fix(hosted-authentication): If a user tries to add an hotmail/outlook…

… account with a password, show a warning about MS disabling password based auth
postalsys · Oct 31, 2024 · dd0407e · dd0407e
1 parent 122779b
commit dd0407e
Show file tree

Hide file tree

Showing 14 changed files with 621 additions and 485 deletions.
diff --git a/lib/autodetect-imap-settings.js b/lib/autodetect-imap-settings.js
@@ -6,14 +6,16 @@ const { parseString: parseXmlCb } = require('xml2js');
 const util = require('util');
 const packageData = require('../package.json');
 const parseXml = util.promisify(parseXmlCb);
+const { gt } = require('./translations');
 
 const { FETCH_TIMEOUT } = require('./consts');
 const { fetch: fetchCmd, Agent } = require('undici');
 const fetchAgent = new Agent({ connect: { timeout: FETCH_TIMEOUT } });
 
 const RESOLV_TIMEOUT = 5 * 1000;
 
-const APP_PASSWORDS = [
+// use a function instead of const to prevent translations before locale is set
+const getAppPasswords = () => [
     {
         trigger: {
             exchange: /\bl\.google\.com$/i
@@ -65,6 +67,9 @@ const APP_PASSWORDS = [
         },
         value: {
             required: true,
+            warning: gt.gettext(
+                'Microsoft has disabled password-based sign-ins (including app passwords) for Outlook.com, Hotmail.com, and Microsoft 365 email accounts. To continue, please use the "Sign in with Microsoft" button to securely connect your account.'
+            ),
             provider: 'Microsoft',
             instructions: 'https://support.microsoft.com/en-us/account-billing/how-to-get-and-use-app-passwords-5896ed9b-4263-e681-128a-a6f2979a7944'
         }
@@ -85,7 +90,7 @@ const APP_PASSWORDS = [
 function getAppPassword(email, exchange) {
     let domain = email.split('@').pop().trim().toLowerCase();
 
-    for (let appPassword of APP_PASSWORDS) {
+    for (let appPassword of getAppPasswords()) {
         if (appPassword.trigger.domains && appPassword.trigger.domains.includes(domain)) {
             return appPassword.value;
         }

diff --git a/package.json b/package.json
@@ -16,7 +16,7 @@
         "build-dist": "pkg --compress Brotli package.json && npm install && node winconf.js",
         "build-dist-fast": "pkg --debug package.json && npm install && node winconf.js",
         "licenses": "license-checker --excludePackages 'emailengine-app' --json | node list-generate.js > static/licenses.html",
-        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && jsxgettext lib/routes-ui.js workers/api.js lib/tools.js -j -o translations/messages.pot",
+        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && jsxgettext lib/routes-ui.js workers/api.js lib/tools.js lib/autodetect-imap-settings.js -j -o translations/messages.pot",
         "prepare-docker": "echo \"EE_DOCKER_LEGACY=$EE_DOCKER_LEGACY\" >> system.env && cat system.env",
         "update": "rm -rf node_modules package-lock.json && ncu -u && npm install && ./copy-static-files.sh && npm run licenses && npm run gettext",
         "test-gmail-api": "node lib/email-client/gmail-client.js --dbs.redis=redis://127.0.0.1/11"

diff --git a/translations/de.mo b/translations/de.mo
diff --git a/translations/de.po b/translations/de.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2024-09-04 05:45+0000\n"
+"POT-Creation-Date: 2024-10-31 07:51+0000\n"
 "PO-Revision-Date: \n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -12,6 +12,12 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Generator: Poedit 3.2\n"
 
+#: views/config/license.hbs:49
+msgid "%d day"
+msgid_plural "%d days"
+msgstr[0] "%d Tag"
+msgstr[1] "%d Tage"
+
 #: views/redirect.hbs:1
 msgid "Click <a href=\"%s\">here</a> to continue&mldr;"
 msgstr "Klicken Sie <a href=\"%s\">hier</a>, um fortzufahren&mldr;"
@@ -39,7 +45,7 @@ msgstr ""
 "Sind Sie sicher, dass Sie Ihre E-Mail-Adresse <em>%s</em> erneut anmelden "
 "möchten?"
 
