ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix(portal): Apple profile labels derive from the user's domain
ci / changes (push) Successful in 4s
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Has been skipped
Details
ci / test_platform_api (push) Has been skipped
Details
ci / tc_portal (push) Successful in 23s
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / build_platform_api (push) Has been skipped
Details
ci / build_portal (push) Successful in 45s
Details
ci / deploy (push) Successful in 40s
Details

Browse Source 
'dezky mail (…)' in the customer's account list is the same white-label
leak as 'Stalwart Calendar' one layer up — partner tenants must see THEIR
domain, not the platform brand. Every user-visible label in the
.mobileconfig (account descriptions, payload names, organization) now
derives from the address's own domain.
This commit is contained in:
Ronni Baslund
2026-06-11 08:41:19 +02:00
parent 2b9a77c6b9
commit a45d64d4ed
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/portal/server/api/apple-mailconfig.get.ts
+13 -8
View File
@@ -41,6 +41,11 @@ export default defineEventHandler(async (event) => {
const mailHost = new URL(useRuntimeConfig().public.mailUrl as string).host const mailHost = new URL(useRuntimeConfig().public.mailUrl as string).host
// The regex above guarantees an @, but noUncheckedIndexedAccess doesn't know. // The regex above guarantees an @, but noUncheckedIndexedAccess doesn't know.
const localPart = email.split('@')[0] ?? email const localPart = email.split('@')[0] ?? email
// All user-visible labels derive from the address's own domain — this is a
// white-label platform, so neither "dezky" nor "Stalwart" may appear in a
// customer's account list.
const domain = email.split('@')[1] ?? mailHost
const d = xmlEscape(domain)
const accountUuid = randomUUID() const accountUuid = randomUUID()
const caldavUuid = randomUUID() const caldavUuid = randomUUID()
const carddavUuid = randomUUID() const carddavUuid = randomUUID()
@@ -56,7 +61,7 @@ export default defineEventHandler(async (event) => {
<key>PayloadContent</key> <key>PayloadContent</key>
<array> <array>
<dict> <dict>
<key>EmailAccountDescription</key><string>dezky mail (${e})</string> <key>EmailAccountDescription</key><string>${d}</string>
<key>EmailAccountName</key><string>${n}</string> <key>EmailAccountName</key><string>${n}</string>
<key>EmailAccountType</key><string>EmailTypeIMAP</string> <key>EmailAccountType</key><string>EmailTypeIMAP</string>
<key>EmailAddress</key><string>${e}</string> <key>EmailAddress</key><string>${e}</string>
@@ -75,33 +80,33 @@ export default defineEventHandler(async (event) => {
<key>PreventMove</key><false/> <key>PreventMove</key><false/>
<key>SMIMEEnabled</key><false/> <key>SMIMEEnabled</key><false/>
<key>PayloadDescription</key><string>Configures the ${e} mail account.</string> <key>PayloadDescription</key><string>Configures the ${e} mail account.</string>
<key>PayloadDisplayName</key><string>dezky mail</string> <key>PayloadDisplayName</key><string>Mail (${d})</string>
<key>PayloadIdentifier</key><string>eu.dezky.mail.${xmlEscape(localPart)}</string> <key>PayloadIdentifier</key><string>eu.dezky.mail.${xmlEscape(localPart)}</string>
<key>PayloadType</key><string>com.apple.mail.managed</string> <key>PayloadType</key><string>com.apple.mail.managed</string>
<key>PayloadUUID</key><string>${accountUuid}</string> <key>PayloadUUID</key><string>${accountUuid}</string>
<key>PayloadVersion</key><integer>1</integer> <key>PayloadVersion</key><integer>1</integer>
</dict> </dict>
<dict> <dict>
