ZP-548 #comment Autodiscover does not work for Android stock client, WARN if...

ZP-548 #comment Autodiscover does not work for Android stock client, WARN if the auth user doesn't match email address in the XML request git-svn-id: https://z-push.org/svn/z-push/trunk@1906 b7dd7b3b-3a3c-0410-9da9-bee62a6cc5b5

ZP-548 #comment Autodiscover does not work for Android stock client, WARN if...
ZP-548 #comment Autodiscover does not work for Android stock client, WARN if the auth user doesn't match email address in the XML request git-svn-id: https://z-push.org/svn/z-push/trunk@1906 b7dd7b3b-3a3c-0410-9da9-bee62a6cc5b5
197896f6 · mku · f3739f07 · 197896f6
Commit 197896f6 authored Aug 27, 2014 by mku
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 6 deletions

autodiscover.php src/autodiscover/autodiscover.php +8 -6

No files found.
--- a/src/autodiscover/autodiscover.php
+++ b/src/autodiscover/autodiscover.php
@@ -104,7 +104,7 @@ class ZPushAutodiscover {
        try {
            $incomingXml = $this->getIncomingXml();
            $backend = ZPush::GetBackend();
-            $username = $this->login($backend);
+            $username = $this->login($backend, $incomingXml);
            $userFullname = $backend->GetUserFullname($username);
            ZLog::Write(LOGLEVEL_WBXML, sprintf("Resolved user's '%s' fullname to '%s'", $username, $userFullname));
            $response = $this->createResponse($incomingXml->Request->EMailAddress, $userFullname);
@@ -154,8 +154,9 @@ class ZPushAutodiscover {
            throw new FatalException('Invalid input XML: no email address.');
        }

-        if ($xml->Request->EMailAddress != $_SERVER['PHP_AUTH_USER']) {
-            throw new FatalException('Autodiscover is supported only for the auth user.');
+        if (Utils::GetLocalPartFromEmail($xml->Request->EMailAddress) != Utils::GetLocalPartFromEmail($_SERVER['PHP_AUTH_USER'])) {
+            ZLog::Write(LOGLEVEL_WARN, sprintf("The local part of the server auth user is different from the local part in the XML request ('%s' != '%s')",
+                Utils::GetLocalPartFromEmail($xml->Request->EMailAddress), Utils::GetLocalPartFromEmail($_SERVER['PHP_AUTH_USER'])));
        }

        if (!isset($xml->Request->AcceptableResponseSchema)) {
@@ -175,21 +176,22 @@ class ZPushAutodiscover {
     * Logins using the backend's Logon function.
     *
     * @param IBackend $backend
+     * @param String $incomingXml
     * @access private
     * @throws AuthenticationRequiredException if no login data was sent.
     *
     * @return string $username
     */
-    private function login($backend) {
+    private function login($backend, $incomingXml) {
        // Determine the login name depending on the configuration: complete email address or
        // the local part only.
        if (USE_FULLEMAIL_FOR_LOGIN) {
            ZLog::Write(LOGLEVEL_DEBUG, sprintf("Using the complete email address for login."));
-            $username = $_SERVER['PHP_AUTH_USER'];
+            $username = $incomingXml->Request->EMailAddress;
        }
        else{
            ZLog::Write(LOGLEVEL_DEBUG, sprintf("Using the username only for login."));
-            $username = Utils::GetLocalPartFromEmail($_SERVER['PHP_AUTH_USER']);
+            $username = Utils::GetLocalPartFromEmail($incomingXml->Request->EMailAddress);
        }

        if($backend->Logon($username, "", $_SERVER['PHP_AUTH_PW']) == false) {