-#: views/unsubscribe.hbs:31 views/accounts/register/imap-server.hbs:226
+#: views/unsubscribe.hbs:31 views/accounts/register/imap-server.hbs:250
 msgid "Close"
 msgstr "Schließen"
 
@@ -59,84 +65,60 @@ msgstr "E-Mail-Adresse"
 msgid "Enter your email address"
 msgstr "Geben Sie Ihre E-Mail-Adresse ein"
 
-#: views/config/license.hbs:49
-msgid "%d day"
-msgid_plural "%d days"
-msgstr[0] "%d Tag"
-msgstr[1] "%d Tage"
-
-#: views/accounts/register/imap.hbs:11
-msgid "Your name"
-msgstr "Ihr Name"
-
-#: views/accounts/register/imap.hbs:17
-msgid "Enter your full name"
-msgstr "Gib deinen vollen Namen ein"
-
-#: views/accounts/register/imap.hbs:31
-#: views/accounts/register/imap-server.hbs:35
-#: views/accounts/register/imap-server.hbs:115
-msgid "Password"
-msgstr "Passwort *"
-
-#: views/accounts/register/imap.hbs:37
-msgid "Enter your account password"
-msgstr "Passwort für Ihr Konto eingeben"
-
-#: views/accounts/register/imap.hbs:51
-#: views/accounts/register/imap-server.hbs:194
-msgid "Continue"
-msgstr "Weiter"
-
-#: views/accounts/register/index.hbs:2
-msgid "Choose your email account provider"
-msgstr "Wählen Sie Ihren E-Mail-Kontoanbieter"
-
-#: views/accounts/register/index.hbs:15
-msgid "Standard IMAP"
-msgstr "Standard IMAP"
-
-#: views/accounts/register/imap-server.hbs:18
+#: views/accounts/register/imap-server.hbs:19
 msgid "IMAP"
 msgstr "IMAP"
 
-#: views/accounts/register/imap-server.hbs:21
-#: views/accounts/register/imap-server.hbs:101
+#: views/accounts/register/imap-server.hbs:22
+#: views/accounts/register/imap-server.hbs:114
 msgid "Username"
 msgstr "Benutzername"
 
-#: views/accounts/register/imap-server.hbs:42
-#: views/accounts/register/imap-server.hbs:47
-#: views/accounts/register/imap-server.hbs:122
-#: views/accounts/register/imap-server.hbs:127
+#: views/accounts/register/imap-server.hbs:36
+#: views/accounts/register/imap-server.hbs:128
+#: views/accounts/register/imap.hbs:31
+msgid "Password"
+msgstr "Passwort *"
+
+#: views/accounts/register/imap-server.hbs:46
+#: views/accounts/register/imap-server.hbs:53
+#: views/accounts/register/imap-server.hbs:60
+#: views/accounts/register/imap-server.hbs:137
+#: views/accounts/register/imap-server.hbs:144
+#: views/accounts/register/imap-server.hbs:151
 msgid "Application Password"
 msgstr "Anwendungspasswort"
 
-#: views/accounts/register/imap-server.hbs:43
-#: views/accounts/register/imap-server.hbs:123
+#: views/accounts/register/imap-server.hbs:47
+#: views/accounts/register/imap-server.hbs:138
+msgid "Important"
+msgstr "Wichtig!"
+
+#: views/accounts/register/imap-server.hbs:54
+#: views/accounts/register/imap-server.hbs:145
 msgid "%s accounts require to use an application password for %s."
 msgstr "Für %s-Konten muss ein Anwendungskennwort für %s verwendet werden."
 
-#: views/accounts/register/imap-server.hbs:44
-#: views/accounts/register/imap-server.hbs:124
+#: views/accounts/register/imap-server.hbs:55
+#: views/accounts/register/imap-server.hbs:146
 msgid "Instructions"
 msgstr "Anweisungen"
 
-#: views/accounts/register/imap-server.hbs:62
-#: views/accounts/register/imap-server.hbs:142
+#: views/accounts/register/imap-server.hbs:75
+#: views/accounts/register/imap-server.hbs:166
 msgid "Hostname"
 msgstr "Hostname"
 
-#: views/accounts/register/imap-server.hbs:72
-#: views/accounts/register/imap-server.hbs:152
+#: views/accounts/register/imap-server.hbs:85
+#: views/accounts/register/imap-server.hbs:176
 msgid "Port"
 msgstr "Port"
 
-#: views/accounts/register/imap-server.hbs:86
+#: views/accounts/register/imap-server.hbs:99
 msgid "TLS for IMAP"
 msgstr "TLS für IMAP"
 
-#: views/accounts/register/imap-server.hbs:87
+#: views/accounts/register/imap-server.hbs:100
 msgid ""
 "TLS (also known as SSL) is usually only needed when using port 993. For "
 "other ports EmailEngine falls back to using STARTTLS based encryption."
@@ -145,20 +127,20 @@ msgstr ""
 "Port 993 benötigt. Bei anderen Ports greift EmailEngine auf die STARTTLS-"
 "basierte Verschlüsselung zurück."
 
