Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 12a5735c15056e2807ac44a988868ac2244a19f1 / . / mailcow / src / mailcow-dockerized / data / web / templates / base.twig
blob: 79042d595ecc220c6f3468037c9dea2938dc45e0 [file] [log] [blame]
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100[diff] [blame^]1<!DOCTYPE html>
2<html lang="{{ mailcow_locale|default('en') }}">
3<head>
4 <meta charset="utf-8">
5 <meta http-equiv="X-UA-Compatible" content="IE=edge">
6 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
7 <meta name="theme-color" content="#F5D76E"/>
8 <meta http-equiv="Referrer-Policy" content="same-origin">
9 <title>{{ ui_texts.title_name|raw }}</title>
10
11 <link rel="stylesheet" href="{{ css_path }}">
12 {% if theme != 'lumen' %}
13 <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/bootswatch/3.3.7/{{ theme }}/bootstrap.min.css">
14 {% endif %}
15 <link rel="shortcut icon" href="/favicon.png" type="image/png">
16 <link rel="icon" href="/favicon.png" type="image/png">
17</head>
18<body id="top">
19<div class="overlay"></div>
20{% block navbar %}
21<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
22 <div class="container-fluid">
23 <div class="navbar-header">
24 <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
25 <span class="icon-bar"></span>
26 <span class="icon-bar"></span>
27 <span class="icon-bar"></span>
28 </button>
29 <a class="navbar-brand" href="/"><img alt="mailcow-logo" src="{{ logo|default('/img/cow_mailcow.svg') }}"></a>
30 </div>
31 <div id="navbar" class="navbar-collapse collapse">
32 <ul class="nav navbar-nav navbar-right">
33 {% if mailcow_locale %}
34 <li class="dropdown{% if available_languages|length == 1 %}lang-link-disabled{% endif %}">
35 <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><span class="flag-icon flag-icon-{{ mailcow_locale }}"></span><span class="caret"></span></a>
36 <ul class="dropdown-menu" role="menu">
37 {% for key, val in available_languages %}
38 <li{% if mailcow_locale == key %} class="active"{% endif %}>
39 <a href="?{{ query_string({'lang': key}) }}">
40 <span class="flag-icon flag-icon-{{ key }}"></span>{{ val }}
41 </a>
42 </li>
43 {% endfor %}
44 </ul>
45 </li>
46 {% endif %}
47 {% if mailcow_cc_role %}
48 <li class="dropdown">
49 <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">{{ lang.header.mailcow_settings }} <span class="caret"></span></a>
50 <ul class="dropdown-menu" role="menu">
51 {% if mailcow_cc_role == 'admin' %}
52 <li {% if is_uri('admin') %}class="active"{% endif %}><a href="/admin">{{ lang.header.administration }}</a></li>
53 <li {% if is_uri('debug') %}class="active"{% endif %}><a href="/debug">{{ lang.header.debug }}</a></li>
54 {% endif %}
55 {% if mailcow_cc_role == 'admin' or mailcow_cc_role == 'domainadmin' %}
56 <li {% if is_uri('mailbox') %}class="active"{% endif %}><a href="/mailbox">{{ lang.header.mailboxes }}</a></li>
57 {% endif %}
58 {% if mailcow_cc_role != 'admin' %}
59 <li {% if is_uri('user') %}class="active"{% endif %}><a href="/user">{{ lang.header.user_settings }}</a></li>
60 {% endif %}
61 </ul>
62 </li>
63 <li {% if is_uri('quarantine') %}class="active"{% endif %}><a href="/quarantine"><i class="bi bi-inbox-fill"></i> {{ lang.header.quarantine }}</a></li>
64 {% endif %}
65 {% if mailcow_cc_role == 'admin' and not skip_sogo %}
66 <li><a href data-toggle="modal" data-container="sogo-mailcow" data-target="#RestartContainer"><i class="bi bi-arrow-repeat"></i> {{ lang.header.restart_sogo }}</a></li>
67 {% endif %}
68 {% if mailcow_apps or app_links %}
69 <li class="dropdown">
70 <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><i class="bi bi-link-45deg"></i> {{ ui_texts.apps_name|raw }} <span class="caret"></span></a>
71 <ul class="dropdown-menu" role="menu">
