[Web] Cleanup Rspamd, other fixes

data/web/inc/functions.inc.php

@@ -1059,12 +1059,12 @@ function fido2($_data) {
         $_SESSION['mailcow_cc_role'] != "admin") {
           return false;
       }
-      $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
+      $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `created`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
       $stmt->execute(array(':username' => $username));
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       while($row = array_shift($rows)) {
         $fns[] = array(
-          "subject" => $row['certificateSubject'],
+          "subject" => (empty($row['certificateSubject']) ? 'Unknown (' . $row['created'] . ')' : $row['certificateSubject']),
           "fn" => $row['friendlyName'],
           "cid" => $row['cid']
         );

data/web/inc/functions.rspamd.inc.php

@@ -24,23 +24,13 @@ function rsettings($_action, $_data = null) {
         );
         return false;
       }
-      try {
-        $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
-          VALUES (:content, :desc, :active)");
-        $stmt->execute(array(
-          ':content' => $content,
-          ':desc' => $desc,
-          ':active' => $active
-        ));
-      }
-      catch (PDOException $e) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('mysql_error', $e)
-        );
-        return false;
-      }
+      $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
+        VALUES (:content, :desc, :active)");
+      $stmt->execute(array(
+        ':content' => $content,
+        ':desc' => $desc,
+        ':active' => $active
+      ));
       $_SESSION['return'][] = array(
         'type' => 'success',
         'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -73,27 +63,17 @@ function rsettings($_action, $_data = null) {
           continue;
         }
         $content = trim($content);
-        try {
-          $stmt = $pdo->prepare("UPDATE `settingsmap` SET
-            `content` = :content,
-            `desc` = :desc,
-            `active` = :active
-              WHERE `id` = :id");
-          $stmt->execute(array(
-            ':content' => $content,
-            ':desc' => $desc,
-            ':active' => $active,
-            ':id' => $id
-          ));
-        }
-        catch (PDOException $e) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('mysql_error', $e)
-          );
-          continue;
-        }
+        $stmt = $pdo->prepare("UPDATE `settingsmap` SET
+          `content` = :content,
+          `desc` = :desc,
+          `active` = :active
+            WHERE `id` = :id");
+        $stmt->execute(array(
+          ':content' => $content,
+          ':desc' => $desc,
+          ':active' => $active,
+          ':id' => $id
+        ));
         $_SESSION['return'][] = array(
           'type' => 'success',
           'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -112,18 +92,8 @@ function rsettings($_action, $_data = null) {
       }
       $ids = (array)$_data['id'];
       foreach ($ids as $id) {
-        try {
-          $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
-          $stmt->execute(array(':id' => $id));
-        }
-        catch (PDOException $e) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('mysql_error', $e)
-          );
-          return false;
-        }
+        $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
+        $stmt->execute(array(':id' => $id));
         $_SESSION['return'][] = array(
           'type' => 'success',
           'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -157,55 +127,12 @@ function rsettings($_action, $_data = null) {
     break;
   }
 }
-function rspamd($_action, $_data = null) {
+function rspamd_maps($_action, $_data = null) {
 	global $pdo;
 	global $lang;
 	global $RSPAMD_MAPS;
   $_data_log = $_data;
   switch ($_action) {
-    case 'add':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $content = $_data['content'];
-      $desc = $_data['desc'];
-      $active = intval($_data['active']);
-      if (empty($content)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'map_content_empty'
-        );
-        return false;
-      }
-      try {
-        $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
-          VALUES (:content, :desc, :active)");
-        $stmt->execute(array(
-          ':content' => $content,
-          ':desc' => $desc,
-          ':active' => $active
-        ));
-      }
-      catch (PDOException $e) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('mysql_error', $e)
-        );
-        return false;
-      }
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => 'settings_map_added'
-      );
-    break;
     case 'edit':
       if ($_SESSION['mailcow_cc_role'] != "admin") {
         $_SESSION['return'][] = array(
@@ -255,59 +182,30 @@ function rspamd($_action, $_data = null) {
         );
       }
     break;
-    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $ids = (array)$_data['id'];
-      foreach ($ids as $id) {
-        try {
-          $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
-          $stmt->execute(array(':id' => $id));
-        }
-        catch (PDOException $e) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('mysql_error', $e)
-          );
-          return false;
-        }
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('settings_map_removed', htmlspecialchars($id))
-        );
-      }
-    break;
-    case 'get':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        return false;
-      }
-      $settingsmaps = array();
-      $stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`");
-      $settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      return $settingsmaps;
-    break;
-    case 'details':
-      if ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
-      }
-      $settingsmapdata = array();
-      $stmt = $pdo->prepare("SELECT `id`,
-        `desc`,
-        `content`,
-        `active`
-          FROM `settingsmap`
-            WHERE `id` = :id");
-      $stmt->execute(array(':id' => $_data));
-      $settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC);
-      return $settingsmapdata;
-    break;
   }
-}
+}
+function rspamd_actions() {
+  if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_role"] == "admin") {
+    $curl = curl_init();
+    curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+    curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
+    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+    $data = curl_exec($curl);
+    if ($data) {
+      $return = array();
+      $stats_array = json_decode($data, true)['actions'];
+      $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
+      unset($stats_array['greylist']);
+      foreach ($stats_array as $action => $count) {
+        $return[] = array($action, $count);
+      }
+      return $return;
+    }
+    else {
+      return false;
+    }
+  }
+  else {
+    return false;
+  }
+}

