src/Controller/IndexController.php line 46

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Model\Account;
  6. use App\Security\User;
  7. use App\Util\AccountTools;
  8. use App\Util\Api;
  9. use App\Util\AppLogger;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  12. use Symfony\Component\HttpFoundation\Cookie;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\Routing\Annotation\Route;
  18. use Symfony\Component\Security\Core\Security;
  19. use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
  20. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  21. use Symfony\Contracts\Translation\TranslatorInterface;
  23. class IndexController extends AbstractController
  24. {
  25.     private $params;
  26.     private $security;
  27.     private $session;
  28.     private $logger;
  29.     private $translator;
  30.     private $requestStack;
  31.     
  32.     public function __construct(ParameterBagInterface $paramsSecurity $securityAppLogger $logger,
  33.         TranslatorInterface $translatorRequestStack $requestStack)
  34.     {
  35.         $this->params $params;
  36.         $this->security $security;
  37.         $this->logger $logger;
  38.         $this->translator $translator;
  39.         $this->requestStack $requestStack;
  40.         $this->session $this->requestStack->getSession();
  41.     }
  42.     
  43.     /**
  44.      * @Route("/", name="index")
  45.      */
  46.     public function index(Request $request)
  47.     {
  48.         return $this->redirectToRoute('qu_main');
  49.     }
  50.     
  51.     /**
  52.      * for session refreshing (AJAX calls)
  53.      * @Route("/refresh", name="refresh")
  54.      */
  55.     public function refresh(Request $request)
  56.     {        
  57.         $account $this->security->getUser()->getAccount();   
  58.         $sessionTime $account->findSOption('cfgSessionTime') == null $this->params->get('session_max_idle_time') : $account->findSOption('cfgSessionTime');
  59.         $sessionEndTime time() + $sessionTime;
  60.         return new Response($sessionEndTime);
  61.     }
  62.     
  63.     /**
  64.      * @Route("/remind-password", name="remind-password")
  65.      */
  66.     public function passwordRemind(Request $request)
  67.     {
  68.         return $this->render('security/password_remind.html.twig');
  69.     }
  70.     
  71.     /**
  72.      * @Route("/change_lang/{lang}", name="change_lang", requirements={"lang"="en|pl|es"})
  73.      */
  74.     public function changeLanguage($langRequest $request)
  75.     {
  76.         $referer $request->headers->get('referer');
  77.         
  78.         if($referer == null || $referer == "") {
  79.             $referer "/";
  80.         }
  81.         
  82.         $this->requestStack->getSession()->set('sessionlocale'$lang);
  83.         $cookie Cookie::create(User::LOCALE_COOKIE_NAME$langtime() + 24*7*3600'/');
  84.         $response $this->redirect($referer);
  85.         $response->headers->setCookie($cookie);
  86.         return $response;
  87.     }
  88.     
  89.     /**
  90.      * @Route("/app_init.js", name="js_init")
  91.      */
  92.     public function jsAppInit(Request $request)
  93.     {
  94.         $sessionTime $this->params->get('session_max_idle_time');
  95.         $paginationItems Account::NUMBER_OF_ITEMS;
  96.         $userPaginationItems Account::NUMBER_OF_ITEMS;
  97.         $historyPaginationItems Account::NUMBER_OF_ITEMS;
  98.         $passComplexity '';
  99.         $options = [];
  100.         $totalMem = [];
  101.         
  102.         if($this->security->getUser() != null) {
  103.             $account $this->security->getUser()->getAccount();
  104.             $passComplexity $this->security->getUser()->getPassComplexity();
  105.             $paginationItems $account->findSOption('cfgPagination') == null ?
  106.             (isset($_SERVER['APP_DEFAULT_PER_PAGE']) ? $_SERVER['APP_DEFAULT_PER_PAGE'] : Account::NUMBER_OF_ITEMS)
  107.             : $account->findSOption('cfgPagination');
  108.             $userPaginationItems $account->findSOption('cfgUserPagination') == null ?
  109.             (isset($_SERVER['APP_DEFAULT_PER_PAGE']) ? $_SERVER['APP_DEFAULT_PER_PAGE'] : Account::NUMBER_OF_ITEMS)
  110.             : $account->findSOption('cfgUserPagination');
  111.             $historyPaginationItems $account->findSOption('cfgHistoryPagination') == null ?
