Feature request: User auto-generation after successful IMAP login

[reven]

Would it be possible to hook auto-generation of the user in the db, as well as default calendar and address book after a successful IMAP auth if the user is not defined?

[tchapi]

Hi @reven

It should be possible I think, behind a feature flag. Do you want to give it a try ?

[reven]

I'd love to give it a go, but I have zero experience with Symfony. I'll look over and try, but if anyone else wants to hop on it, I'd be grateful.

I found something that could serve as a starting point: https://github.com/Excision-Mail/ansible-baikal/blob/main/files/baikal-0.9.1-ldap-auth-and-smtp.patch

[tchapi]

This patch is interesting, it seems quite straightforward to "port" to Davis. Give it a try and let me know, I should be able to help (not before mid-March though).

[tchapi]

I've had some time to try something in d8d01fc. As I have no readily available IMAP server, could you test the tip of the master branch and tell me if this works for you ?

You have to enable the feature via the IMAP_AUTH_USER_AUTOCREATE flag beforehand.

Thanks !

[reven]

I gave it a try and unfortunately the changes break IMAP login, thus no autogeneration occurs. There is no error in the log either at the app level or server. Likewise there are no hits to imap-login on the IMAP server's logs. Going into dev and DEGUB mode, this is all I get when trying to login (with a user already created, that logged in ok before):

[2022-03-09T18:52:22.696926-08:00] security.DEBUG: Checking for authenticator support. {"firewall_name":"main","authenticators":1} []
[2022-03-09T18:52:22.697025-08:00] security.DEBUG: Checking support on authenticator. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Guard\\Authenticator\\GuardBridgeAuthenticator"} []
[2022-03-09T18:52:22.697103-08:00] security.DEBUG: Authenticator does not support the request. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Guard\\Authenticator\\GuardBridgeAuthenticator"} []

I don't know if this is helpful.

Logging in with the admin user and accessing the dashboard works as expected.

There are also some INFO on the log, not sure if relevant:

[2022-03-09T19:01:31.376820-08:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Authenticator\GuardBridgeAuthenticator" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\\Component\\Security\\Guard\\Authenticator\\GuardBridgeAuthenticator\" class is deprecated, use the new authenticator system instead. at /var/www/davis/vendor/symfony/security-guard/Authenticator/GuardBridgeAuthenticator.php:35)"} []

I'll be glad to test if you want. Sorry I can't provide more insight on the issue.

[tchapi]

Ok, thanks for the feedback. Will try to see what is wrong

[tchapi]

If you try to login by just pointing your browser at http://yourdavserver.com/dav, what happens ? You should receive a XML response stating the exact error. If you can send me that, that'll be helpful.

NB: I made a small adjustment on the tip of the branch so you might want to pull the latest master beforehand

[reven]

Now I get a 500 error. Checking the logs shows:

[2022-03-10T00:49:05.797757-08:00] request.CRITICAL: Uncaught PHP Exception TypeError: "Argument 3 passed to App\Controller\DAVController::__construct() must be an instance of App\Services\IMAPAuth, instance of Symfony\Bundle\FrameworkBundle\Routing\Router given, called in /var/www/davis/var/cache/prod/Container0MAOxOv/getDAVControllerService.php on line 25" at /var/www/davis/src/Controller/DAVController.php line 111 {"exception":"[object] (TypeError(code: 0): Argument 3 passed to App\\Controller\\DAVController::__construct() must be an instance of App\\Services\\IMAPAuth, instance of Symfony\\Bundle\\FrameworkBundle\\Routing\\Router given, called in /var/www/davis/var/cache/prod/Container0MAOxOv/getDAVControllerService.php on line 25 at /var/www/davis/src/Controller/DAVController.php:111)"} []

[tchapi]

Ok, it seems that you still have an old cache on your machine. Try clearing the cache with bin/console cache:clear --env=prod, or removing the var/cache folder altogether for instance

[reven]

Ok, I think it works! I get access to Sabre and the user is clearly authenticated. Adding the calendar through a desktop app works fine; I can add/edit events, etc.

Awesome!!

[tchapi]

Great ! I'll test a bit more and tag a new release when I'm confident it's ok
Thanks

[reven]

Thanks to you for the work!

[n-connect]

@tchapi

Can you help me out pls.? How the IMAP (or LDAP) user-autocreation should work? This is something I've still missing from Baikal.

First:

• I've set up aa davis server with IMAP auth configured,
• logged-in, and manual created a user with a dummy pw.
• then configured a cald client with /dav/principals/[email protected]/ URI (baikal uses /dav.php/...).
  Everythings fine.

Now I wanted to see if / how user-autocreate works, so I removed the manually created account -> afterwards the calendar config not works :) Caldav client macos Calendar app.
Edit: log has items starting with[2024-10-08T10:43:54.259814+00:00] app.ERROR: [404]: Sabre\DAV\Exception\NotFound - Principal with name [email protected] not found [{"file":"/usr/local/www/davis/vendor/sabre/dav/lib/DAV/Tree.php"

• What is the proper way setting-up a caldav client to utilize auto-creation (if there's any difference at all)?
• What caldav client do you test/use the user-autocreation?

[tchapi]

Do you have auto create set correctly in the first place? See https://github.com/tchapi/davis?tab=readme-ov-file#specific-environment-variables-for-imap-and-ldap-authentication-methods