Skip to content

feat(provisioning): Add support for Dovecot master user authentication#12442

Draft
kesselb wants to merge 12 commits intomainfrom
local-add-masteruser
Draft

feat(provisioning): Add support for Dovecot master user authentication#12442
kesselb wants to merge 12 commits intomainfrom
local-add-masteruser

Conversation

@kesselb
Copy link
Contributor

@kesselb kesselb commented Feb 17, 2026

Local copy of #12306 with conflicts resolved

Timo Nieminen and others added 11 commits February 17, 2026 18:23
@kesselb
feat(provisioning): Add support for Dovecot master user authentication
5db4d04 
Signed-off-by: Timo Nieminen <timo.nieminen@tnnet.fi>
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
d85b9c6 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
db13be6 
…tication
@kesselb
fix(provisioning): Flag port as faulty instead of host
507857f 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
332dd28 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
7b9191f 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
ba82449 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
df3627d 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
f7a0068 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
2a222c6 
…tication
@kesselb
fixup! feat(provisioning): Add support for Dovecot master user authen…
ba3e097 
…tication
@kesselb kesselb mentioned this pull request Feb 17, 2026
Open
kesselb
kesselb commented Feb 17, 2026
View reviewed changes
lib/Db/Provisioning.php
'smtpSslMode' => $this->getSmtpSslMode(),
'masterPasswordEnabled' => $this->getMasterPasswordEnabled(),
'masterPassword' => !empty($this->getMasterPassword()) ? self::MASTER_PASSWORD_PLACEHOLDER : null,
'masterUser' => $this->getMasterUser(),
Copy link
Contributor Author

@kesselb kesselb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The initial PR flagged the master user as confidential (like the masterPasword). The username doesn't sound too critical to me, so I've dropped it.

kesselb
kesselb commented Feb 17, 2026
View reviewed changes
lib/Db/ProvisioningMapper.php
}
if (!isset($data['imapPort']) || (int)$data['imapPort'] === 0) {
$exception->setField('imapHost', false);
$exception->setField('imapPort', false);
Copy link
Contributor Author

@kesselb kesselb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated, yet I fixed it while on it. It's extra commit; we can pull that out if necessary.

kesselb
kesselb commented Feb 17, 2026
View reviewed changes
lib/Db/ProvisioningMapper.php
$masterPasswordEnabled = (bool)($data['masterPasswordEnabled'] ?? false);
$masterPassword = $data['masterPassword'] ?? '';
$masterUser = $data['masterUser'] ?? '';
$masterUserSeparator = $data['masterUserSeparator'] ?? '';
Copy link
Contributor Author

@kesselb kesselb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The initial PR had a check "if masterUser not empty, and masterUser is not the placeholder, and masterPasswordEnabled is false", then make masterPasswordEnabled required.

I've reworked it to only show the inputs for password, username, and separator when the checkbox is toggled.

Backend-wise, the validation should follow the checkbox. If master password enabled, then we need a password. If non-empty username is given, also the separator is needed.

In addition, the current values are now cleared if the master password is disabled.

kesselb
kesselb commented Feb 17, 2026
View reviewed changes
lib/IMAP/IMAPClientFactory.php
if ($provisioningId !== null) {
$provisioning = $this->provisioningMapper->get($provisioningId);
if ($provisioning !== null && !empty($provisioning->getMasterUser())) {
$separator = $provisioning->getMasterUserSeparator() ?? '*';
Copy link
Contributor Author

@kesselb kesselb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ChristophWurst if $provisioning = null, throw (like for oauth)?

kesselb
kesselb commented Feb 17, 2026
View reviewed changes
lib/IMAP/IMAPClientFactory.php
$provisioning = $this->provisioningMapper->get($provisioningId);
if ($provisioning !== null && !empty($provisioning->getMasterUser())) {
$separator = $provisioning->getMasterUserSeparator() ?? '*';
$user = $user . $separator . $provisioning->getMasterUser();
Copy link
Contributor Author

@kesselb kesselb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ChristophWurst wdyt about moving that logic to a trait?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst ChristophWurst will be requested when the pull request is marked ready for review ChristophWurst is a code owner

@GretaD GretaD Awaiting requested review from GretaD GretaD will be requested when the pull request is marked ready for review GretaD is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kesselb

Comments