Redesign Nextcloud OIDC login #1420

2026-06-28 14:55:48 +00:00 · 2024-02-06 20:31:50 +01:00
parent 66c9091b88
commit 59fea00a31
6 changed files with 20 additions and 6 deletions
--- a/integrations/nextcloud/snappymail/README.md
+++ b/integrations/nextcloud/snappymail/README.md
@@ -79,6 +79,8 @@ If your IMAP server only accepts usernames without a domain (for example the lda
 If the user sets his credentials for the mailbox in his personal account under "Settings -> Additional settings", these credentials are used by SnappyMail to login.
 If no personal credentials are defined the mail address of the Nextcloud user and his password are used by SnappyMail to login. SnappyMail will lookup the "Domain" settings for a configuration that meets the domain part of the mail address passed as username.

+#### Option 4: Attempt to automatically login with OIDC when active
+
 ### Auto-connection for all Nextcloud users
 If your Nextcloud users base is synchronized with an email system, then it is possible that Nextcloud credentials could be used right away to access the centralized email system. In the SnappyMail admin settings, the Nextcloud administrator can then tick the "Automatically login with Nextcloud/Nextcloud user credentials" checkbox.

--- a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
+++ b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
@@ -52,6 +52,7 @@ class FetchController extends Controller {
 					isset($_POST['snappymail-autologin']) ? '1' === $_POST['snappymail-autologin'] : false);
 				$this->config->setAppValue('snappymail', 'snappymail-autologin-with-email',
 					isset($_POST['snappymail-autologin']) ? '2' === $_POST['snappymail-autologin'] : false);
+				$this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
 				$this->config->setAppValue('snappymail', 'snappymail-no-embed', isset($_POST['snappymail-no-embed']));
 			} else {
 				return new JSONResponse([
--- a/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
+++ b/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
@@ -22,6 +22,7 @@ class AdminSettings implements ISettings
 		$keys = [
 			'snappymail-autologin',
 			'snappymail-autologin-with-email',
+			'snappymail-autologin-oidc',
 			'snappymail-no-embed'
 		];
 		$parameters = [];
--- a/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
+++ b/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
@@ -152,6 +152,12 @@ class SnappyMailHelper
 			if ($sPassword) {
 				$sPassword = static::decodePassword($sPassword, $sUID);
 			}
+			if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false) && $ocSession->get('is_oidc')) {
+				$sAccessToken = $ocSession->get('oidc_access_token');
+				if ($sAccessToken) {
+					$sPassword = $sAccessToken;
+				}
+			}
 		}

 		// If the user has set credentials for SnappyMail in their personal
--- a/integrations/nextcloud/snappymail/templates/admin-local.php
+++ b/integrations/nextcloud/snappymail/templates/admin-local.php
@@ -38,6 +38,13 @@
 				</div>
 			</p>
 			<br />
+			<p>
+				<input id="snappymail-autologin-oidc" name="snappymail-autologin-oidc" type="checkbox" class="checkbox" <?php if ($_['snappymail-autologin-oidc']) echo 'checked="checked"'; ?>>
+				<label for="snappymail-autologin-oidc">
+					<?php echo($l->t('Attempt to automatically login with OIDC when active')); ?>
+				</label>
+			</p>
+			<br />
 			<p>
 				<input id="snappymail-no-embed" name="snappymail-no-embed" type="checkbox" class="checkbox" <?php if ($_['snappymail-no-embed']) echo 'checked="checked"'; ?>>
 				<label for="snappymail-no-embed">