AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added SMTP Provider and the ability to share OAUTH keys with IMAP for M365 Mail Auth

This commit is contained in:
johnnyq 2025-09-15 17:23:00 -04:00
parent 902323a75b
commit dc0715da57
7 changed files with 220 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
admin/database_updates.php
View File

@ -3984,10 +3984,19 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.3'");
}
// if (CURRENT_DATABASE_VERSION == '2.3.3') {
// // Insert queries here required to update to DB version 2.3.3
if (CURRENT_DATABASE_VERSION == '2.3.3') {
mysqli_query($mysqli, "ALTER TABLE settings
ADD `config_smtp_provider` ENUM('standard_smtp','google_oauth','microsoft_oauth') NULL DEFAULT NULL AFTER `config_start_page`
");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.4'");
}
// if (CURRENT_DATABASE_VERSION == '2.3.4') {
// // Insert queries here required to update to DB version 2.3.4
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.4'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.5'");
// }
} else {

123
admin/post/settings_mail.php
View File

@ -6,15 +6,37 @@ if (isset($_POST['edit_mail_smtp_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_smtp_provider = sanitizeInput($_POST['config_smtp_provider'] ?? 'standard_smtp');
$config_smtp_host = sanitizeInput($_POST['config_smtp_host']);
$config_smtp_port = intval($_POST['config_smtp_port']);
$config_smtp_port = intval($_POST['config_smtp_port'] ?? 0);
$config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']);
$config_smtp_username = sanitizeInput($_POST['config_smtp_username']);
$config_smtp_password = sanitizeInput($_POST['config_smtp_password']);
mysqli_query($mysqli,"UPDATE settings SET config_smtp_host = '$config_smtp_host', config_smtp_port = $config_smtp_port, config_smtp_encryption = '$config_smtp_encryption', config_smtp_username = '$config_smtp_username', config_smtp_password = '$config_smtp_password' WHERE company_id = 1");
// Shared OAuth fields
$config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']);
$config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']);
$config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']);
$config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']);
$config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']);
logAction("Settings", "Edit", "$session_name edited SMTP mail settings");
mysqli_query($mysqli, "
UPDATE settings SET
config_smtp_provider = " . ($config_smtp_provider === 'none' ? "NULL" : "'$config_smtp_provider'") . ",
config_smtp_host = '$config_smtp_host',
config_smtp_port = $config_smtp_port,
config_smtp_encryption = '$config_smtp_encryption',
config_smtp_username = '$config_smtp_username',
config_smtp_password = '$config_smtp_password',
config_mail_oauth_client_id = '$config_mail_oauth_client_id',
config_mail_oauth_client_secret = '$config_mail_oauth_client_secret',
config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id',
config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token',
config_mail_oauth_access_token = '$config_mail_oauth_access_token'
WHERE company_id = 1
");
logAction("Settings", "Edit", "$session_name edited SMTP settings");
flash_alert("SMTP Mail Settings updated");
@ -26,91 +48,42 @@ if (isset($_POST['edit_mail_imap_settings'])) {
validateCSRFToken($_POST['csrf_token']);
// Provider ('' -> NULL allowed)
$config_imap_provider = sanitizeInput($_POST['config_imap_provider']);
$allowed_providers = ['standard_imap','google_oauth','microsoft_oauth'];
if ($config_imap_provider !== '' && !in_array($config_imap_provider, $allowed_providers, true)) {
$config_imap_provider = 'standard_imap'; // fallback
}
// Standard IMAP fields (kept for all providers; OAuth still needs these endpoints)
$config_imap_provider = sanitizeInput($_POST['config_imap_provider'] ?? 'standard_imap');
$config_imap_host = sanitizeInput($_POST['config_imap_host']);
$config_imap_port = (int) sanitizeInput($_POST['config_imap_port']);
$config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']); // '', 'tls', 'ssl'
$config_imap_port = intval($_POST['config_imap_port'] ?? 0);
$config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']);
$config_imap_username = sanitizeInput($_POST['config_imap_username']);
$config_imap_password = sanitizeInput($_POST['config_imap_password']); // ignored if OAuth selected
$config_imap_password = sanitizeInput($_POST['config_imap_password']);
// Shared OAuth fields (may or may not be present in your form yet)
// Shared OAuth fields
$config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']);