  112.             (isset($_SERVER['APP_DEFAULT_PER_PAGE']) ? $_SERVER['APP_DEFAULT_PER_PAGE'] : Account::NUMBER_OF_ITEMS)
  113.             : $account->findSOption('cfgHistoryPagination');
  114.             $sessionTime $account->findSOption('cfgSessionTime') == null $this->params->get('session_max_idle_time') : $account->findSOption('cfgSessionTime');            
  115.             $options $account->getSOptions();
  116.             
  117.             $totalMem = [];
  118.             $totalMem['mem'] = $totalMem['swap'] = 0;
  119.             
  120.             $userRoles $this->security->getUser()->getRoles();
  121.             
  122.             // total mem only for admin's chars
  123.             if(array_key_exists('HTTP_REFERER'$_SERVER) && str_contains($_SERVER['HTTP_REFERER'], 'charts')) {
  124.                 foreach($userRoles as $role) {
  125.                     if($role == 'ROLE_ADMIN') {
  126.                         $mem Api::getMemoryStats();
  127.                         
  128.                         $totalMem['mem'] = $mem['mem']['total'];
  129.                         $totalMem['swap'] = $mem['swap']['total'];
  130.                         break;
  131.                     } 
  132.                 }          
  133.             }
  134.         }
  135.         
  136.         $clearPasswords 'false';
  137.         
  138.         if(isset($_SERVER['APP_ALLOW_CLEAR_PASS'])) {
  139.             if($_SERVER['APP_ALLOW_CLEAR_PASS'] == 'true') {
  140.                 $clearPasswords 'true';
  141.             }
  142.         }
  143.         
  144.         $catchallAccounts = [];
  145.         
  146.         if($this->session->has('catchallAccounts')) {
  147.             $catchallAccounts $this->session->get('catchallAccounts');
  148.         }
  149.         else {
  150.             try {
  151.                 $cas Api::getCatchalls();
  152.                 
  153.                 foreach($cas as $ca) {
  154.                     $catchallAccounts[$ca->param->svalue] = $ca->user_name '@' $ca->user_domain;
  155.                 }
  156.                 
  157.                 $this->session->set('catchallAccounts'$catchallAccounts);
  158.             }
  159.             catch(\Exception $e) {}
  160.         }
  161.             
  162.         $sessionEndTime time() + $sessionTime;
  163.         $systemAliases = [];
  164.         
  165.         if(isset($_SERVER['APP_SYSTEM_ALIASES'])) {
  166.             $systemAliases AccountTools::envToArray($_SERVER['APP_SYSTEM_ALIASES']);
  167.         }
  168.         
  169.         $passGenReq = ['lower''upper''digit''special'];
  170.         
  171.         if(isset($_SERVER['APP_PASS_GEN_REQ'])) {
  172.             $passGenReq AccountTools::envToArray($_SERVER['APP_PASS_GEN_REQ']);
  173.         }
  174.         
  175.         $passGenLength 8;
  176.         
  177.         if(isset($_SERVER['APP_PASS_GEN_LENGTH'])) {
  178.             $passGenLength $_SERVER['APP_PASS_GEN_LENGTH'];
  179.         }
  180.         
  181.         
  182.         
  183.         return $this->render('app_init.js.twig', [
  184.             'apiEndpoint' => Api::getEndpoint(),
  185.             'sessionEndTime' => $sessionEndTime,
  186.             'passComplexity' => $passComplexity,
  187.             'paginationItems' => $paginationItems,
  188.             'userPaginationItems' => $userPaginationItems,
  189.             'historyPaginationItems' => $historyPaginationItems,
  190.             'locale' => $this->requestStack->getSession()->get('sessionlocale'),
  191.             'userOptions' => json_encode($options),
  192.             'clearPasswords' => $clearPasswords,
  193.             'catchallAccounts' => $catchallAccounts,
  194.             'systemAliases' => $systemAliases,
  195.             'passGenLength' => $passGenLength,
  196.             'passGenReq' => $passGenReq,
  197.             'totalMem' => $totalMem,
  198.         ]);
  199.     }
  200.     
