Examples with AuthToken com.zimbra.cs.account.AuthToken used on opensource projects

Example 81 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class GalGroupMembers method getGroupMembers.

/**
     * return all members of a GAL group
     *
     * @param groupName
     * @param account    The requested account.  It is needed for getting the GAL configuration.
     * @return
     * @throws ServiceException
     */
public static Set<String> getGroupMembers(String groupName, Account account) throws ServiceException {
    // create a ZimbraSoapContext and request for GAL sync account proxy (in case it has to do so)
    // use the global admin's credentials to bypass any permission check
    //
    AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
    ZimbraSoapContext zsc = new ZimbraSoapContext(adminAuthToken, account.getId(), SoapProtocol.Soap12, SoapProtocol.Soap12);
    Element request = Element.create(SoapProtocol.Soap12, AccountConstants.GET_DISTRIBUTION_LIST_MEMBERS_REQUEST);
    Element eDL = request.addElement(AdminConstants.E_DL).setText(groupName);
    DLMembersResult dlMembersResult = searchGal(zsc, account, groupName, request);
    if (dlMembersResult == null) {
        throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(groupName);
    }
    return dlMembersResult.getAllMembers();
}

Example 82 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class TestContentTransferEncoding method sendForwardedMessage.

private MimeMessage sendForwardedMessage(SendMsgRequest req, Message origMsg) throws Exception {
    Element reqElt = JaxbUtil.jaxbToElement(req);
    Element msgElt = reqElt.getElement(MailConstants.E_MSG);
    AuthToken at = AuthProvider.getAuthToken(mbox.getAccount());
    ZimbraSoapContext zsc = new ZimbraSoapContext(at, mbox.getAccountId(), SoapProtocol.Soap12, SoapProtocol.Soap12);
    return ParseMimeMessage.parseMimeMsgSoap(zsc, null, mbox, msgElt, null, new MimeMessageData());
}

Example 83 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class OAuthServiceProvider method markAsAuthorized.

/**
     * Mark OAuth consumer as authorized and update accessor properties.
     */
public static synchronized void markAsAuthorized(OAuthAccessor accessor, String userId, String zauthtoken) throws OAuthException {
    accessor.setProperty("user", userId);
    accessor.setProperty("authorized", Boolean.TRUE);
    accessor.setProperty("ZM_AUTH_TOKEN", zauthtoken);
    AuthToken zimbraAuthToken;
    try {
        zimbraAuthToken = ZimbraAuthToken.getAuthToken(zauthtoken);
        final Account account = zimbraAuthToken.getAccount();
        setAccountPropertiesForAccessor(account, accessor);
    } catch (AuthTokenException | UnsupportedEncodingException | ServiceException e) {
        throw new OAuthException(e);
    }
    accessor.consumer.setProperty("approved_on", Long.toString(System.currentTimeMillis()));
}

Example 84 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class DavServlet method isProxyRequest.

