jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Only generate mailpassword and fetch mailboxes if the oidc client wants the mailclient scope

Browse Source
This commit is contained in:
Johannes Zellner
2026-02-25 16:07:43 +01:00
parent d2fbea8e39
commit 6dbd97ba14
1 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/oidcserver.js
+20 -18
View File
@@ -533,20 +533,6 @@ async function getClaims(username, use, scope, clientId) {
const [groupsError, allGroups] = await safe(groups.listWithMembers());
if (groupsError) return { error: groupsError.message };
const [mailboxesError, mailboxes] = await safe(mail.listMailboxesByUserId(user.id));
if (mailboxesError) return { error: mailboxesError.message };
let mailPassword = null;
if (clientId) {
let mailPw = await mailpasswords.get(clientId, user.id);
if (!mailPw) {
const generatedPassword = crypto.randomBytes(48).toString('hex');
await mailpasswords.add(clientId, user.id, generatedPassword);
mailPw = await mailpasswords.get(clientId, user.id);
}
if (mailPw) mailPassword = mailPw.password;
}
const displayName = user.displayName || user.username || ''; // displayName can be empty and username can be null
const { firstName, lastName, middleName } = users.parseDisplayName(displayName);
@@ -565,12 +551,28 @@ async function getClaims(username, use, scope, clientId) {
picture: `https://${dashboardFqdn}/api/v1/profile/avatar/${user.id}`, // we always store as png
preferred_username: user.username,
groups: allGroups.filter(function (g) { return g.userIds.indexOf(user.id) !== -1; }).map(function (g) { return `${g.name}`; }),
mailclient: {
accessToken: mailPassword,
mailboxes,
},
mailclient: {},
};
if (clientId && scope.includes('mailclient')) {
const [mailboxesError, mailboxes] = await safe(mail.listMailboxesByUserId(user.id));
if (mailboxesError) return { error: mailboxesError.message };
let mailPw = await mailpasswords.get(clientId, user.id);
if (!mailPw) {
const generatedPassword = crypto.randomBytes(48).toString('hex');
await mailpasswords.add(clientId, user.id, generatedPassword);
mailPw = await mailpasswords.get(clientId, user.id);
}
if (!mailPw) return { error: 'could not generate mailclient claim' };
claims.mailclient = {
accessToken: mailPw.password,
mailboxes,
};
}
return claims;
}