data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmjCCAT8CFBZiBJbp2fT/LaRJ8Xwl9qhX62boMAoGCCqGSM49BAMCME4xCzAJ
+BgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBHbWJIMRAwDgYDVQQLDAdSb290
+IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wIBcNMTkxMjA0MDczNTM1WhgPMjA2
+OTExMjEwNzM1MzVaME4xCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBH
+bWJIMRAwDgYDVQQLDAdSb290IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6KIN2gXqaSMWdWir/Hnx58NBzjthYdNv
+k95hdt7jCpyW2cHqLdQ5Sqcvo0CuordgDOach0ZGB60w9GZY8SHJMAoGCCqGSM49
+BAMCA0kAMEYCIQDLmdy2G2mM4rZKjl6CVfjV7khilIS5D3xRQzubeqzQNAIhAKIG
+X29SfiB6K9k6Hb3q+q7bRn1o1dhV1cj592YYnu1/
+-----END CERTIFICATE-----

data/web/inc/prerequisites.inc.php

@@ -60,6 +60,7 @@ $formats = $GLOBALS['FIDO2_FORMATS'];
 $WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem');
+$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem');

data/web/json_api.php

@@ -401,27 +401,16 @@ if (isset($_GET['query'])) {
           return;
         break;
       }
-      if (!isset($_SESSION['pending_mailcow_cc_username'])) {
+      if (isset($_SESSION['mailcow_cc_role'])) {
         switch ($category) {
           case "rspamd":
             switch ($object) {
               case "actions":
-                $curl = curl_init();
-                curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
-                curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
-                curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-                $data = curl_exec($curl);
+                $data = rspamd_actions();
                 if ($data) {
-                  $return = array();
-                  $stats_array = json_decode($data, true)['actions'];
-                  $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
-                  unset($stats_array['greylist']);
-                  foreach ($stats_array as $action => $count) {
-                    $return[] = array($action, $count);
-                  }
-                  echo json_encode($return, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                  echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                 }
-                elseif (!isset($data) || empty($data)) {
+                else {
                   echo '{}';
                 }
               break;
@@ -1295,53 +1284,55 @@ if (isset($_GET['query'])) {
             }
           break;
           case "status":
-            switch ($object) {
-              case "containers":
-                $containers = (docker('info'));
-                foreach ($containers as $container => $container_info) {
-                  $container . ' (' . $container_info['Config']['Image'] . ')';
-                  $containerstarttime = ($container_info['State']['StartedAt']);
-                  $containerstate = ($container_info['State']['Status']);
-                  $containerimage = ($container_info['Config']['Image']);
-                  $temp[$container] = array(
+            if ($_SESSION['mailcow_cc_role'] == "admin") {
+              switch ($object) {
+                case "containers":
+                  $containers = (docker('info'));
+                  foreach ($containers as $container => $container_info) {
+                    $container . ' (' . $container_info['Config']['Image'] . ')';
+                    $containerstarttime = ($container_info['State']['StartedAt']);
+                    $containerstate = ($container_info['State']['Status']);
+                    $containerimage = ($container_info['Config']['Image']);
+                    $temp[$container] = array(
+                      'type' => 'info',
+                      'container' => $container,
+                      'state' => $containerstate,
+                      'started_at' => $containerstarttime,
+                      'image' => $containerimage
+                    );
+                  }
+                  echo json_encode($temp, JSON_UNESCAPED_SLASHES);
+                break;
+                case "vmail":