72 {% for app in mailcow_apps %}
73 {% if not skip_sogo or not is_uri('SOGo', app.link) %}
74 <li {% if app.description %}title="{{ app.description }}"{% endif %}>
75 <a href="{{ app.link }}">{{ app.name }}</a>
76 </li>
77 {% endif %}
78 {% endfor %}
79 {% for row in app_links %}
80 {% for key, val in row %}
81 <li><a href="{{ val }}">{{ key }}</a></li>
82 {% endfor %}
83 {% endfor %}
84 </ul>
85 </li>
86 {% endif %}
87 {% if not dual_login and mailcow_cc_username %}
88 <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b class="username-lia">{{ mailcow_cc_username }}</b> <i class="bi bi-power"></i></a></li>
89 {% elseif dual_login %}
90 <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b class="username-lia">{{ mailcow_cc_username }} <span class="text-info">({{ dual_login.username }})</span> </b><i class="bi bi-power"></i></a></li>
91 {% endif %}
92 {% if not is_master %}
93 <li class="text-warning slave-info">[ slave ]</li>
94 {% endif %}
95 </ul>
96 </div><!--/.nav-collapse -->
97 </div><!--/.container-fluid -->
98</nav>
99{% endblock navbar %}
100
101<form action="/" method="post" id="logout"><input type="hidden" name="logout"></form>
102
103{% if ui_texts.ui_announcement_text and ui_texts.ui_announcement_active and not is_root_uri %}
104<div class="container">
105 <div class="alert alert-{{ ui_texts.ui_announcement_type }}">{{ ui_texts.ui_announcement_text }}</div>
106</div>
107{% endif %}
108
109<div class="container">
110{% block content %}{% endblock %}
111</div>
112
113{% include 'modals/footer.twig' %}
114
115<script src="{{ js_path }}"></script>
116<script>
117 var lang_footer = {{ lang_footer|raw }};
118 var lang_acl = {{ lang_acl|raw }};
119 var lang_tfa = {{ lang_tfa|raw }};
120 var lang_fido2 = {{ lang_fido2|raw }};
121 var docker_timeout = {{ docker_timeout|raw }} * 1000;
122
123$(window).scroll(function() {
124 sessionStorage.scrollTop = $(this).scrollTop();
125});
126// Select language and reopen active URL without POST
127function setLang(sel) {
128 $.post( '{{ uri }}', {lang: sel} );
129 window.location.href = window.location.pathname + window.location.search;
130}
131// FIDO2 functions
132function arrayBufferToBase64(buffer) {
133 let binary = '';
134 let bytes = new Uint8Array(buffer);
135 let len = bytes.byteLength;
136 for (let i = 0; i < len; i++) {
137 binary += String.fromCharCode( bytes[ i ] );
138 }
139 return window.btoa(binary);
140}
141function recursiveBase64StrToArrayBuffer(obj) {
142 let prefix = '=?BINARY?B?';
143 let suffix = '?=';
144 if (typeof obj === 'object') {
145 for (let key in obj) {
146 if (typeof obj[key] === 'string') {
147 let str = obj[key];
148 if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) {
149 str = str.substring(prefix.length, str.length - suffix.length);
150 let binary_string = window.atob(str);
151 let len = binary_string.length;
152 let bytes = new Uint8Array(len);
153 for (let i = 0; i < len; i++) {
154 bytes[i] = binary_string.charCodeAt(i);
155 }
156 obj[key] = bytes.buffer;
157 }
158 } else {
159 recursiveBase64StrToArrayBuffer(obj[key]);
160 }
161 }
162 }
163 }
164 $(window).load(function() {
165 $(".overlay").hide();
166 });
167 $(document).ready(function() {
168 $(document).on('shown.bs.modal', function(e) {
169 modal_id = $(e.relatedTarget).data('target');
170 $(modal_id).attr("aria-hidden","false");
171 });
172 // TFA, CSRF, Alerts in footer.inc.php
173 // Other general functions in mailcow.js
174 {% for alert_type, alert_msg in alerts %}
175 mailcow_alert_box('{{ alert_msg|raw }}', '{{ alert_type }}');
176 {% endfor %}
177
178 // Confirm TFA modal
179 {% if pending_tfa_method %}
180 $('#ConfirmTFAModal').modal({
181 backdrop: 'static',
182 keyboard: false
183 });
