index.js
'use strict';
exports.register = function () {
const plugin = this;
try {
plugin.imap = require('imap');
}
catch (ignore) {}
if (!plugin.imap) {
plugin.logerror('imap library not found, try \'npm -g install imap\' or \'npm install imap\' in your configuration directory to install it');
return;
}
plugin.inherits('auth/auth_base');
plugin.load_imap_ini();
};
exports.load_imap_ini = function () {
const plugin = this;
plugin.cfg = plugin.config.get('auth_imap.ini', {
booleans: [
'-main.tls',
'-main.rejectUnauthorized'
],
},
function () {
plugin.load_imap_ini();
});
};
exports.hook_capabilities = function (next, connection) {
// Don't offer AUTH capabilities by default unless session is encrypted
if (connection.tls.enabled) {
const methods = ['PLAIN', 'LOGIN'];
connection.capabilities.push(`AUTH ${ methods.join(' ')}`);
connection.notes.allowed_auth_methods = methods;
}
next();
};
const ca_cache = {}
exports.check_plain_passwd = function (connection, user, passwd, cb) {
const plugin = this;
let trace_imap = false;
const domain = (user.split('@'))[1];
let sect = plugin.cfg.main;
let section_name = 'main';
if (domain && plugin.cfg[domain]) {
sect = plugin.cfg[domain];
section_name = domain;
}
const config = {
user,
password: passwd,
host: 'localhost',
port: 143,
tls: sect.tls,
tlsOptions: {
rejectUnauthorized: sect.rejectUnauthorized
}
};
if (sect.trace_imap == 'true') {
trace_imap = true;
config.debug = function (info) {
connection.logdebug(plugin, info);
}
}
if (sect.host) {
config.host = sect.host;
}
if (sect.port) {
config.port = sect.port;
}
if (sect.ca) {
if (!ca_cache[section_name]) {
ca_cache[section_name] = require('fs').readFileSync(sect.ca);
}
config.tlsOptions.ca = [ca_cache[section_name]];
}
if (sect.connTimeout) {
config.connTimeout = parseInt(sect.connTimeout, 10);
}
if (sect.authTimeout) {
config.authTimeout = parseInt(sect.authTimeout, 10);
}
if (sect.users) {
if (sect.users.split(/\s*,\s*/).indexOf((user.split('@'))[0]) < 0) {
connection.loginfo(plugin, `AUTH user="${ user
}" is not allowed to authenticate by imap`
);
return cb(false);
}
}
const client = new plugin.imap(config);
let message = `section="${ section_name }" host="${
config.host }" port="${ config.port }" tls=${ config.tls}`;
if (config.tlsOptions) {
message += ` rejectUnauthorized=${ config.tlsOptions
.rejectUnauthorized}`;
}
if (config.connTimeout) {
message += ` connTimeout=${ config.connTimeout}`;
}
if (config.authTimeout) {
message += ` authTimeout=${ config.authTimeout}`;
}
connection.logdebug(plugin, message);
client.once('ready', function () {
connection.loginfo(plugin, `AUTH user="${ user
}" success=true`);
if (trace_imap) {
connection.logdebug(plugin, client);
}
client.end();
return cb(true);
});
client.once('error', function (err) {
connection.loginfo(plugin, `AUTH user="${ user
}" success=false error="${ err.message }"`);
if (trace_imap) {
connection.logdebug(plugin, client);
}
return cb(false);
});
client.connect();
};