fix(portal): Apple profile labels derive from the user's domain
ci / changes (push) Successful in 4s
ci / tc_booking (push) Has been skipped
ci / tc_operator (push) Has been skipped
ci / tc_website (push) Has been skipped
ci / tc_platform_api (push) Has been skipped
ci / test_platform_api (push) Has been skipped
ci / tc_portal (push) Successful in 23s
ci / build_booking (push) Has been skipped
ci / build_operator (push) Has been skipped
ci / build_platform_api (push) Has been skipped
ci / build_portal (push) Successful in 45s
ci / deploy (push) Successful in 40s
ci / changes (push) Successful in 4s
ci / tc_booking (push) Has been skipped
ci / tc_operator (push) Has been skipped
ci / tc_website (push) Has been skipped
ci / tc_platform_api (push) Has been skipped
ci / test_platform_api (push) Has been skipped
ci / tc_portal (push) Successful in 23s
ci / build_booking (push) Has been skipped
ci / build_operator (push) Has been skipped
ci / build_platform_api (push) Has been skipped
ci / build_portal (push) Successful in 45s
ci / deploy (push) Successful in 40s
'dezky mail (…)' in the customer's account list is the same white-label leak as 'Stalwart Calendar' one layer up — partner tenants must see THEIR domain, not the platform brand. Every user-visible label in the .mobileconfig (account descriptions, payload names, organization) now derives from the address's own domain.
This commit is contained in:
Ronni Baslund
@@ -41,6 +41,11 @@ export default defineEventHandler(async (event) => {
|
||||
const mailHost = new URL(useRuntimeConfig().public.mailUrl as string).host
|
||||
// The regex above guarantees an @, but noUncheckedIndexedAccess doesn't know.
|
||||
const localPart = email.split('@')[0] ?? email
|
||||
// All user-visible labels derive from the address's own domain — this is a
|
||||
// white-label platform, so neither "dezky" nor "Stalwart" may appear in a
|
||||
// customer's account list.
|
||||
const domain = email.split('@')[1] ?? mailHost
|
||||
const d = xmlEscape(domain)
|
||||
const accountUuid = randomUUID()
|
||||
const caldavUuid = randomUUID()
|
||||
const carddavUuid = randomUUID()
|
||||
@@ -56,7 +61,7 @@ export default defineEventHandler(async (event) => {
|
||||
<key>PayloadContent</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>EmailAccountDescription</key><string>dezky mail (${e})</string>
|
||||
<key>EmailAccountDescription</key><string>${d}</string>
|
||||
<key>EmailAccountName</key><string>${n}</string>
|
||||
<key>EmailAccountType</key><string>EmailTypeIMAP</string>
|
||||
<key>EmailAddress</key><string>${e}</string>
|
||||
@@ -75,33 +80,33 @@ export default defineEventHandler(async (event) => {
|
||||
<key>PreventMove</key><false/>
|
||||
<key>SMIMEEnabled</key><false/>
|
||||
<key>PayloadDescription</key><string>Configures the ${e} mail account.</string>
|
||||
<key>PayloadDisplayName</key><string>dezky mail</string>
|
||||
<key>PayloadDisplayName</key><string>Mail (${d})</string>
|
||||
<key>PayloadIdentifier</key><string>eu.dezky.mail.${xmlEscape(localPart)}</string>
|
||||
<key>PayloadType</key><string>com.apple.mail.managed</string>
|
||||
<key>PayloadUUID</key><string>${accountUuid}</string>
|
||||
<key>PayloadVersion</key><integer>1</integer>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>CalDAVAccountDescription</key><string>dezky calendar (${e})</string>
|
||||
<key>CalDAVAccountDescription</key><string>${d} calendar</string>
|
||||
<key>CalDAVHostName</key><string>${h}</string>
|
||||
<key>CalDAVPort</key><integer>443</integer>
|
||||
<key>CalDAVUseSSL</key><true/>
|
||||
<key>CalDAVUsername</key><string>${e}</string>
|
||||
<key>PayloadDescription</key><string>Configures the ${e} calendar account.</string>
|
||||
<key>PayloadDisplayName</key><string>dezky calendar</string>
|
||||
<key>PayloadDisplayName</key><string>Calendar (${d})</string>
|
||||
<key>PayloadIdentifier</key><string>eu.dezky.caldav.${xmlEscape(localPart)}</string>
|
||||
<key>PayloadType</key><string>com.apple.caldav.account</string>
|
||||
<key>PayloadUUID</key><string>${caldavUuid}</string>
|
||||
<key>PayloadVersion</key><integer>1</integer>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>CardDAVAccountDescription</key><string>dezky contacts (${e})</string>
|
||||
<key>CardDAVAccountDescription</key><string>${d} contacts</string>
|
||||
<key>CardDAVHostName</key><string>${h}</string>
|
||||
<key>CardDAVPort</key><integer>443</integer>
|
||||
<key>CardDAVUseSSL</key><true/>
|
||||
<key>CardDAVUsername</key><string>${e}</string>
|
||||
<key>PayloadDescription</key><string>Configures the ${e} contacts account.</string>
|
||||
<key>PayloadDisplayName</key><string>dezky contacts</string>
|
||||
<key>PayloadDisplayName</key><string>Contacts (${d})</string>
|
||||
<key>PayloadIdentifier</key><string>eu.dezky.carddav.${xmlEscape(localPart)}</string>
|
||||
<key>PayloadType</key><string>com.apple.carddav.account</string>
|
||||
<key>PayloadUUID</key><string>${carddavUuid}</string>
|
||||
@@ -109,9 +114,9 @@ export default defineEventHandler(async (event) => {
|
||||
</dict>
|
||||
</array>
|
||||
<key>PayloadDescription</key><string>Sets up ${e} in Apple Mail, Calendar and Contacts. You'll be asked for the mailbox password during installation.</string>
|
||||
<key>PayloadDisplayName</key><string>dezky mail — ${e}</string>
|
||||
<key>PayloadDisplayName</key><string>${d} — mail, calendar & contacts (${e})</string>
|
||||
<key>PayloadIdentifier</key><string>eu.dezky.profile.${xmlEscape(localPart)}</string>
|
||||
<key>PayloadOrganization</key><string>dezky</string>
|
||||
<key>PayloadOrganization</key><string>${d}</string>
|
||||
<key>PayloadRemovalDisallowed</key><false/>
|
||||
<key>PayloadType</key><string>Configuration</string>
|
||||
<key>PayloadUUID</key><string>${profileUuid}</string>
|
||||
|
||||
Reference in New Issue
Block a user