Merge pull request #138 from Zentyal/jgarcia/fix-multidomain-web

Avoid reading emails from other domains (info@foo vs info@bar)

SoObjects/SOGo/SOGoUserFolder.m

@@ -427,7 +427,8 @@
         {
           currentUser = [users objectAtIndex: i];
           field = [currentUser objectForKey: @"c_uid"];
-          if (enableDomainBasedUID)
+          if (enableDomainBasedUID &&
+              [field rangeOfString: @"@"].location == NSNotFound)
             field = [NSString stringWithFormat: @"%@@%@", field, domain];
           if (![field isEqualToString: login])
             {

SoObjects/SOGo/SOGoUserManager.m

@@ -362,6 +362,7 @@ static Class NSNullK;
   NSDictionary *contactInfos;
   NSString *login;
   SOGoDomainDefaults *dd;
+  SOGoSystemDefaults *sd;
 
   contactInfos = [self contactInfosForUserWithUIDorEmail: uid
                                                 inDomain: domain];
@@ -373,7 +374,19 @@ static Class NSNullK;
       else
         dd = [SOGoSystemDefaults sharedSystemDefaults];
 
-      login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid;
+      if ([dd forceExternalLoginWithEmail])
+        {
+          sd = [SOGoSystemDefaults sharedSystemDefaults];
+          if ([sd enableDomainBasedUID])
+            // On multidomain environment we must use uid@domain
+            // for getEmailForUID method
+            login = [NSString stringWithFormat: @"%@@%@", uid, domain];
+          else
+            login = uid;
+          login = [self getEmailForUID: login];
+        }
+      else
+        login = uid;
     }
 
   return login;
@@ -485,27 +498,22 @@ static Class NSNullK;
               grace: (int *) _grace
            useCache: (BOOL) useCache
 {
-  NSMutableDictionary *currentUser, *failedCount;
+  NSMutableDictionary *currentUser;
+  NSDictionary *failedCount;
   NSString *dictPassword, *username, *jsonUser;
   SOGoSystemDefaults *dd;
   BOOL checkOK;
 
-  // We check for cached passwords. If the entry is cached, we 
+  if (*_domain && [_login rangeOfString: @"@"].location == NSNotFound)
-  // check this immediately. If not, we'll go directly at the
-  // authentication source and try to validate there, then cache it.
-  if (*_domain != nil)
     username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
   else
     username = _login;
 
-  failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
-  dd = [SOGoSystemDefaults sharedSystemDefaults];
-
-  //
   // We check the fail count per user in memcache (per server). If the
   // fail count reaches X in Y minutes, we deny immediately the
   // authentications for Z minutes
-  //
+  failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
+  dd = [SOGoSystemDefaults sharedSystemDefaults];
   if (failedCount)
     {
       unsigned int current_time, start_time, delta, block_time;
@@ -531,7 +539,9 @@ static Class NSNullK;
         }
     }
 
-
+  // We check for cached passwords. If the entry is cached, we
+  // check this immediately. If not, we'll go directly at the
+  // authentication source and try to validate there, then cache it.
   jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
   currentUser = [jsonUser objectFromJSONString];
   dictPassword = [currentUser objectForKey: @"password"];
@@ -632,7 +642,8 @@ static Class NSNullK;
       // internal cache.
       [currentUser setObject: [newPassword asSHA1String] forKey: @"password"];
       sd = [SOGoSystemDefaults sharedSystemDefaults];
-      if ([sd enableDomainBasedUID])
+      if ([sd enableDomainBasedUID] &&
+          [login rangeOfString: @"@"].location == NSNotFound)
         userLogin = [NSString stringWithFormat: @"%@@%@", login, domain];
       else
         userLogin = login;
@@ -785,24 +796,20 @@ static Class NSNullK;
            withLogin: (NSString *) login
 {
   NSEnumerator *emails;
-  NSString *key;
+  NSString *key, *user_json;
 
-  [[SOGoCache sharedCache]
+  user_json = [newUser jsonRepresentation];
-        setUserAttributes: [newUser jsonRepresentation]
+  [[SOGoCache sharedCache] setUserAttributes: user_json
-                 forLogin: login];
+                                    forLogin: login];
   if (![newUser isKindOfClass: NSNullK])
     {
-      key = [newUser objectForKey: @"c_uid"];
-      if (key && ![key isEqualToString: login])
-        [[SOGoCache sharedCache]
-            setUserAttributes: [newUser jsonRepresentation]
-                     forLogin: key];
-
       emails = [[newUser objectForKey: @"emails"] objectEnumerator];
       while ((key = [emails nextObject]))
-        [[SOGoCache sharedCache]
+        {
-            setUserAttributes: [newUser jsonRepresentation]
+          if (![key isEqualToString: login])
-                     forLogin: key];
+            [[SOGoCache sharedCache] setUserAttributes: user_json
+                                              forLogin: key];
+        }
     }
 }
 

UI/MainUI/SOGoRootPage.m

@@ -228,7 +228,8 @@
       if ([domain isNotNull])
         {
           sd = [SOGoSystemDefaults sharedSystemDefaults];
-          if ([sd enableDomainBasedUID])
+          if ([sd enableDomainBasedUID] &&
+              [username rangeOfString: @"@"].location == NSNotFound)
             username = [NSString stringWithFormat: @"%@@%@", username, domain];
         }
 
@@ -587,7 +588,8 @@
       if ([domain isNotNull])
         {
           sd = [SOGoSystemDefaults sharedSystemDefaults];
-          if ([sd enableDomainBasedUID])
+          if ([sd enableDomainBasedUID] &&
+              [username rangeOfString: @"@"].location == NSNotFound)
             username = [NSString stringWithFormat: @"%@@%@", username, domain];
         }