git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized

subrepo: subdir:   "mailcow/src/mailcow-dockerized"
  merged:   "a832becb"
upstream: origin:   "https://github.com/mailcow/mailcow-dockerized.git"
  branch:   "master"
  commit:   "a832becb"
git-subrepo: version:  "0.4.3"
  origin:   "???"
  commit:   "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/oauth/authorize.php b/mailcow/src/mailcow-dockerized/data/web/oauth/authorize.php
new file mode 100644
index 0000000..48e99b0
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/oauth/authorize.php
@@ -0,0 +1,69 @@
+<?php

+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';

+

+if (!isset($_SESSION['mailcow_cc_role'])) {

+  $_SESSION['oauth2_request'] = $_SERVER['REQUEST_URI'];

+  header('Location: /?oauth');

+}

+

+$request = OAuth2\Request::createFromGlobals();

+$response = new OAuth2\Response();

+

+if (!$oauth2_server->validateAuthorizeRequest($request, $response)) {

+  $response->send();

+  exit();

+}

+

+if (!isset($_POST['authorized'])):

+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';

+

+?>

+<div class="container">

+  <div class="panel panel-default">

+    <div class="panel-heading"><?=$lang['oauth2']['authorize_app'];?></div>

+    <div class="panel-body">

+      <?php

+      if ($_SESSION['mailcow_cc_role'] != 'user'):

+      $request = '';

+      ?>

+      <p><?=$lang['oauth2']['access_denied'];?></p>

+      <?php

+      else:

+      ?>

+      <p><?=$lang['oauth2']['scope_ask_permission'];?>:</p>

+      <dl class="dl-horizontal">

+        <dt><?=$lang['oauth2']['profile'];?></dt>

+        <dd><?=$lang['oauth2']['profile_desc'];?></dd>

+      </dl>

+      <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">

+        <div class="form-group">

+          <div class="col-sm-10 text-center">

+            <button class="btn btn-success" name="authorized" type="submit" value="1"><?=$lang['oauth2']['permit'];?></button>

+            <a href="#" class="btn btn-default" onclick="window.history.back()" role="button"><?=$lang['oauth2']['deny'];?></a>

+            <input type="hidden" name="csrf_token" value="<?=$_SESSION['CSRF']['TOKEN'];?>">

+          </div>

+        </div>

+      </form>

+      <?php

+      endif;

+      ?>

+    </div>

+  </div>

+</div> <!-- /container -->

+<?php

+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';

+exit();

+endif;

+

+// print the authorization code if the user has authorized your client

+$is_authorized = ($_POST['authorized'] == '1');

+$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION['mailcow_cc_username']);

+if ($is_authorized) {

+  unset($_SESSION['oauth2_request']);

+  if ($GLOBALS['OAUTH2_FORGET_SESSION_AFTER_LOGIN'] === true) {

+    session_unset();

+    session_destroy();

+  }

+  header('Location: ' . $response->getHttpHeader('Location'));

+  exit;

+}

diff --git a/mailcow/src/mailcow-dockerized/data/web/oauth/profile.php b/mailcow/src/mailcow-dockerized/data/web/oauth/profile.php
new file mode 100644
index 0000000..4364c19
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/oauth/profile.php
@@ -0,0 +1,31 @@
+<?php

+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';

+

+if (!$oauth2_server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {

+  $oauth2_server->getResponse()->send();

+  die;

+}

+$token = $oauth2_server->getAccessTokenData(OAuth2\Request::createFromGlobals());

+$stmt = $pdo->prepare("SELECT * FROM `mailbox` WHERE `username` = :username AND `active` = '1'");

+$stmt->execute(array(':username' => $token['user_id']));

+$mailbox = $stmt->fetch(PDO::FETCH_ASSOC);

+if (!empty($mailbox)) {

+  if ($token['scope'] == 'profile') {

+    header('Content-Type: application/json');

+    echo json_encode(array(

+      'success' => true,

+      'username' => $token['user_id'],

+      'identifier' => $token['user_id'],

+      'email' => (!empty($mailbox['username']) ? $mailbox['username'] : ''),

+      'full_name' => (!empty($mailbox['name']) ? $mailbox['name'] : 'mailcow administrative user'),

+      'displayName' => (!empty($mailbox['name']) ? $mailbox['name'] : 'mailcow administrative user'),

+      'created' => (!empty($mailbox['created']) ? $mailbox['created'] : ''),

+      'modified' => (!empty($mailbox['modified']) ? $mailbox['modified'] : ''),

+      'active' => (!empty($mailbox['active']) ? $mailbox['active'] : ''),

+    ));

+    exit;

+  }

+}

+echo json_encode(array(

+  'success' => false

+));

diff --git a/mailcow/src/mailcow-dockerized/data/web/oauth/token.php b/mailcow/src/mailcow-dockerized/data/web/oauth/token.php
new file mode 100644
index 0000000..a2012b9
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/oauth/token.php
@@ -0,0 +1,4 @@
+<?php

+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';

+$request = OAuth2\Request::createFromGlobals();

+$oauth2_server->handleTokenRequest($request)->send();