$config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']);
$config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']); // M365 only; harmless to keep when Google
$config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']);
$config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']);
$config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']); // optional manual paste
$config_mail_oauth_access_token_expires_at = sanitizeInput($_POST['config_mail_oauth_access_token_expires_at']); // 'YYYY-mm-dd HH:ii:ss' optional
$config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']);
// If provider is not OAuth, purge OAuth values on save
$is_oauth = ($config_imap_provider === 'google_oauth' || $config_imap_provider === 'microsoft_oauth');
// Detect refresh token change to invalidate access token cache
// (Relies on $config_mail_oauth_refresh_token loaded earlier with settings)
$refresh_changed = false;
if ($is_oauth) {
$prev_refresh = isset($config_mail_oauth_refresh_token_current) ? $config_mail_oauth_refresh_token_current : ($config_mail_oauth_refresh_token ?? '');
// If you already load settings into $config_mail_oauth_refresh_token, use that:
if (isset($config_mail_oauth_refresh_token)) {
$prev_refresh = $config_mail_oauth_refresh_token;
}
$refresh_changed = ($config_mail_oauth_refresh_token !== '' && $config_mail_oauth_refresh_token !== $prev_refresh)
|| ($config_mail_oauth_refresh_token === '' && $prev_refresh !== '');
}
// If OAuth refresh changed or provider just switched to non-OAuth, clear access token values
if (!$is_oauth || $refresh_changed) {
$config_mail_oauth_access_token = '';
$config_mail_oauth_access_token_expires_at = '';
}
// Helper for NULL / quoted values
$q = fn($v) => ($v !== '' ? "'" . mysqli_real_escape_string($mysqli, $v) . "'" : "NULL");
// Build UPDATE with correct NULL handling
$sql = "
mysqli_query($mysqli, "
UPDATE settings SET
config_imap_provider = " . ($config_imap_provider !== '' ? $q($config_imap_provider) : "NULL") . ",
config_imap_host = " . $q($config_imap_host) . ",
config_imap_port = " . (int)$config_imap_port . ",
config_imap_encryption = " . $q($config_imap_encryption) . ",
config_imap_username = " . $q($config_imap_username) . ",
config_imap_password = " . ($is_oauth ? "NULL" : $q($config_imap_password)) . ",
-- Shared OAuth fields (kept even if provider is Google or Microsoft; NULL if not used)
config_mail_oauth_client_id = " . ($is_oauth ? $q($config_mail_oauth_client_id) : "NULL") . ",
config_mail_oauth_client_secret = " . ($is_oauth ? $q($config_mail_oauth_client_secret) : "NULL") . ",
config_mail_oauth_tenant_id = " . ($is_oauth ? $q($config_mail_oauth_tenant_id) : "NULL") . ",
config_mail_oauth_refresh_token = " . ($is_oauth ? $q($config_mail_oauth_refresh_token) : "NULL") . ",
config_mail_oauth_access_token = " . ($is_oauth ? $q($config_mail_oauth_access_token) : "NULL") . ",
config_mail_oauth_access_token_expires_at = " . ($is_oauth ? $q($config_mail_oauth_access_token_expires_at) : "NULL") . "
config_imap_provider = " . ($config_imap_provider === 'none' ? "NULL" : "'$config_imap_provider'") . ",
config_imap_host = '$config_imap_host',
config_imap_port = $config_imap_port,
config_imap_encryption = '$config_imap_encryption',
config_imap_username = '$config_imap_username',
config_imap_password = '$config_imap_password',
config_mail_oauth_client_id = '$config_mail_oauth_client_id',
config_mail_oauth_client_secret = '$config_mail_oauth_client_secret',
config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id',
config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token',
config_mail_oauth_access_token = '$config_mail_oauth_access_token'
WHERE company_id = 1
";
");
mysqli_query($mysqli, $sql);
logAction("Settings", "Edit", "$session_name edited IMAP settings");
logAction("Settings", "Edit", "$session_name edited IMAP/OAuth mail settings");
// Friendly hint about what was saved
if ($config_imap_provider === '') {
flash_alert("IMAP monitoring disabled (provider not configured).");
} elseif ($config_imap_provider === 'standard_imap') {
flash_alert("IMAP settings updated (standard username/password).");
} elseif ($config_imap_provider === 'google_oauth') {
flash_alert("IMAP settings updated for Google Workspace (OAuth).");
} elseif ($config_imap_provider === 'microsoft_oauth') {
flash_alert("IMAP settings updated for Microsoft 365 (OAuth).");
} else {
flash_alert("IMAP settings updated.");
}
flash_alert("IMAP Mail Settings updated");
redirect();
}
if (isset($_POST['edit_mail_from_settings'])) {

