Merge pull request #378 in ZP/z-push from...

Merge pull request #378 in ZP/z-push from ~C0D3Z3R0/z-push:bugfix/ZP-1056-authorization-encoding to bugfix/ZP-1056-authorization-conversion-not-working * commit '2bdede8b': ZP-1056 Fix authorization encoding and also add it to autodiscover. Released under the Affero GNU General Public License (AGPL) version 3.

Merge pull request #378 in ZP/z-push from...
Merge pull request #378 in ZP/z-push from ~C0D3Z3R0/z-push:bugfix/ZP-1056-authorization-encoding to bugfix/ZP-1056-authorization-conversion-not-working * commit '2bdede8b': ZP-1056 Fix authorization encoding and also add it to autodiscover. Released under the Affero GNU General Public License (AGPL) version 3.
d98f86c2 · Sebastian Kummer · ba8eb4ec · 2bdede8b · d98f86c2 · d98f86c2
Commit d98f86c2 authored Oct 14, 2016 by Sebastian Kummer
Show whitespace changes
Inline Side-by-side

Showing with 52 additions and 21 deletions

autodiscover.php src/autodiscover/autodiscover.php +16 -2

request.php src/lib/request/request.php +4 -19

utils.php src/lib/utils/utils.php +32 -0

No files found.
--- a/src/autodiscover/autodiscover.php
+++ b/src/autodiscover/autodiscover.php
@@ -193,9 +193,23 @@ class ZPushAutodiscover {
            $username = Utils::GetLocalPartFromEmail($incomingXml->Request->EMailAddress);
        }
-        if($backend->Logon($username, "", $_SERVER['PHP_AUTH_PW']) == false) {
+        // Mobile devices send Authorization header using UTF-8 charset. Outlook sends it using ISO-8859-1 encoding.
+        // For the successful authentication the user and password must be UTF-8 encoded. Try to determine which
+        // charset was sent by the client and convert it to UTF-8. See https://jira.z-hub.io/browse/ZP-864.
+        if (isset($username))
+            $username = Utils::ConvertAuthorizationToUTF8($username);
+        if (isset($_SERVER['PHP_AUTH_PW'])) {
+            $password = Utils::ConvertAuthorizationToUTF8($_SERVER['PHP_AUTH_PW']);
+            if($backend->Logon($username, "", $password) == false) {
                throw new AuthenticationRequiredException("Access denied. Username or password incorrect.");
            }
+        }
+        else {
+            throw new AuthenticationRequiredException("Access denied. No password provided.");
+        }
        ZLog::Write(LOGLEVEL_DEBUG, sprintf("ZPushAutodiscover->login() Using '%s' as the username.", $username));
        return $username;
    }

--- a/src/lib/request/request.php
+++ b/src/lib/request/request.php
@@ -254,25 +254,10 @@ class Request {
        // Mobile devices send Authorization header using UTF-8 charset. Outlook sends it using ISO-8859-1 encoding.
        // For the successful authentication the user and password must be UTF-8 encoded. Try to determine which
        // charset was sent by the client and convert it to UTF-8. See https://jira.z-hub.io/browse/ZP-864.
-        if (isset($_SERVER['PHP_AUTH_USER'])) {
+        if (isset(self::$authUser))
-            $encoding = mb_detect_encoding(self::$authUser, "UTF-8, ISO-8859-1");
+          self::$authUser = Utils::ConvertAuthorizationToUTF8(self::$authUser);
-            if (!$encoding) {
+        if (isset(self::$authPassword))
-                $encoding = mb_detect_encoding(self::$authUser, Utils::GetAvailableCharacterEncodings());
+          self::$authPassword = Utils::ConvertAuthorizationToUTF8(self::$authPassword);
-                if ($encoding) {
-                    ZLog::Write(LOGLEVEL_WARN,
-                            sprintf("Request->ProcessHeaders(): mb_detect_encoding detected '%s' charset. This charset is not in the default detect list. Please report it to Z-Push developers.",
-                                    $encoding));
-                }
-                else {
-                    ZLog::Write(LOGLEVEL_ERROR, "Request->ProcessHeaders(): mb_detect_encoding failed to detect the Authorization header charset. It's possible that user won't be able to login.");
-                }
-            }
-            if ($encoding && strtolower($encoding) != "utf-8") {
-                ZLog::Write(LOGLEVEL_DEBUG, sprintf("Request->ProcessHeaders(): mb_detect_encoding detected '%s' charset. Authorization header will be converted to UTF-8 from it.", $encoding));
-                self::$authUser = mb_convert_encoding(self::$authUser, "UTF-8", $encoding);
-                self::$authPassword = mb_convert_encoding(self::$authPassword, "UTF-8", $encoding);
-            }
-        }
    }
    /**

--- a/src/lib/utils/utils.php
+++ b/src/lib/utils/utils.php
@@ -1130,6 +1130,38 @@ class Utils {
        }
        return array(null, $id);
    }
+    /**
+     * Detects encoding of the input and converts it to UTF-8.
+     * This is currently only used for authorization header conversion.
+     *
+     * @param string      $data     input data
+     *
+     * @access public
+     * @return string               utf-8 encoded data
+     */
+    public static function ConvertAuthorizationToUTF8($data) {
+        $encoding = mb_detect_encoding($data, "UTF-8, ISO-8859-1");
+        if (!$encoding) {
+            $encoding = mb_detect_encoding($data, Utils::GetAvailableCharacterEncodings());
+            if ($encoding) {
+                ZLog::Write(LOGLEVEL_WARN,
+                        sprintf("Utils::ConvertAuthorizationToUTF8(): mb_detect_encoding detected '%s' charset. This charset is not in the default detect list. Please report it to Z-Push developers.",
+                                $encoding));
+            }
+            else {
+                ZLog::Write(LOGLEVEL_ERROR, "Utils::ConvertAuthorizationToUTF8(): mb_detect_encoding failed to detect the Authorization header charset. It's possible that user won't be able to login.");
+            }
+        }
+        if ($encoding && strtolower($encoding) != "utf-8") {
+            ZLog::Write(LOGLEVEL_DEBUG, sprintf("Utils::ConvertAuthorizationToUTF8(): mb_detect_encoding detected '%s' charset. Authorization header will be converted to UTF-8 from it.", $encoding));
+            return mb_convert_encoding($data, "UTF-8", $encoding);
+        }
+        return $data;
+    }
 }