184 $('#u2f_status_auth').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_u2f + '</p>');
185 $('#ConfirmTFAModal').on('shown.bs.modal', function(){
186 $(this).find('input[name=token]').focus();
187 // If U2F
188 if(document.getElementById("u2f_auth_data") !== null) {
189 $.ajax({
190 type: "GET",
191 cache: false,
192 dataType: 'script',
193 url: "/api/v1/get/u2f-authentication/{{ pending_mailcow_cc_username|url_encode(true)|default('null') }}",
194 complete: function(data){
195 $('#u2f_status_auth').html(lang_tfa.waiting_usb_auth);
196 data;
197 setTimeout(function() {
198 console.log("Ready to authenticate");
199 u2f.sign(appId, challenge, registeredKeys, function(data) {
200 var form = document.getElementById('u2f_auth_form');
201 var auth = document.getElementById('u2f_auth_data');
202 console.log("Authenticate callback", data);
203 auth.value = JSON.stringify(data);
204 form.submit();
205 });
206 }, 1000);
207 }
208 });
209 }
210 });
211 $('#ConfirmTFAModal').on('hidden.bs.modal', function(){
212 $.ajax({
213 type: "GET",
214 cache: false,
215 dataType: 'script',
216 url: '/inc/ajax/destroy_tfa_auth.php',
217 complete: function(data){
218 window.location = window.location.href.split("#")[0];
219 }
220 });
221 });
222 {% endif %}
223 // Validate FIDO2
224 $("#fido2-login").click(function(){
225 $('#fido2-alerts').html();
226 if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
227 window.alert('Browser not supported.');
228 return;
229 }
230 window.fetch("/api/v1/get/fido2-get-args", {method:'GET',cache:'no-cache'}).then(function(response) {
231 return response.json();
232 }).then(function(json) {
233 if (json.success === false) {
234 throw new Error();
235 }
236 recursiveBase64StrToArrayBuffer(json);
237 return json;
238 }).then(function(getCredentialArgs) {
239 return navigator.credentials.get(getCredentialArgs);
240 }).then(function(cred) {
241 return {
242 id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null,
243 clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
244 authenticatorData: cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null,
245 signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null
246 };
247 }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) {
248 return window.fetch("/api/v1/process/fido2-args", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'});
249 }).then(function(response) {
250 return response.json();
251 }).then(function(json) {
252 if (json.success) {
253 window.location = window.location.href.split("#")[0];
254 } else {
255 throw new Error();
256 }
257 }).catch(function(err) {
258 if (typeof err.message === 'undefined') {
259 mailcow_alert_box(lang_fido2.fido2_validation_failed, "danger");
260 } else {
261 mailcow_alert_box(lang_fido2.fido2_validation_failed + ":<br><i>" + err.message + "</i>", "danger");
262 }
263 });
264 });
265 // Set TFA/FIDO2
266 $("#register-fido2, #register-fido2-touchid").click(function(){
267 let t = $(this);
268
269 $("option:selected").prop("selected", false);
270 if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
271 window.alert('Browser not supported.');
272 return;
273 }
274
275 window.fetch("/api/v1/get/fido2-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}", {method:'GET',cache:'no-cache'}).then(function(response) {
276 return response.json();
277 }).then(function(json) {
278 if (json.success === false) {
279 throw new Error(json.msg);
280 }
281 recursiveBase64StrToArrayBuffer(json);
282
283 // set attestation to node if we are registering apple touch id
284 if(t.attr('id') === 'register-fido2-touchid') {
285 json.publicKey.attestation = 'none';
286 json.publicKey.authenticatorSelection.authenticatorAttachment = "platform";
287 }
288
289 return json;