  201.     /**
  202.      * @Route("/relog-webmail/{forceUserPanel}/{forceLang}/{msg}", defaults={"forceLang"="", "forceUserPanel"=0, "msg"=""}, name="relog-webmail", requirements={"forceLang"="[a-z-]{2}"})
  203.      * 
  204.      * @param $forceLang string - force language in webmail (pl / en / es) or '--' if no forcing
  205.      * @param $forceUserPanel - force return URL to point to panel start page (1). If 0 than return URL is referrer
  206.      * @param $msg - if not null show message before relog
  207.      */
  208.     public function relogWebmail(Request $request$forceLang$forceUserPanel$msg)
  209.     {
  210.         $systemHealth Api::checkSystemHealth();
  211.         
  212.         // allow login while API is not responding
  213.         if($systemHealth == 1) {
  214.             $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
  215.         }
  217.         $account $this->security->getUser()->getAccount();
  218.         $allowedServices $account->getAllowedServices();
  220.         if(!in_array('Webmail'$allowedServices)) {
  221.             $this->addFlash('error'$this->translator->trans('Webmail access is not allowed.'));
  222.             return $this->redirectToRoute("qu_main");
  223.         }
  224.         
  225.         $referer $request->headers->get('referer');
  226.         
  227.         if(!$this->requestStack->getSession()->has('storedPassword')) {
  228.             if(strlen($referer)) {
  229.                 return $this->redirect($referer);
  230.             }
  231.                 
  232.             return $this->redirectToRoute("app_login");
  233.         }
  234.             
  235.         if(!isset($_SERVER['ROUNDCUBE_URL'])) {
  236.             die('ROUNDCUBE_URL not defined');
  237.         }
  238.         
  239.         $imapUser AccountTools::decryptString($this->requestStack->getSession()->get('storedUsername'));
  240.         $imapPass urlencode(AccountTools::decryptString($this->requestStack->getSession()->get('storedPassword')));
  241.         
  242.         if($systemHealth == 1) {
  243.             // impersonated login?
  244.             if($this->isGranted('IS_IMPERSONATOR')) {
  245.                 $token $this->security->getToken();
  246.                 
  247.                 if ($token instanceof SwitchUserToken) {
  248.                     $impersonatorUser $token->getOriginalToken()->getUser();
  249.                 }
  250.                 
  251.                 $imapUser $this->security->getUser()->getUsername() . '*' $impersonatorUser->getUsername();
  252.             }
  253.         }
  254.         
  255.         // check if IMAP is working
  256.         if($systemHealth == 1) {
  257.             $systemStatus Api::getSystemStatus();
  258.             
  259.             if(($systemStatus['imap_143_status'] != 'OK') && ($systemStatus['imap_993_status'] != 'OK')) {
  260.                 $this->addFlash('error'$this->translator->trans('IMAP server not responding, relog to webmail not possible.'));
  261.                 return $this->redirectToRoute("qu_main");
  262.             }
  263.         }
  264.         
  265.         
  266.         $ch curl_init();
  267.         $cmd $_SERVER['ROUNDCUBE_INTERNAL_URL'] . '?_task=login&_qmailux=true';
  268.         $data '_task=login&_action=login&_timezone=_default_&_user=' $imapUser;
  269.         $data .= '&_pass=' $imapPass '&_qmailux=true';
  270.         $data .= '&submit';
  271.         
  272.         curl_setopt($chCURLOPT_POSTFIELDS$data);
  273.         curl_setopt($chCURLOPT_HTTPHEADER, array('Content-Type:application/x-www-form-urlencoded'));
  274.         curl_setopt($chCURLOPT_HEADERtrue); // return header, too
  275.         curl_setopt($chCURLOPT_URL$cmd);
  276.         curl_setopt($chCURLOPT_RETURNTRANSFER1);
  277.         curl_setopt($chCURLOPT_POST1);
  278.         
  279.         if(strstr($_SERVER['ROUNDCUBE_INTERNAL_URL'], 'local_internal') === false) {
  280.             curl_setopt($chCURLOPT_SSL_VERIFYHOST2);
  281.             curl_setopt($chCURLOPT_SSL_VERIFYPEER1);    
  282.         }
  283.         else {
  284.             curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
  285.             curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
  286.         }
  287.         