110
admin/settings_mail.php
View File

@ -10,6 +10,28 @@ require_once "includes/inc_all_admin.php";
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<!-- SMTP Provider -->
<div class="form-group">
<label>SMTP Provider</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cloud"></i></span>
</div>
<select class="form-control" name="config_smtp_provider" id="config_smtp_provider">
<option value="none" <?php if(($config_smtp_provider ?? '')==='none' || ($config_smtp_provider ?? '')==='') echo 'selected'; ?>>None (Disabled)</option>
<option value="standard_smtp" <?php if(($config_smtp_provider ?? 'standard_smtp')==='standard_smtp') echo 'selected'; ?>>Standard SMTP (Username/Password)</option>
<option value="google_oauth" <?php if(($config_smtp_provider ?? '')==='google_oauth') echo 'selected'; ?>>Google Workspace (OAuth)</option>
<option value="microsoft_oauth" <?php if(($config_smtp_provider ?? '')==='microsoft_oauth') echo 'selected'; ?>>Microsoft 365 (OAuth)</option>
</select>
</div>
<small class="text-secondary d-block mt-1" id="smtp_provider_hint">
Choose your SMTP provider. OAuth options ignore the SMTP password here.
</small>
</div>
<!-- Standard SMTP fields (show only for standard_smtp) -->
<div id="smtp_standard_fields">
<div class="form-group">
<label>SMTP Host</label>
<div class="input-group">
@ -54,6 +76,7 @@ require_once "includes/inc_all_admin.php";
</div>
</div>
<div class="form-group" id="smtp_password_group">
<div class="form-group">
<label>SMTP Password</label>
<div class="input-group">
@ -66,6 +89,9 @@ require_once "includes/inc_all_admin.php";
</div>
</div>
</div>
</div>
</div>
<hr>
@ -159,9 +185,10 @@ require_once "includes/inc_all_admin.php";
</div>
</div>
<div id="oauth_fields" style="display:none;">
<!-- OAuth shared fields (show for google_oauth / microsoft_oauth) -->
<div id="smtp_oauth_fields" style="display:none;">
<hr>
<h5 class="mb-2">OAuth Settings</h5>
<h5 class="mb-2">OAuth Settings (shared for IMAP & SMTP)</h5>
<p class="text-secondary" id="oauth_hint">
Configure OAuth credentials for the selected provider.
</p>
@ -403,64 +430,65 @@ require_once "includes/inc_all_admin.php";
<script>
(function(){
const sel = document.getElementById('config_imap_provider');
const pwdGrp = document.getElementById('imap_password_group');
const oauthWrap = document.getElementById('oauth_fields');
const standardWrap = document.getElementById('standard_fields');
const tenantRow = document.getElementById('tenant_row');
const oauthHint = document.getElementById('oauth_hint');
const providerHint = document.getElementById('imap_provider_hint');
function setDisabled(container, disabled){
if(!container) return;
container.querySelectorAll('input, select, textarea').forEach(el => {
el.disabled = !!disabled;
});
container.querySelectorAll('input, select, textarea').forEach(el => el.disabled = !!disabled);
}
function toggleFields(){
if(!sel) return;
const v = sel.value || '';
const isNone = v === '';
const isStd = v === 'standard_imap';
function wireProvider(selectId, standardWrapId, passwordGroupId, oauthWrapId, tenantRowId, hintId, oauthHintId){
const sel = document.getElementById(selectId);
const std = document.getElementById(standardWrapId);
const pwd = document.getElementById(passwordGroupId);
const oauth = document.getElementById(oauthWrapId);
const ten = document.getElementById(tenantRowId);
const hint = document.getElementById(hintId);
const ohint = document.getElementById(oauthHintId);
function toggle(){
const v = (sel && sel.value) || '';
const isNone = (v === 'none' || v === '');
const isStd = v === 'standard_smtp' || v === 'standard_imap';
const isG = v === 'google_oauth';
const isM = v === 'microsoft_oauth';
const isOAuth = isG || isM;
// Show/hide containers
if (pwdGrp) pwdGrp.style.display = isStd ? '' : 'none';
if (oauthWrap) oauthWrap.style.display = isOAuth ? '' : 'none';
if (standardWrap) standardWrap.style.display = isStd ? '' : 'none';
if (tenantRow) tenantRow.style.display = isM ? '' : 'none';
if (std) std.style.display = isStd ? '' : 'none';
if (pwd) pwd.style.display = isStd ? '' : 'none';
if (oauth) oauth.style.display = isOAuth ? '' : 'none';
if (ten) ten.style.display = isM ? '' : 'none';
// Disable inputs inside hidden sections to avoid accidental submission
setDisabled(pwdGrp, !isStd);
setDisabled(standardWrap, !isStd);
setDisabled(oauthWrap, !isOAuth);
setDisabled(std, !isStd);
setDisabled(pwd, !isStd);
setDisabled(oauth, !isOAuth);
// Update hints
if (providerHint) {
providerHint.textContent = isNone
? 'Choose a provider to reveal the relevant settings.'
if (hint) {
hint.textContent = isNone
? 'Disabled.'
: isStd
? 'Standard IMAP: provide host, port, encryption, username, and password.'
? 'Standard: provide host, port, encryption, username & password.'
: isG
? 'Google Workspace OAuth: provide Client ID & Secret; paste the refresh token; username should be the mailbox address.'
: 'Microsoft 365 OAuth: provide Client ID, Secret & Tenant ID; paste the refresh token; username should be the mailbox address.';
? 'Google OAuth: set Client ID/Secret; paste a refresh token; username should be the mailbox email.'
: 'Microsoft 365 OAuth: set Client ID/Secret/Tenant; paste a refresh token; username should be the mailbox email.';
}
if (oauthHint) {
oauthHint.textContent = isG
? 'Google Workspace OAuth: Client ID & Secret from Google Cloud; Refresh token generated via OAuth consent.'
if (ohint) {
ohint.textContent = isG
? 'Google Workspace OAuth: Client ID/Secret from Google Cloud; Refresh token via consent.'
: isM
? 'Microsoft 365 OAuth: Client ID, Secret & Tenant ID from Entra ID; Refresh token generated via OAuth consent.'
? 'Microsoft 365 OAuth: Client ID/Secret/Tenant from Entra ID; Refresh token via consent.'
: 'Configure OAuth credentials for the selected provider.';
}
}
if (sel) {
sel.addEventListener('change', toggleFields);
toggleFields();
if (sel) { sel.addEventListener('change', toggle); toggle(); }
}
// IMAP (you already have these IDs in your page)
wireProvider('config_imap_provider', 'standard_fields', 'imap_password_group',
'oauth_fields', 'tenant_row', 'imap_provider_hint', 'oauth_hint');
// SMTP (the IDs we just added)
wireProvider('config_smtp_provider', 'smtp_standard_fields', 'smtp_password_group',
'smtp_oauth_fields', 'smtp_tenant_row', 'smtp_provider_hint', 'smtp_oauth_hint');
})();
</script>

