Merge pull request #1699 from Murena-SAS/dev/nc-oauth-multiaccount

allow multi-account in nc with oauth login
the-djmaze · Aug 11, 2024 · 22988b4 · 22988b4
2 parents ec8da2b + 50265b3
commit 22988b4
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
@@ -119,12 +119,21 @@ public function setPersonal(): JSONResponse {
 				]);
 			}
 
+			// Logout as the credentials have changed
+			SnappyMailHelper::loadApp();
+			\RainLoop\Api::Actions()->DoLogout();
+
 			return new JSONResponse([
 				'status' => 'success',
 				'Message' => $this->l->t('Saved successfully'),
 				'Email' => $sEmail
 			]);
 		} catch (Exception $e) {
+			// Logout as the credentials might have changed, as exception could be in one attribute
+			// TODO: Handle both exceptions separately?
+			SnappyMailHelper::loadApp();
+			\RainLoop\Api::Actions()->DoLogout();
+
 			return new JSONResponse([
 				'status' => 'error',
 				'Message' => $e->getMessage()

diff --git a/plugins/nextcloud/index.php b/plugins/nextcloud/index.php
@@ -90,8 +90,24 @@ public function loginCredentials2(string &$sEmail, ?string &$sPassword = null) :
 	public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
 	{
 		// https://apps.nextcloud.com/apps/oidc_login
+		$config = \OC::$server->getConfig();
+		$oUser = \OC::$server->getUserSession()->getUser();
+		$sUID = $oUser->getUID();
+
+		$sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email');
+		$sPassword = $config->getUserValue($sUID, 'snappymail', 'passphrase')
+			?: $config->getUserValue($sUID, 'snappymail', 'snappymail-password');
+		$bAccountDefinedExplicitly = ($sEmail && $sPassword) && $sEmail === $oSettings->username;
+
+		$sNcEmail = $oUser->getEMailAddress() ?: $oUser->getPrimaryEMailAddress();
+
+		// Only login with OIDC access token if
+		// it is enabled in config, the user is currently logged in with OIDC,
+		// the current snappymail account is the OIDC account and no account defined explicitly
 		if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false)
 		 && \OC::$server->getSession()->get('is_oidc')
+		 && $sNcEmail === $oSettings->username
+		 && !$bAccountDefinedExplicitly
 //		 && $oClient->supportsAuthType('OAUTHBEARER') // v2.28
 		) {
 			$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');