From e518d34bc9780b247fe3140c0ca2555de306a5d2 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Fri, 25 Nov 2022 09:15:31 +0100
Subject: [PATCH 1/2] =?UTF-8?q?N=C2=B05553=20-=20OAuth=202=20:=20Hide=20Cl?=
 =?UTF-8?q?ient=20Secret=20=20*=20client=5Fid=20is=20now=20255=20chars=20(?=
 =?UTF-8?q?AttributeString)=20=20*=20client=5Fsecret=20is=20now=2064=20cha?=
 =?UTF-8?q?rs=20(AttributePassword)=20and=20cannot=20be=20anymore=20in=20t?=
 =?UTF-8?q?he=20uniqueness=20rules=20=20*=20The=20modification=20of=20redi?=
 =?UTF-8?q?rect=5Furl,=20client=5Fid=20or=20client=5Fsecret=20change=20the?=
 =?UTF-8?q?=20status=20to=20inactive=20and=20generate=20a=20session=20mess?=
 =?UTF-8?q?age=20to=20ask=20for=20token=20regeneration?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../datamodel.itop-oauth-client.xml           | 48 ++++++-------------
 1 file changed, 14 insertions(+), 34 deletions(-)

diff --git a/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml b/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml
index 3335ab29a..52f751d49 100644
--- a/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml
+++ b/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml
@@ -52,12 +52,12 @@
           <default_value/>
           <is_null_allowed>true</is_null_allowed>
         </field>
-        <field id="client_id" xsi:type="AttributeText">
+        <field id="client_id" xsi:type="AttributeString">
           <sql>client_id</sql>
           <default_value/>
           <is_null_allowed>false</is_null_allowed>
         </field>
-        <field id="client_secret" xsi:type="AttributeText">
+        <field id="client_secret" xsi:type="AttributePassword">
           <sql>client_secret</sql>
           <default_value/>
           <is_null_allowed>false</is_null_allowed>
@@ -293,7 +293,6 @@
             <attributes>
               <attribute id="provider"/>
               <attribute id="client_id"/>
-              <attribute id="client_secret"/>
             </attributes>
             <is_blocking>true</is_blocking>
           </rule>
@@ -441,21 +440,6 @@
   }
             ]]></code>
         </method>
-        <method id="OnUpdate">
-          <static>false</static>
-          <access>protected</access>
-          <type>Overload-DBObject</type>
-          <code><![CDATA[
-      protected function OnUpdate()
-      {
-		    $aChanges = $this->ListChanges();
-        if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
-            $sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
-            self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
-        }
-      }
-           ]]></code>
-        </method>
         <method id="DoCheckToWrite">
           <static>false</static>
           <access>public</access>
@@ -501,6 +485,12 @@
 		    $this->Set('used_scope', 'advanced');
 		    $this->Set('scope', '');
 		}
+    $aChanges = $this->ListChanges();
+    if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
+        $sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
+        self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
+        $this->Set('status', 'inactive');
+    }
   }
             ]]></code>
         </method>
@@ -604,7 +594,6 @@
             <attributes>
               <attribute id="provider"/>
               <attribute id="client_id"/>
-              <attribute id="client_secret"/>
             </attributes>
             <is_blocking>true</is_blocking>
           </rule>
@@ -799,6 +788,12 @@
 		    $this->Set('used_scope', 'advanced');
 		    $this->Set('scope', '');
 		}
+    $aChanges = $this->ListChanges();
+    if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
+        $sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
+        self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
+        $this->Set('status', 'inactive');
+    }
 	}
             ]]></code>
         </method>
@@ -872,21 +867,6 @@
   }
             ]]></code>
         </method>
-        <method id="OnUpdate">
-          <static>false</static>
-          <access>protected</access>
-          <type>Overload-DBObject</type>
-          <code><![CDATA[
-      protected function OnUpdate()
-      {
-		    $aChanges = $this->ListChanges();
-        if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
-            $sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
-            self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
-        }
-      }
-           ]]></code>
-        </method>
       </methods>
     </class>
   </classes>

From aff9c7748b7ebaceadfd253edc85aa0e9ebed031 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Tue, 29 Nov 2022 08:55:29 +0100
Subject: [PATCH 2/2] =?UTF-8?q?N=C2=B05155=20-=20Email=20by=20SMTP=20with?=
 =?UTF-8?q?=20self-signed=20certificate?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/config.class.inc.php               | 16 ++++++++++++++++
 sources/Core/Email/EmailSwiftMailer.php |  3 +++
 2 files changed, 19 insertions(+)

diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index 45efc63c6..0506e8ec8 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -555,6 +555,22 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		),
+		'email_transport_smtp.allow_self_signed' => array(
+			'type'                => 'bool',
+			'description'         => 'Allow self signed peer certificates',
+			'default'             => false,
+			'value'               => false,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		),
+		'email_transport_smtp.verify_peer' => array(
+			'type'                => 'bool',
+			'description'         => 'Verify peer certificate',
+			'default'             => false,
+			'value'               => false,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		),
 		'email_css' => array(
 			'type' => 'string',
 			'description' => 'CSS that will override the standard stylesheet used for the notifications',
diff --git a/sources/Core/Email/EmailSwiftMailer.php b/sources/Core/Email/EmailSwiftMailer.php
index 01d8b5d24..03b2d4801 100644
--- a/sources/Core/Email/EmailSwiftMailer.php
+++ b/sources/Core/Email/EmailSwiftMailer.php
@@ -159,11 +159,14 @@ class EmailSwiftMailer extends EMail
 				$sEncryption = static::$m_oConfig->Get('email_transport_smtp.encryption');
 				$sUserName = static::$m_oConfig->Get('email_transport_smtp.username');
 				$sPassword = static::$m_oConfig->Get('email_transport_smtp.password');
+				$bAllowSelfSigned = static::$m_oConfig->Get('email_transport_smtp.allow_self_signed');
+				$bVerifyPeer = static::$m_oConfig->Get('email_transport_smtp.verify_peer');
 
 				$oTransport = new Swift_SmtpTransport($sHost, $sPort, $sEncryption);
 				if (strlen($sUserName) > 0) {
 					$oTransport->setUsername($sUserName);
 					$oTransport->setPassword($sPassword);
+					$oTransport->setStreamOptions(array('ssl' => array('allow_self_signed' => $bAllowSelfSigned, 'verify_peer' => $bVerifyPeer)));
 				}
 				break;