ 'http' => array(
+ 'method' => 'HEAD',
+ 'follow_location' => false,
+ 'ignore_errors' => true,
+ 'max_redirects' => 0,
+ 'request_fulluri' => true,
+ 'header' => array(
+ 'Connection: close',
+ 'User-agent: TwoFactorAuth HttpTimeProvider (https://github.com/RobThree/TwoFactorAuth)',
+ 'Cache-Control: no-cache'
+ )
+ )
+ );
+ }
+ }
+
+ public function getTime() {
+ try {
+ $context = stream_context_create($this->options);
+ $fd = fopen($this->url, 'rb', false, $context);
+ $headers = stream_get_meta_data($fd);
+ fclose($fd);
+
+ foreach ($headers['wrapper_data'] as $h) {
+ if (strcasecmp(substr($h, 0, 5), 'Date:') === 0)
+ return \DateTime::createFromFormat($this->expectedtimeformat, trim(substr($h,5)))->getTimestamp();
+ }
+ throw new \TimeException(sprintf('Unable to retrieve time from %s (Invalid or no "Date:" header found)', $this->url));
+ }
+ catch (Exception $ex) {
+ throw new \TimeException(sprintf('Unable to retrieve time from %s (%s)', $this->url, $ex->getMessage()));
+ }
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/ITimeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/ITimeProvider.php
new file mode 100644
index 0000000..a3b87a2
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/ITimeProvider.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace RobThree\Auth\Providers\Time;
+
+interface ITimeProvider
+{
+ public function getTime();
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/LocalMachineTimeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/LocalMachineTimeProvider.php
new file mode 100644
index 0000000..572cedc
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/LocalMachineTimeProvider.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace RobThree\Auth\Providers\Time;
+
+class LocalMachineTimeProvider implements ITimeProvider {
+ public function getTime() {
+ return time();
+ }
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/NTPTimeProvider.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/NTPTimeProvider.php
new file mode 100644
index 0000000..d69a3a6
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/NTPTimeProvider.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace RobThree\Auth\Providers\Time;
+
+/**
+ * Takes the time from any NTP server
+ */
+class NTPTimeProvider implements ITimeProvider
+{
+ public $host;
+ public $port;
+ public $timeout;
+
+ function __construct($host = 'time.google.com', $port = 123, $timeout = 1)
+ {
+ $this->host = $host;
+
+ if (!is_int($port) || $port <= 0 || $port > 65535)
+ throw new \TimeException('Port must be 0 < port < 65535');
+ $this->port = $port;
+
+ if (!is_int($timeout) || $timeout < 0)
+ throw new \TimeException('Timeout must be >= 0');
+ $this->timeout = $timeout;
+ }
+
+ public function getTime() {
+ try {
+ /* Create a socket and connect to NTP server */
+ $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
+ socket_set_option($sock, SOL_SOCKET, SO_RCVTIMEO, ['sec' => $this->timeout, 'usec' => 0]);
+ socket_connect($sock, $this->host, $this->port);
+
+ /* Send request */
+ $msg = "\010" . str_repeat("\0", 47);
+ socket_send($sock, $msg, strlen($msg), 0);
+
+ /* Receive response and close socket */
+ if (socket_recv($sock, $recv, 48, MSG_WAITALL) === false)
+ throw new \Exception(socket_strerror(socket_last_error($sock)));
+ socket_close($sock);
+
+ /* Interpret response */
+ $data = unpack('N12', $recv);
+ $timestamp = sprintf('%u', $data[9]);
+
+ /* NTP is number of seconds since 0000 UT on 1 January 1900 Unix time is seconds since 0000 UT on 1 January 1970 */
+ return $timestamp - 2208988800;
+ }
+ catch (Exception $ex) {
+ throw new \TimeException(sprintf('Unable to retrieve time from %s (%s)', $this->host, $ex->getMessage()));
+ }
+ }
+}
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/TimeException.php b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/TimeException.php
new file mode 100644
index 0000000..8de544d
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/lib/vendor/robthree/twofactorauth/lib/Providers/Time/TimeException.php
@@ -0,0 +1,5 @@
+<?php
+
+use RobThree\Auth\TwoFactorAuthException;
+
+class TimeException extends TwoFactorAuthException {}
\ No newline at end of file