3
db.sql
View File

@ -1981,6 +1981,7 @@ CREATE TABLE `settings` (
`company_id` int(11) NOT NULL,
`config_current_database_version` varchar(10) NOT NULL,
`config_start_page` varchar(200) DEFAULT 'clients.php',
`config_smtp_provider` enum('standard_smtp','google_oauth','microsoft_oauth') DEFAULT NULL,
`config_smtp_host` varchar(200) DEFAULT NULL,
`config_smtp_port` int(5) DEFAULT NULL,
`config_smtp_encryption` varchar(200) DEFAULT NULL,
@ -2765,4 +2766,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2025-09-12 15:55:31
-- Dump completed on 2025-09-15 17:22:23

20
functions.php
View File

@ -7,10 +7,13 @@ DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
require_once "plugins/PHPMailer/src/Exception.php";
require_once "plugins/PHPMailer/src/PHPMailer.php";
require_once "plugins/PHPMailer/src/SMTP.php";
require_once "plugins/PHPMailer/src/OAuthTokenProvider.php";
require_once "plugins/PHPMailer/src/OAuth.php";
// Initiate PHPMailer
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\OAuthTokenProvider;
// Function to generate both crypto & URL safe random strings
function randomString($length = 16) {
@ -688,6 +691,23 @@ function validateAccountantRole() {
}
}
/**
* Minimal token provider for PHPMailer XOAUTH2 without external deps.
*/
class StaticTokenProvider implements OAuthTokenProvider {
private $email;
private $accessToken;
public function __construct(string $email, string $accessToken) {
$this->email = $email;
$this->accessToken = $accessToken;
}
public function getOauth64(): string {
// XOAUTH2 SASL string: "user=<email>\x01auth=Bearer <token>\x01\x01"
$authString = "user={$this->email}\x01auth=Bearer {$this->accessToken}\x01\x01";
return base64_encode($authString);
}
}
// Send a single email to a single recipient
function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, $from_email, $from_name, $to_email, $to_name, $subject, $body, $ics_str)
{

2
includes/database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "2.3.3");
DEFINE("LATEST_DATABASE_VERSION", "2.3.4");

1
includes/load_global_settings.php
View File

@ -12,6 +12,7 @@ $config_azure_client_id = $row['config_azure_client_id'];
$config_azure_client_secret = $row['config_azure_client_secret'];
// Mail - SMTP
$config_smtp_provider = $row['config_smtp_provider'];
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];