Add kolab_chat_session_domain option

2018-09-10 11:46:13 +02:00 · 2018-09-10 11:46:13 +02:00 · 85cf38adc0
commit 85cf38adc0
parent 1e8d83738c
2 changed files with 29 additions and 7 deletions
--- a/plugins/kolab_chat/config.inc.php.dist
+++ b/plugins/kolab_chat/config.inc.php.dist
@ -8,7 +8,6 @@
    as in the Kolab server. Thanks to this we can auto-login users.
  1. It has to use the same domain, if it's using different we have to use a proxy:
    Following Apache config worked for me with kolab_chat_url=https://kolab.example.com/mattermost
-    Note: This should be simpler with Mattermost 5.1 (to be released soon).

    ProxyPreserveHost Off
    RewriteEngine On
@ -17,11 +16,12 @@
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule (/mattermost)?(/api/v[0-9]+/(users/)?websocket) ws://mattermost.example.com:8065$2 [P,QSA,L]
    ProxyPass         /mattermost http://mattermost.example.com:8065
-    ProxyPass         /static http://mattermost.example.com:8065/static
-    ProxyPass         /help http://mattermost.example.com:8065/help
-    ProxyPass         /api http://mattermost.example.com:8065/api

-  2. Enabling CORS connections in Mattermost config: AllowCorsFrom:"*"
+    // replace Mattermost security headers allowing the webmail domain
+    Header set X-Frame-Options "allow-from https://webmail.example.com";
+    Header set Content-Security-Policy "frame-ancestors https://webmail.example.com";
+
+  2. Enabling CORS connections in Mattermost config: AllowCorsFrom:"webmail.example.com" (or "*")
 */

 // Chat application name. For now only 'mattermost' is supported.
@ -30,6 +30,9 @@ $config['kolab_chat_driver'] = 'mattermost';
 // Chat application URL
 $config['kolab_chat_url'] = 'https://mattermost.example.com';

+// Optional chat application domain (for session cookies)
+$config['kolab_chat_session_domain'] = null;
+
 // Enables opening chat in a new window (or tab)
 $config['kolab_chat_extwin'] = false;

--- a/plugins/kolab_chat/drivers/mattermost.php
+++ b/plugins/kolab_chat/drivers/mattermost.php
@ -85,8 +85,8 @@ class kolab_chat_mattermost
            $this->plugin->add_label('openchat', 'directmessage', 'mentionmessage');
        }
        else if ($this->get_token()) {
-            rcube_utils::setcookie('MMUSERID', $_SESSION['mattermost'][0], 0, false);
-            rcube_utils::setcookie('MMAUTHTOKEN', $_SESSION['mattermost'][1], 0, false);
+            $this->setcookie('MMUSERID', $_SESSION['mattermost'][0]);
+            $this->setcookie('MMAUTHTOKEN', $_SESSION['mattermost'][1]);
        }
    }

@ -336,4 +336,23 @@ class kolab_chat_mattermost
            }
        }
    }
+
+    /**
+     * Set mattermost session cookies
+     */
+    protected function setcookie($name, $value)
+    {
+        if (headers_sent()) {
+            return;
+        }
+
+        $cookie = session_get_cookie_params();
+        $secure = $cookie['secure'] || self::https_check();
+
+        if ($domain = $this->rc->config->get('kolab_chat_session_domain')) {
+            $cookie['domain'] = $domain;
+        }
+
+        setcookie($name, $value, 0, $cookie['path'], $cookie['domain'], $secure, false);
+    }
 }