From 949efcf5371efe6f2ca378402ec8bc3735454e49 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 3 Nov 2021 19:16:37 +0100 Subject: [PATCH] prevent endless redirect loop on nginx failure --- webmails/roundcube/mailu.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/webmails/roundcube/mailu.php b/webmails/roundcube/mailu.php index db117faa..2f2bbe41 100644 --- a/webmails/roundcube/mailu.php +++ b/webmails/roundcube/mailu.php @@ -24,9 +24,15 @@ class mailu extends rcube_plugin function authenticate($args) { if (!array_key_exists('HTTP_X_REMOTE_USER', $_SERVER) or !array_key_exists('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) { - header('Location: sso.php'); + if ($_SERVER['PHP_SELF'] == '/sso.php') { + header('HTTP/1.0 403 Forbidden'); + print('mailu sso failure'); + } else { + header('Location: sso.php'); + } exit(); } + $args['user'] = $_SERVER['HTTP_X_REMOTE_USER']; $args['pass'] = $_SERVER['HTTP_X_REMOTE_USER_TOKEN']; @@ -36,13 +42,13 @@ class mailu extends rcube_plugin return $args; } - function logout($args) { - // Redirect to global SSO logout path. + // Redirect to global SSO logout path. + function logout($args) + { $this->load_config(); - $sso_logout_url = rcmail::get_instance()->config->get('sso_logout_url'); - header("Location: " . $sso_logout_url, true); - exit; + header('Location: ' . $sso_logout_url, true); + exit(); } function login($args) @@ -50,15 +56,16 @@ class mailu extends rcube_plugin header('Location: index.php'); exit(); } + function login_failed($args) { $ua = $_SERVER['HTTP_USER_AGENT']; $ra = $_SERVER['REMOTE_ADDR']; if ($ua == 'health' and ($ra == '127.0.0.1' or $ra == '::1')) { - echo "OK"; - exit; + print('OK'); + } else { + header('Location: sso.php'); } - header('Location: sso.php'); exit(); }