290 }).then(function(createCredentialArgs) {
291 console.log(createCredentialArgs);
292 return navigator.credentials.create(createCredentialArgs);
293 }).then(function(cred) {
294 return {
295 clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
296 attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
297 };
298 }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) {
299 return window.fetch("/api/v1/add/fido2-registration", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'});
300 }).then(function(response) {
301 return response.json();
302 }).then(function(json) {
303 if (json.success) {
304 window.location = window.location.href.split("#")[0];
305 } else {
306 throw new Error(json.msg);
307 }
308 }).catch(function(err) {
309 $('#fido2-alerts').html('<span class="text-danger"><b>' + err.message + '</b></span>');
310 });
311 });
312 $('#selectTFA').change(function () {
313 if ($(this).val() == "yubi_otp") {
314 $('#YubiOTPModal').modal('show');
315 $("option:selected").prop("selected", false);
316 }
317 if ($(this).val() == "totp") {
318 $('#TOTPModal').modal('show');
319 request_token = $('#tfa-qr-img').data('totp-secret');
320 $.ajax({
321 url: '/inc/ajax/qr_gen.php',
322 data: {
323 token: request_token,
324 },
325 }).done(function (result) {
326 $("#tfa-qr-img").attr("src", result);
327 });
328 $("option:selected").prop("selected", false);
329 }
330 if ($(this).val() == "u2f") {
331 $('#U2FModal').modal('show');
332 $("option:selected").prop("selected", false);
333 $("#start_u2f_register").click(function(){
334 $('#u2f_return_code').html('');
335 $('#u2f_return_code').hide();
336 $('#u2f_status_reg').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_u2f + '</p>');
337 $.ajax({
338 type: "GET",
339 cache: false,
340 dataType: 'script',
341 url: "/api/v1/get/u2f-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}",
342 complete: function(data){
343 data;
344 setTimeout(function() {
345 console.log("Ready to register");
346 $('#u2f_status_reg').html(lang_tfa.waiting_usb_register);
347 u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) {
348 var form = document.getElementById('u2f_reg_form');
349 var reg = document.getElementById('u2f_register_data');
350 console.log("Register callback: ", data);
351 if (deviceResponse.errorCode && deviceResponse.errorCode != 0) {
352 var u2f_return_code = document.getElementById('u2f_return_code');
353 u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null;
354 if (deviceResponse.errorCode == "4") {
355 deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle";
356 }
357 else if (deviceResponse.errorCode == "5") {
358 deviceResponse.errorCode = "5 - Timeout reached before request could be satisfied.";
359 }
360 u2f_return_code.innerHTML = lang_tfa.error_code + ': ' + deviceResponse.errorCode + ' ' + lang_tfa.reload_retry;
361 return;
362 }
363 reg.value = JSON.stringify(deviceResponse);
364 form.submit();
365 });
366 }, 1000);
367 }
368 });
369 });
370 }
371 if ($(this).val() == "none") {
372 $('#DisableTFAModal').modal('show');
373 $("option:selected").prop("selected", false);
374 }
375 });
376
377 {% if mailcow_cc_username %}
378 // Reload after session timeout
379 var session_lifetime = {{ (session_lifetime * 1000) + 15000 }};
380 setTimeout(function() {
381 location.reload();
382 }, session_lifetime);
383 {% endif %}
384
385 // CSRF
386 $('<input type="hidden" value="{{ csrf_token }}">').attr('name', 'csrf_token').appendTo('form');
387 if (sessionStorage.scrollTop != "undefined") {
388 $(window).scrollTop(sessionStorage.scrollTop);
389 }
390 });
391</script>
392
393<div class="container footer">
394 {% if ui_texts.ui_footer %}
395 <hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
396 {% endif %}
397</div>
398</body>
399</html>