Fix password/token length check on OAuth login (#8178)

4 years ago · 0c24c96e97
2 changed files with 1 additions and 2 deletions
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@ -381,7 +381,6 @@ $config['oauth_login_redirect'] = false;
 // $config['oauth_identity_uri'] = 'https://www.googleapis.com/oauth2/v1/userinfo';
 // $config['oauth_scope'] = "email profile openid https://mail.google.com/";
 // $config['oauth_auth_parameters'] = ['access_type' => 'offline', 'prompt' => 'consent'];
-// $config['login_password_maxlen'] = 2048;  // access tokens can get very long

 ///// Example config for Outlook.com (Office 365)

@ -391,7 +390,6 @@ $config['oauth_login_redirect'] = false;

 // $config['default_host'] = 'ssl://outlook.office365.com';
 // $config['smtp_server'] = 'ssl://smtp.office365.com';
-// $config['login_password_maxlen'] = 2048;  // access tokens can get very long

 // $config['oauth_provider'] = 'outlook';
 // $config['oauth_provider_name'] = 'Outlook.com';
--- a/program/actions/login/oauth.php
+++ b/program/actions/login/oauth.php
@ -40,6 +40,7 @@ class rcmail_action_login_oauth extends rcmail_action
            if ($auth && isset($auth['username'], $auth['authorization'], $auth['token'])) {
                // enforce XOAUTH2 auth type
                $rcmail->config->set('imap_auth_type', 'XOAUTH2');
+                $rcmail->config->set('login_password_maxlen', strlen($auth['authorization']));

                // use access_token and user info for IMAP login
                $storage_host = $rcmail->autoselect_host();