<key>CalDAVAccountDescription</key><string>dezky calendar (${e})</string> <key>CalDAVAccountDescription</key><string>${d} calendar</string>
<key>CalDAVHostName</key><string>${h}</string> <key>CalDAVHostName</key><string>${h}</string>
<key>CalDAVPort</key><integer>443</integer> <key>CalDAVPort</key><integer>443</integer>
<key>CalDAVUseSSL</key><true/> <key>CalDAVUseSSL</key><true/>
<key>CalDAVUsername</key><string>${e}</string> <key>CalDAVUsername</key><string>${e}</string>
<key>PayloadDescription</key><string>Configures the ${e} calendar account.</string> <key>PayloadDescription</key><string>Configures the ${e} calendar account.</string>
<key>PayloadDisplayName</key><string>dezky calendar</string> <key>PayloadDisplayName</key><string>Calendar (${d})</string>
<key>PayloadIdentifier</key><string>eu.dezky.caldav.${xmlEscape(localPart)}</string> <key>PayloadIdentifier</key><string>eu.dezky.caldav.${xmlEscape(localPart)}</string>
<key>PayloadType</key><string>com.apple.caldav.account</string> <key>PayloadType</key><string>com.apple.caldav.account</string>
<key>PayloadUUID</key><string>${caldavUuid}</string> <key>PayloadUUID</key><string>${caldavUuid}</string>
<key>PayloadVersion</key><integer>1</integer> <key>PayloadVersion</key><integer>1</integer>
</dict> </dict>
<dict> <dict>
<key>CardDAVAccountDescription</key><string>dezky contacts (${e})</string> <key>CardDAVAccountDescription</key><string>${d} contacts</string>
<key>CardDAVHostName</key><string>${h}</string> <key>CardDAVHostName</key><string>${h}</string>
<key>CardDAVPort</key><integer>443</integer> <key>CardDAVPort</key><integer>443</integer>
<key>CardDAVUseSSL</key><true/> <key>CardDAVUseSSL</key><true/>
<key>CardDAVUsername</key><string>${e}</string> <key>CardDAVUsername</key><string>${e}</string>
<key>PayloadDescription</key><string>Configures the ${e} contacts account.</string> <key>PayloadDescription</key><string>Configures the ${e} contacts account.</string>
<key>PayloadDisplayName</key><string>dezky contacts</string> <key>PayloadDisplayName</key><string>Contacts (${d})</string>
<key>PayloadIdentifier</key><string>eu.dezky.carddav.${xmlEscape(localPart)}</string> <key>PayloadIdentifier</key><string>eu.dezky.carddav.${xmlEscape(localPart)}</string>
<key>PayloadType</key><string>com.apple.carddav.account</string> <key>PayloadType</key><string>com.apple.carddav.account</string>
<key>PayloadUUID</key><string>${carddavUuid}</string> <key>PayloadUUID</key><string>${carddavUuid}</string>
@@ -109,9 +114,9 @@ export default defineEventHandler(async (event) => {
</dict> </dict>
</array> </array>
<key>PayloadDescription</key><string>Sets up ${e} in Apple Mail, Calendar and Contacts. You'll be asked for the mailbox password during installation.</string> <key>PayloadDescription</key><string>Sets up ${e} in Apple Mail, Calendar and Contacts. You'll be asked for the mailbox password during installation.</string>
<key>PayloadDisplayName</key><string>dezky mail — ${e}</string> <key>PayloadDisplayName</key><string>${d} — mail, calendar &amp; contacts (${e})</string>
<key>PayloadIdentifier</key><string>eu.dezky.profile.${xmlEscape(localPart)}</string> <key>PayloadIdentifier</key><string>eu.dezky.profile.${xmlEscape(localPart)}</string>
<key>PayloadOrganization</key><string>dezky</string> <key>PayloadOrganization</key><string>${d}</string>
<key>PayloadRemovalDisallowed</key><false/> <key>PayloadRemovalDisallowed</key><false/>
<key>PayloadType</key><string>Configuration</string> <key>PayloadType</key><string>Configuration</string>
<key>PayloadUUID</key><string>${profileUuid}</string> <key>PayloadUUID</key><string>${profileUuid}</string>