-#: views/accounts/register/imap-server.hbs:89
-#: views/accounts/register/imap-server.hbs:169
+#: views/accounts/register/imap-server.hbs:102
+#: views/accounts/register/imap-server.hbs:193
 msgid "Use TLS"
 msgstr "TLS verwenden"
 
-#: views/accounts/register/imap-server.hbs:98
+#: views/accounts/register/imap-server.hbs:111
 msgid "SMTP"
 msgstr "SMTP"
 
-#: views/accounts/register/imap-server.hbs:166
+#: views/accounts/register/imap-server.hbs:190
 msgid "TLS for SMTP"
 msgstr "TLS für SMTP"
 
-#: views/accounts/register/imap-server.hbs:167
+#: views/accounts/register/imap-server.hbs:191
 msgid ""
 "TLS (also known as SSL) is usually only needed when using port 465. For "
 "other ports EmailEngine falls back to using STARTTLS based encryption."
@@ -167,90 +149,115 @@ msgstr ""
 "Port 465 benötigt. Bei anderen Ports greift EmailEngine auf die STARTTLS-"
 "basierte Verschlüsselung zurück."
 
-#: views/accounts/register/imap-server.hbs:185
+#: views/accounts/register/imap-server.hbs:209
 msgid "Test settings"
 msgstr "Test-Einstellungen"
 
-#: views/accounts/register/imap-server.hbs:202
+#: views/accounts/register/imap-server.hbs:218
+#: views/accounts/register/imap.hbs:51
+msgid "Continue"
+msgstr "Weiter"
+
+#: views/accounts/register/imap-server.hbs:226
 msgid "Continue without testing"
 msgstr "Ohne Prüfung fortfahren"
 
-#: views/accounts/register/imap-server.hbs:216
+#: views/accounts/register/imap-server.hbs:240
 msgid "Test failed"
 msgstr "Test fehlgeschlagen"
 
-#: views/accounts/register/imap-server.hbs:222
+#: views/accounts/register/imap-server.hbs:246
 msgid "Failed to validate provided email server settings."
 msgstr ""
 "Die angegebenen E-Mail-Server-Einstellungen konnten nicht validiert werden."
 
-#: views/accounts/register/imap-server.hbs:292
+#: views/accounts/register/imap-server.hbs:316
 msgid "General error"
 msgstr "Allgemeiner Fehler"
 
-#: views/accounts/register/imap-server.hbs:294
+#: views/accounts/register/imap-server.hbs:318
 msgid "Validation error"
 msgstr "Validierungsfehler"
 
-#: views/accounts/register/imap-server.hbs:300
+#: views/accounts/register/imap-server.hbs:324
 msgid "Failed to validate IMAP server settings"
 msgstr "Validierung der IMAP-Servereinstellungen fehlgeschlagen"
 
-#: views/accounts/register/imap-server.hbs:302
+#: views/accounts/register/imap-server.hbs:326
 msgid "IMAP Server responded with the following message:"
 msgstr "Der IMAP-Server antwortete mit der folgenden Meldung:"
 
-#: views/accounts/register/imap-server.hbs:309
+#: views/accounts/register/imap-server.hbs:333
 msgid "Failed to validate SMTP server settings"
 msgstr "SMTP-Servereinstellungen konnten nicht validiert werden"
 
-#: views/accounts/register/imap-server.hbs:311
+#: views/accounts/register/imap-server.hbs:335
 msgid "SMTP Server responded with the following message:"
 msgstr "Der SMTP-Server antwortete mit der folgenden Meldung:"
 
-#: views/accounts/register/imap-server.hbs:369
+#: views/accounts/register/imap-server.hbs:393
 msgid "HTTP error!"
 msgstr "HTTP-Fehler!"
 