private boolean isProxyRequest(DavContext ctxt, DavMethod m) throws IOException, DavException, ServiceException {
    Provisioning prov = Provisioning.getInstance();
    ItemId target = null;
    String extraPath = null;
    String requestPath = ctxt.getPath();
    try {
        if (ctxt.getUser() == null) {
            return false;
        }
        if (requestPath == null || requestPath.length() < 2) {
            return false;
        }
        Account account = prov.getAccountByName(ctxt.getUser());
        if (account == null) {
            return false;
        }
        Mailbox mbox = MailboxManager.getInstance().getMailboxByAccount(account);
        Pair<Folder, String> match = mbox.getFolderByPathLongestMatch(ctxt.getOperationContext(), Mailbox.ID_FOLDER_USER_ROOT, requestPath);
        Folder targetFolder = match.getFirst();
        if (!(targetFolder instanceof Mountpoint)) {
            return false;
        }
        Mountpoint mp = (Mountpoint) targetFolder;
        target = new ItemId(mp.getOwnerId(), mp.getRemoteId());
        extraPath = match.getSecond();
    } catch (ServiceException e) {
        ZimbraLog.dav.debug("can't get path", e);
        return false;
    }
    // we also don't proxy DELETE on a mountpoint.
    if (extraPath == null && (m.getName().equals(PropFind.PROPFIND) && ctxt.getDepth() == DavContext.Depth.zero || m.getName().equals(PropPatch.PROPPATCH) || m.getName().equals(Delete.DELETE))) {
        return false;
    }
    String prefix = ctxt.getPath();
    if (extraPath != null) {
        prefix = prefix.substring(0, prefix.indexOf(extraPath));
    }
    prefix = HttpUtil.urlEscape(DAV_PATH + "/" + ctxt.getUser() + prefix);
    if (!prefix.endsWith("/")) {
        prefix += "/";
    }
    // make sure the target account exists.
    Account acct = prov.getAccountById(target.getAccountId());
    if (acct == null) {
        return false;
    }
    Server server = prov.getServer(acct);
    if (server == null) {
        return false;
    }
    // get the path to the target mail item
    AuthToken authToken = AuthProvider.getAuthToken(ctxt.getAuthAccount());
    ZMailbox.Options zoptions = new ZMailbox.Options(authToken.toZAuthToken(), AccountUtil.getSoapUri(acct));
    zoptions.setNoSession(true);
    zoptions.setTargetAccount(target.getAccountId());
    zoptions.setTargetAccountBy(Key.AccountBy.id);
    ZMailbox zmbx = ZMailbox.getMailbox(zoptions);
    ZFolder f = zmbx.getFolderById("" + target.toString());
    if (f == null) {
        return false;
    }
    String path = f.getPath();
    String newPrefix = HttpUtil.urlEscape(DAV_PATH + "/" + acct.getName() + f.getPath());
    if (ctxt.hasRequestMessage()) {
        // replace the path in <href> of the request with the path to the target mail item.
        Document req = ctxt.getRequestMessage();
        for (Object hrefObj : req.getRootElement().elements(DavElements.E_HREF)) {
            if (!(hrefObj instanceof Element)) {
                continue;
            }
            Element href = (Element) hrefObj;
            String v = href.getText();
            // prefix matching is not as straightforward as we have jetty redirect from /dav to /home/dav.
            href.setText(newPrefix + "/" + v.substring(v.lastIndexOf('/') + 1));
        }
    }
    // build proxy request
    String url = getProxyUrl(ctxt.getRequest(), server, DAV_PATH) + HttpUtil.urlEscape("/" + acct.getName() + path + "/" + (extraPath == null ? "" : extraPath));
    HttpState state = new HttpState();
    authToken.encode(state, false, server.getAttr(Provisioning.A_zimbraServiceHostname));
    HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    client.setState(state);
    HttpMethod method = m.toHttpMethod(ctxt, url);
    method.setRequestHeader(new Header(DavProtocol.HEADER_USER_AGENT, "Zimbra-DAV/" + BuildInfo.VERSION));
    if (ZimbraLog.dav.isDebugEnabled()) {
        Enumeration<String> headers = ctxt.getRequest().getHeaderNames();
        while (headers.hasMoreElements()) {
            String hdr = headers.nextElement();
            if (!PROXY_REQUEST_HEADERS.contains(hdr) && !IGNORABLE_PROXY_REQUEST_HEADERS.contains(hdr)) {
                ZimbraLog.dav.debug("Dropping header(s) with name [%s] from proxy request (not in PROXY_REQUEST_HEADERS)", hdr);
            }
        }
    }
    for (String h : PROXY_REQUEST_HEADERS) {