  288.         if(($output curl_exec($ch)) === false) {
  289.             $this->addFlash('error'$this->translator->trans('Relog to webmail not possible, contact administrator.'));
  290.             $this->logger->log('IndexController relogWebmail curl error: '$request, ['error_code' => curl_errno($ch), 'error_message' => curl_error($ch)], 'critical');
  291.             return $this->redirectToRoute("qu_main");
  292.         }
  293.         
  294.         curl_close($ch);
  295.         
  296.         $outputArr explode("\n"$output);
  297.         $location '';
  298.         
  299.         foreach($outputArr as $line) {
  300.             if(preg_match('/^Set-Cookie:/i'$line)) {
  301.                 //echo "line = $line<br>";
  302.                 $cookieArr explode('; 'str_ireplace('Set-Cookie: '''$line));
  303.                 $cookieNameVal explode('='$cookieArr[0]);
  304.                 
  305.                 if($cookieNameVal[1] == '-del-') {
  306.                     setcookie($cookieNameVal[0], $cookieNameVal[1], time() - 3600'/');
  307.                 }
  308.                 else {
  309.                     setcookie($cookieNameVal[0], $cookieNameVal[1], null'/');
  310.                 }
  311.             }
  312.             
  313.             if(preg_match('/^Location:/i'$line)) {
  314.                 $location str_ireplace('Location: '''$line);
  315.                 $location trim($location);
  316.             }   
  317.                         
  318.         }
  319.         
  320.         if((!array_key_exists('DONT_FORCE_LANG_ROUNDCUBE'$_SERVER)) || ($_SERVER['DONT_FORCE_LANG_ROUNDCUBE'] == false)) {
  321.             if($forceLang != '' && $forceLang != '--') {
  322.                 $forceLang $this->_localeToLang($forceLang);
  323.                 setcookie('forcelang'$forceLangnull'/');
  324.             }
  325.         }
  326.         
  327.         // set cookie if this is impersonated session
  328.         if($this->isGranted('IS_IMPERSONATOR')) {
  329.             setcookie('impersonated'10'/');
  330.         }
  331.         else {
  332.             setcookie('impersonated'''time() - 3600'/');
  333.         }
  334.         
  335.         if($forceUserPanel) {
  336.             setcookie('panelreturnurl'$this->generateUrl('qu_main'), null'/');
  337.         }
  338.         else {
  339.             if($referer != '') {
  340.                 // if referer is login page set main panel page intead
  341.                 if(strstr($referer$this->generateUrl('app_login')) || strstr($referer$this->generateUrl('2fa_login'))) {
  343.                     if($this->security->isGranted('ROLE_POSTMASTER')) {
  344.                         setcookie('panelreturnurl'$this->generateUrl('qp_main'), null'/');
  345.                     }
  346.                     else {
  347.                         setcookie('panelreturnurl'$this->generateUrl('qu_main'), null'/');
  348.                     }
  349.                     
  350.                 }
  351.                 else {
  352.                     setcookie('panelreturnurl'$referer0'/');
  353.                 }
  355.                 
  356.             }
  357.             else {
  358.                 setcookie('panelreturnurl'''time() - 3600'/');
  359.             }
  360.         }
  361.         
  362.         if((strlen($msg) > 0) && array_key_exists('APP_LOGIN_TARGET_MSG'$_SERVER) && $_SERVER['APP_LOGIN_TARGET_MSG'] == 'true') {
  363.             return $this->forward('\App\Controller\IndexController::relogWebmailShowMsg', [
  364.                 'retLocation' => $location,
  365.                 'msg' => urlencode($msg),
  366.             ]);
  367.         }
  368.         else {
  369.             return $this->redirect($_SERVER['ROUNDCUBE_URL'] . $location);
  370.         }
  371.     }
  372.     
  373.     /**
  374.      * @Route("/relog-webmail-show-msg/{retLocation}/{msg}", name="relog-webmail-show-msg")
  375.      *
  376.      * @param $retLocation - where to redirect inside webmail
  377.      * @param $msg - message to show before relog
  378.      */
  379.     public function relogWebmailShowMsg($retLocation$msg)
  380.     {
  381.         return $this->render('index/relog_msg.html.twig', [
  382.             'retLocation' => $_SERVER['ROUNDCUBE_URL'] . $retLocation,
  383.             'msg' => urldecode($msg),
  384.         ]);   
  385.     }
  386.     
