More fixes

tchapi · tchapi · commit 7d2b58834420 · 2025-08-31T18:43:19.000+02:00
diff --git a/README.md b/README.md
@@ -226,16 +226,18 @@ Or use it directly in the Apache configuration
 
 ### Specific environment variables for IMAP and LDAP authentication methods
 
-In case you use the `IMAP` auth type, you must specify the auth url (_the "mailbox" url_) in `IMAP_AUTH_URL`.
+In case you use the `IMAP` auth type, you must specify the auth url (_the "mailbox" url_) in `IMAP_AUTH_URL` as `host:port`, the encryption method (SSL, TLS or None) and whether the certificate should be validated.
 
-You should also explicitely define whether you want new authenticated to be created upon login:
+You should also explicitely define whether you want new authenticated users to be created upon login:
 
 ```shell
-IMAP_AUTH_URL="{imap.gmail.com:993}"
+IMAP_AUTH_URL=imap.mydomain.com:993
+IMAP_ENCRYPTION_METHOD=ssl # ssl, tls or false
+IMAP_CERTIFICATE_VALIDATION=true
 IMAP_AUTH_USER_AUTOCREATE=true # false by default
 ```
 
-Same goes for LDAP, where you must specify the LDAP server url, the DN pattern, the Mail attribute, as well as whether you want new authenticated to be created upon login (_like for IMAP_):
+Same goes for LDAP, where you must specify the LDAP server url, the DN pattern, the Mail attribute, as well as whether you want new authenticated users to be created upon login (_like for IMAP_):
 
 ```shell
 LDAP_AUTH_URL=ldap://127.0.0.1:3890 # default LDAP port
diff --git a/config/services.yaml b/config/services.yaml
@@ -33,17 +33,17 @@ services:
     App\Services\IMAPAuth:
         arguments:
             $IMAPAuthUrl: "%env(IMAP_AUTH_URL)%"
-            $autoCreate: "%env(bool:IMAP_AUTH_USER_AUTOCREATE)%"
             $IMAPEncryptionMethod: "%env(IMAP_ENCRYPTION_METHOD)%"
             $IMAPCertificateValidation: "%env(bool:IMAP_CERTIFICATE_VALIDATION)%"
+            $autoCreate: "%env(bool:IMAP_AUTH_USER_AUTOCREATE)%"
 
     App\Services\LDAPAuth:
         arguments:
             $LDAPAuthUrl: "%env(LDAP_AUTH_URL)%"
             $LDAPDnPattern: "%env(LDAP_DN_PATTERN)%"
             $LDAPMailAttribute: "%env(LDAP_MAIL_ATTRIBUTE)%"
-            $autoCreate: "%env(bool:LDAP_AUTH_USER_AUTOCREATE)%"
             $LDAPCertificateCheckingStrategy: "%env(LDAP_CERTIFICATE_CHECKING_STRATEGY)%"
+            $autoCreate: "%env(bool:LDAP_AUTH_USER_AUTOCREATE)%"
 
     # controllers are imported separately to make sure services can be injected
     # as action arguments even if you don't extend any base controller class
diff --git a/docker/.env b/docker/.env
@@ -32,7 +32,9 @@ AUTH_METHOD=Basic   # Basic or IMAP or LDAP
 AUTH_REALM=SabreDAV
 
 # IMAP auth settings
-IMAP_AUTH_URL={imap.gmail.com:993/imap/ssl/novalidate-cert}
+IMAP_AUTH_URL=imap.mydomain.com:993
+IMAP_ENCRYPTION_METHOD=ssl
+IMAP_CERTIFICATE_VALIDATION=true
 IMAP_AUTH_USER_AUTOCREATE=false
 
 # LDAP auth settings
diff --git a/src/Services/IMAPAuth.php b/src/Services/IMAPAuth.php
@@ -55,9 +55,26 @@ final class IMAPAuth extends AbstractBasic
 
     public function __construct(ManagerRegistry $doctrine, Utils $utils, string $IMAPAuthUrl, bool $autoCreate, string $IMAPEncryptionMethod, bool $IMAPCertificateValidation)
     {
-        $this->IMAPAuthUrl = $IMAPAuthUrl;
+        $components = parse_url($IMAPAuthUrl);
 
-        // We're making sure that only ssl, tls or 'false' are passed down to the IMAP client
+        if (!$components) {
+            throw new Exception('IMAP Error (parsing IMAP url "'.$IMAPAuthUrl.'"): '.$e->getMessage());
+        }
+
+        $this->IMAPHost = $components['host'] ?? null;
+
+        // Trying to choose the best port if it was not provided,
+        // defaulting to 993 (secure)
+        if (isset($components['port'])) {
+            $this->IMAPPort = $components['port'];
+        } elseif (false === $this->IMAPEncryptionMethod) {
+            $this->IMAPPort = 143;
+        } else {
+            $this->IMAPPort = 993;
+        }
+
+        // We're making sure that only ssl, tls or 'false' are passed down to the IMAP client,
+        // defaulting to SSL
         $IMAPEncryptionMethodCleaned = strtolower($IMAPEncryptionMethod);
         if ('false' === $IMAPEncryptionMethodCleaned) {
             $this->IMAPEncryptionMethod = false;
@@ -76,33 +93,16 @@ public function __construct(ManagerRegistry $doctrine, Utils $utils, string $IMA
 
     /**
      * Connects to an IMAP server and tries to authenticate.
-     * If the user does not exist, create it.
+     * If the user does not exist, create it (depending on the autoCreate flag).
      */
     protected function imapOpen(string $username, string $password): bool
     {
         $cm = new ClientManager($options = []);
 
-        $components = parse_url($this->IMAPAuthUrl);
-
-        if (!$components) {
-            error_log('IMAP Error (parsing IMAP url "'.$this->IMAPAuthUrl.'" ): '.$e->getMessage());
-
-            return false;
-        }
-
-        // Trying to choose the best port if it was not provided
-        if ($components['port']) {
-            $port = $components['port'];
-        } elseif (false === $this->IMAPEncryptionMethod) {
-            $port = 143;
-        } else {
-            $port = 993;
-        }
-
         // Create a new instance of the IMAP client manually
         $client = $cm->make([
-            'host' => $components['host'],
-            'port' => $port,
+            'host' => $this->IMAPHost,
+            'port' => $this->IMAPPort,
             'encryption' => $this->IMAPEncryptionMethod,
             'validate_cert' => $this->IMAPCertificateValidation,
             'username' => $username,