        String hval = ctxt.getRequest().getHeader(h);
        if (hval != null) {
            method.addRequestHeader(h, hval);
        }
    }
    int statusCode = HttpClientUtil.executeMethod(client, method);
    if (ZimbraLog.dav.isDebugEnabled()) {
        for (Header hval : method.getResponseHeaders()) {
            String hdrName = hval.getName();
            if (!PROXY_RESPONSE_HEADERS.contains(hdrName) && !IGNORABLE_PROXY_RESPONSE_HEADERS.contains(hdrName)) {
                ZimbraLog.dav.debug("Dropping header [%s] from proxy response (not in PROXY_RESPONSE_HEADERS)", hval);
            }
        }
    }
    for (String h : PROXY_RESPONSE_HEADERS) {
        for (Header hval : method.getResponseHeaders(h)) {
            String hdrValue = hval.getValue();
            if (DavProtocol.HEADER_LOCATION.equals(h)) {
                int pfxLastSlashPos = prefix.lastIndexOf('/');
                int lastSlashPos = hdrValue.lastIndexOf('/');
                if ((lastSlashPos > 0) && (pfxLastSlashPos > 0)) {
                    hdrValue = prefix.substring(0, pfxLastSlashPos) + hdrValue.substring(lastSlashPos);
                    ZimbraLog.dav.debug("Original [%s] from proxy response new value '%s'", hval, hdrValue);
                }
            }
            ctxt.getResponse().addHeader(h, hdrValue);
        }
    }
    ctxt.getResponse().setStatus(statusCode);
    ctxt.setStatus(statusCode);
    try (InputStream in = method.getResponseBodyAsStream()) {
        switch(statusCode) {
            case DavProtocol.STATUS_MULTI_STATUS:
                // rewrite the <href> element in the response to point to local mountpoint.
                try {
                    Document response = W3cDomUtil.parseXMLToDom4jDocUsingSecureProcessing(in);
                    Element top = response.getRootElement();
                    for (Object responseObj : top.elements(DavElements.E_RESPONSE)) {
                        if (!(responseObj instanceof Element)) {
                            continue;
                        }
                        Element href = ((Element) responseObj).element(DavElements.E_HREF);
                        String v = href.getText();
                        v = URLDecoder.decode(v);
                        // Bug:106438, because v contains URL encoded value(%40) for '@' the comparison fails
                        if (v.startsWith(newPrefix)) {
                            href.setText(prefix + v.substring(newPrefix.length() + 1));
                        }
                    }
                    if (ZimbraLog.dav.isDebugEnabled()) {
                        ZimbraLog.dav.debug("PROXY RESPONSE:\n%s", new String(DomUtil.getBytes(response), "UTF-8"));
                    }
                    DomUtil.writeDocumentToStream(response, ctxt.getResponse().getOutputStream());
                    ctxt.responseSent();
                } catch (XmlParseException e) {
                    ZimbraLog.dav.warn("proxy request failed", e);
                    return false;
                }
                break;
            default:
                if (in != null) {
                    ByteUtil.copy(in, true, ctxt.getResponse().getOutputStream(), false);
                }
                ctxt.responseSent();
                break;
        }
        return true;
    }
}

Example 85 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class FilterUtil method getRemoteZMailbox.

/**
     * Returns a <tt>ZMailbox</tt> for the remote mailbox referenced by the given
     * <tt>Mountpoint</tt>.
     */
public static ZMailbox getRemoteZMailbox(Mailbox localMbox, Mountpoint mountpoint) throws ServiceException {
    // Get auth token
    AuthToken authToken = null;
    OperationContext opCtxt = localMbox.getOperationContext();
    if (opCtxt != null) {
        authToken = AuthToken.getCsrfUnsecuredAuthToken(opCtxt.getAuthToken());
    }
    if (authToken == null) {
        authToken = AuthProvider.getAuthToken(localMbox.getAccount());
    }
    // Get ZMailbox
    Account account = Provisioning.getInstance().get(AccountBy.id, mountpoint.getOwnerId());
    ZMailbox.Options zoptions = new ZMailbox.Options(authToken.toZAuthToken(), AccountUtil.getSoapUri(account));
    zoptions.setNoSession(true);
    zoptions.setTargetAccount(account.getId());
    zoptions.setTargetAccountBy(AccountBy.id);
    return ZMailbox.getMailbox(zoptions);
}