-#: lib/routes-ui.js:653
+#: views/accounts/register/imap.hbs:11
+msgid "Your name"
+msgstr "Ihr Name"
+
+#: views/accounts/register/imap.hbs:17
+msgid "Enter your full name"
+msgstr "Gib deinen vollen Namen ein"
+
+#: views/accounts/register/imap.hbs:37
+msgid "Enter your account password"
+msgstr "Passwort für Ihr Konto eingeben"
+
+#: views/accounts/register/index.hbs:2
+msgid "Choose your email account provider"
+msgstr "Wählen Sie Ihren E-Mail-Kontoanbieter"
+
+#: views/accounts/register/index.hbs:15
+msgid "Standard IMAP"
+msgstr "Standard IMAP"
+
+#: lib/routes-ui.js:677
 msgid "Invalid API key for OpenAI"
 msgstr "Ungültiger API-Schlüssel für OpenAI"
 
-#: lib/routes-ui.js:4918 lib/routes-ui.js:6867 lib/routes-ui.js:6878
+#: lib/routes-ui.js:4940 lib/routes-ui.js:6889 lib/routes-ui.js:6900
 msgid "Server hostname was not found"
 msgstr "Server-Hostname wurde nicht gefunden"
 
-#: lib/routes-ui.js:4921 lib/routes-ui.js:6870 lib/routes-ui.js:6881
+#: lib/routes-ui.js:4943 lib/routes-ui.js:6892 lib/routes-ui.js:6903
 msgid "Invalid username or password"
 msgstr "Ungültiger Benutzername oder Passwort"
 
-#: lib/routes-ui.js:4925 lib/routes-ui.js:6885
+#: lib/routes-ui.js:4947 lib/routes-ui.js:6907
 msgid "TLS protocol error"
 msgstr "TLS-Protokollfehler"
 
-#: lib/routes-ui.js:6614 lib/routes-ui.js:6649 lib/routes-ui.js:6764
-#: lib/routes-ui.js:6811 lib/routes-ui.js:7039 lib/routes-ui.js:7075
+#: lib/routes-ui.js:6636 lib/routes-ui.js:6671 lib/routes-ui.js:6786
+#: lib/routes-ui.js:6833 lib/routes-ui.js:7061 lib/routes-ui.js:7097
 msgid "Email Account Setup"
 msgstr "E-Mail-Konto einrichten"
 
-#: lib/routes-ui.js:6674 lib/routes-ui.js:6707 lib/routes-ui.js:9500
+#: lib/routes-ui.js:6696 lib/routes-ui.js:6729 lib/routes-ui.js:9528
 msgid "Failed to validate request arguments"
 msgstr "Validierung der Anforderungsargumente fehlgeschlagen"
 
-#: lib/routes-ui.js:6804 lib/routes-ui.js:7068
+#: lib/routes-ui.js:6826 lib/routes-ui.js:7090
 msgid "Failed to process account"
 msgstr "Konto konnte nicht bearbeitet werden"
 
-#: lib/routes-ui.js:9463 lib/tools.js:731
+#: lib/routes-ui.js:9491 lib/tools.js:731
 msgid "Invalid input"
 msgstr "Ungültige Eingabe"
 
-#: lib/routes-ui.js:9473 lib/routes-ui.js:9591 lib/routes-ui.js:9608
-#: lib/routes-ui.js:9643
+#: lib/routes-ui.js:9501 lib/routes-ui.js:9619 lib/routes-ui.js:9636
+#: lib/routes-ui.js:9671
 msgid "Subscription Management"
 msgstr "Mitgliederverwaltung"
 
-#: lib/routes-ui.js:9602 lib/routes-ui.js:9636
+#: lib/routes-ui.js:9630 lib/routes-ui.js:9664
 msgid "Failed to process request"
 msgstr "Anfrage konnte nicht bearbeitet werden"
 
@@ -262,5 +269,17 @@ msgstr "Signaturüberprüfung fehlgeschlagen"
 msgid "Invalid or expired account setup URL"
 msgstr "Ungültige oder abgelaufene URL für die Kontoeinrichtung"
 
+#: lib/autodetect-imap-settings.js:69
+msgid ""
+"Microsoft has disabled password-based sign-ins (including app passwords) for "
+"Outlook.com, Hotmail.com, and Microsoft 365 email accounts. To continue, "
+"please use the \"Sign in with Microsoft\" button to securely connect your "
+"account."
+msgstr ""
+"Microsoft hat die kennwortbasierte Anmeldung (einschließlich Kennwörter für "
+"Anwendungen) für Outlook.com-, Hotmail.com- und Microsoft 365-E-Mail-Konten "
+"deaktiviert. Um fortzufahren, verwenden Sie bitte die Schaltfläche \"Sign in "
+"with Microsoft\", um Ihr Konto sicher zu verbinden."
+
 #~ msgid "Unknown OAuth provider"
 #~ msgstr "Unbekannter OAuth-Anbieter"
diff --git a/translations/en.mo b/translations/en.mo