  387.     /**
  388.      * @Route("/general-error/", name="general-error")
  389.      */
  390.     public function generalError(Request $request)
  391.     {        
  392.         $account $this->security->getUser()->getAccount();
  393.         $skin $account->findSOption('cfgSkin') == null 'standard' $account->findSOption('cfgSkin');
  394.         return $this->render('skins/' $skin '/general_error.html.twig');
  395.     }
  396.     
  397.     /**
  398.      * catch-all routing in routes.yaml
  399.      */
  400.     public function apiPassThrough(Request $request)
  401.     {
  402.         $uri $request->getRequestUri();
  403.                 
  404.         $cmd preg_replace('/.*?\/api\//'''$uri);
  405.         $cmdData = [];
  406.         $cmdData['command'] = $cmd;
  407.         
  408.         if(($data $request->request->all())) {
  409.             $cmdData['data'] = $data;
  410.         }
  411.         
  412.         $this->denyAccessUnlessGranted('API_PASS_THROUGH'$cmdData);
  413.         
  414.         
  415.         if($data) {
  416.             $ret Api::passThrough($cmdjson_encode($data));
  417.         }
  418.         else {
  419.             $ret Api::passThrough($cmd);
  420.         }
  421.         
  422.         return new Response($ret);
  423.     }
  425.     /**
  426.      * @Route("/check2fa/{token}", name="check-two-factor", requirements={"token"="^[a-z0-9]{48}$"})
  427.      * 
  428.      * checks if the token is valid when user adds new alternative email address for 2FA
  429.      * 
  430.      * @param $token - token to check
  431.      */
  432.     public function checkTwoFactor(Request $requeststring $token)
  433.     {
  434.         $skin 'raw';
  436.         if(Api::checkTwoFactorToken($token)) {
  437.             $userEmail Api::getEmailForTwoFactorToken($token);
  438.             $userArr explode('@'$userEmail);
  440.             if(count($userArr) != 2) {
  441.                 $this->addFlash('error'$this->translator->trans('Email for two factor authentication NOT linked - contact administrator'));
  442.                 $this->logger->log('Error while linking email for two factor authentication - email has no correct format'$request, ['userEmail' => $userEmail], 'error');
  443.             }
  445.             $account Api::getAccount($userArr[0], $userArr[1]);
  447.             if(!is_null($account)) {
  448.                 $account->setSOption('emailForAuthConfirmed''1');
  449.                 $account->setSOption('cfgTwoFactorEnabled''1');
  451.                 if(Api::saveAccountParameters($account)) {
  452.                     $this->addFlash('notice'$this->translator->trans('Email for two factor authentication successfuly linked. Two factor authentication is now enabled.'));
  453.                     $this->logger->log('Email for two factor authentication linked'$request, ['userEmail' => $userEmail]);
  454.                 }
  455.                 else {
  456.                     $this->addFlash('error'$this->translator->trans('Email for two factor authentication NOT linked, error saving configuration. Contact administrator.'));
  457.                     $this->logger->log('Error while linking email for two factor authentication'$request, ['userEmail' => $userEmail], 'error');
  458.                 }
  460.                 $skin $account->findSOption('cfgSkin') == null 'standard' $account->findSOption('cfgSkin');
  462.                 // if already logged in - reload config
  463.                 if($this->isGranted('ROLE_USER')) {
  464.                     $this->getUser()->loadAccount();
  465.                     $this->getUser()->setForceCodeNextTime();
  466.                 }
  467.             }
  468.         }
  469.         else {
  470.             $this->addFlash('error'$this->translator->trans('Two factor authentication token not valid or expired'));
  471.         }
  472.         
  473.         return $this->render('skins/' $skin '/check2fa_token.html.twig');
  474.     }
  475.     
  476.     private function _localeToLang($locale)
  477.     {
  478.         if($locale == 'pl') {
  479.             return 'pl_PL';
  480.         }
  481.         
  482.         if($locale == 'en') {
  483.             return 'en_US';
  484.         }
  485.         
  486.         if($locale == 'es') {
  487.             return 'es_ES';
  488.         }
  489.         
  490.         return $locale;
  491.     }
  492. }