diff --git a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php index af0dcd8fd6..2b33ad9459 100644 --- a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php +++ b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php @@ -119,12 +119,21 @@ public function setPersonal(): JSONResponse { ]); } + // Logout as the credentials have changed + SnappyMailHelper::loadApp(); + \RainLoop\Api::Actions()->DoLogout(); + return new JSONResponse([ 'status' => 'success', 'Message' => $this->l->t('Saved successfully'), 'Email' => $sEmail ]); } catch (Exception $e) { + // Logout as the credentials might have changed, as exception could be in one attribute + // TODO: Handle both exceptions separately? + SnappyMailHelper::loadApp(); + \RainLoop\Api::Actions()->DoLogout(); + return new JSONResponse([ 'status' => 'error', 'Message' => $e->getMessage() diff --git a/plugins/nextcloud/index.php b/plugins/nextcloud/index.php index bb7c4f6860..80a0a8f667 100644 --- a/plugins/nextcloud/index.php +++ b/plugins/nextcloud/index.php @@ -90,8 +90,24 @@ public function loginCredentials2(string &$sEmail, ?string &$sPassword = null) : public function beforeLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void { // https://apps.nextcloud.com/apps/oidc_login + $config = \OC::$server->getConfig(); + $oUser = \OC::$server->getUserSession()->getUser(); + $sUID = $oUser->getUID(); + + $sEmail = $config->getUserValue($sUID, 'snappymail', 'snappymail-email'); + $sPassword = $config->getUserValue($sUID, 'snappymail', 'passphrase') + ?: $config->getUserValue($sUID, 'snappymail', 'snappymail-password'); + $bAccountDefinedExplicitly = ($sEmail && $sPassword) && $sEmail === $oSettings->username; + + $sNcEmail = $oUser->getEMailAddress() ?: $oUser->getPrimaryEMailAddress(); + + // Only login with OIDC access token if + // it is enabled in config, the user is currently logged in with OIDC, + // the current snappymail account is the OIDC account and no account defined explicitly if (\OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-autologin-oidc', false) && \OC::$server->getSession()->get('is_oidc') + && $sNcEmail === $oSettings->username + && !$bAccountDefinedExplicitly // && $oClient->supportsAuthType('OAUTHBEARER') // v2.28 ) { $sAccessToken = \OC::$server->getSession()->get('oidc_access_token');