+                  $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
+                  $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true));
+                  $temp = array(
                     'type' => 'info',
-                    'container' => $container,
-                    'state' => $containerstate,
-                    'started_at' => $containerstarttime,
-                    'image' => $containerimage
+                    'disk' => $vmail_df[0],
+                    'used' => $vmail_df[2],
+                    'total'=> $vmail_df[1],
+                    'used_percent' => $vmail_df[4]
                   );
-                }
-                echo json_encode($temp, JSON_UNESCAPED_SLASHES);
+                  echo json_encode($temp, JSON_UNESCAPED_SLASHES);
               break;
-              case "vmail":
-                $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
-                $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true));
-                $temp = array(
+              case "solr":
+                $solr_status = solr_status();
+                $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
+                $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
+                if (strtolower(getenv('SKIP_SOLR')) != 'n') {
+                  $solr_enabled = false;
+                }
+                else {
+                  $solr_enabled = true;
+                }
+                echo json_encode(array(
                   'type' => 'info',
-                  'disk' => $vmail_df[0],
-                  'used' => $vmail_df[2],
-                  'total'=> $vmail_df[1],
-                  'used_percent' => $vmail_df[4]
-                );
-                echo json_encode($temp, JSON_UNESCAPED_SLASHES);
-            break;
-            case "solr":
-              $solr_status = solr_status();
-              $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
-              $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
-              if (strtolower(getenv('SKIP_SOLR')) != 'n') {
-                $solr_enabled = false;
-              }
-              else {
-                $solr_enabled = true;
+                  'solr_enabled' => $solr_enabled,
+                  'solr_size' => $solr_size,
+                  'solr_documents' => $solr_documents
+                ));
+              break;
               }
-              echo json_encode(array(
-                'type' => 'info',
-                'solr_enabled' => $solr_enabled,
-                'solr_size' => $solr_size,
-                'solr_documents' => $solr_documents
-              ));
-            break;
             }
           break;
         break;

data/web/lang/lang.de.json

@@ -419,6 +419,7 @@
         "targetd_relay_domain": "Ziel-Domain %s ist eine Relay-Domain",
         "temp_error": "Temporärer Fehler",
         "text_empty": "Text darf nicht leer sein",
+        "tfa_token_invalid": "TFA Token ungültig",
         "tls_policy_map_dest_invalid": "Ziel ist ungültig",
         "tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits",
         "tls_policy_map_parameter_invalid": "Parameter ist ungültig",

data/web/lang/lang.en.json

@@ -419,6 +419,7 @@
         "targetd_relay_domain": "Target domain %s is a relay domain",
         "temp_error": "Temporary error",
         "text_empty": "Text must not be empty",
+        "tfa_token_invalid": "TFA Token ungültig",
         "tls_policy_map_dest_invalid": "Policy destination is invalid",
         "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
         "tls_policy_map_parameter_invalid": "Policy parameter is invalid",
@@ -904,6 +905,7 @@
         "set_tfa": "Set two-factor authentication method",
         "start_u2f_validation": "Start validation",
         "tfa": "Two-factor authentication",
+        "tfa_token_invalid": "TFA Token ungültig",
         "totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
         "u2f": "U2F authentication",
         "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.",