Patch to force email address of identities to belong to a certain set of domains (ie. vanity domains)

[phallstrom]

Our system has a single mailbox per user. And users login using only their username and password (no domain part). However, we'd like them to be able to pick from one of several domains, but *not* change their username (so as to make it harder to spoof email as easily).

The below patch adds a configuration option "identity_domains" that contains a list of domains the identity can "belong to". If set the edit/save identity pages have been modified to turn the email text field into a select field containing a list of the domains prepended with their username. A couple of the helper methods (for generating form elements) were also updated to allow passing in a select field.

Index: config/main.inc.php
===================================================================
--- config/main.inc.php (revision 7)
+++ config/main.inc.php (working copy)
@@ -49,6 +49,10 @@
 // Specify an array with 'host' => 'domain' values to support multiple hosts
 $rcmail_config['mail_domain'] = 'example.com';

+// If set identity email addresses will be composed of the user login
+// and one of these domains.
+$rcmail_config['identity_domains'] = array('example.com', 'exampleone.com', 'exampletwo.com');
+
 // Path to a virtuser table file to resolve user names and e-mail addresses
 $rcmail_config['virtuser_file'] = '';

Index: program/include/main.inc
===================================================================
--- program/include/main.inc    (revision 6)
+++ program/include/main.inc    (working copy)
@@ -1242,6 +1242,16 @@
     $attrib['cols'] = $attrib['size'];
     $input = new textarea($attrib);
     }
+  else if ($type=='select')
+    {
+    $options = $attrib['options'];
+    unset($attrib['options']);
+    $input = new select($attrib);
+    foreach ($options as $key => $val)
+      {
+      $input->add($val, (is_numeric($key) ? $val : $key));
+      }
+    }
   else
     $input = new textfield($attrib);

Index: program/steps/settings/save_identity.inc
===================================================================
--- program/steps/settings/save_identity.inc    (revision 2)
+++ program/steps/settings/save_identity.inc    (working copy)
@@ -32,7 +32,19 @@
   return;
   }
 
+// if identity_domains is set make sure the email domain is included
+if (isset($CONFIG['identity_domains']) && is_array($CONFIG['identity_domains']))
+  {
+  list($user, $domain) = split('@', $_POST['_email']);
+  if (!in_array($domain, $CONFIG['identity_domains']))
+    {
+    $OUTPUT->show_message('noemailwarning', 'warning');
+    rcmail_overwrite_action('edit-identitiy');
+    return;
+    }
+  }
 
+
 // update an existing contact
 if ($_POST['_iid'])
   {

{{{
Index: program/steps/settings/edit_identity.inc
===================================================================
--- program/steps/settings/edit_identity.inc    (revision 2)
+++ program/steps/settings/edit_identity.inc    (working copy)
@@ -44,7 +44,7 @@
 
 function rcube_identity_form($attrib)
   {
-  global $IDENTITY_RECORD, $OUTPUT;
+  global $CONFIG, $IDENTITY_RECORD, $OUTPUT;
 
 /*
   $OUTPUT->include_script('tiny_mce/tiny_mce_src.js');
@@ -70,14 +70,28 @@
   list($form_start, $form_end) = get_form_tags($attrib, 'save-identity', array('name' => '_iid', 'value' => $IDENTITY_RECORD['identity_id']));
   unset($attrib['form']);
 
+  // create list of valid email addresses for identity form
+  if (isset($CONFIG['identity_domains']) && is_array($CONFIG['identity_domains']))
+    {
+    foreach ($CONFIG['identity_domains'] as $domain)
+      {
+      $email_options[] = $_SESSION['username'] . '@' . $domain;
+      }
+    $email_a_show_cols = array('type' => 'select', 'options' => $email_options);
+    }
+  else
+    {
+    $email_a_show_cols = array('type' => 'text');
+    }
 
+
   // list of available cols
   $a_show_cols = array('name'         => array('type' => 'text'),
-                       'email'        => array('type' => 'text'),
+                       'email'        => $email_a_show_cols,
                        'organization' => array('type' => 'text'),
                        'reply-to'     => array('type' => 'text', 'label' => 'replyto'),
                        'bcc'          => array('type' => 'text'),
                        'signature'       => array('type' => 'textarea', 'size' => "40", 'rows' => "4"),
                    //  'html_signature'=>array('type' => 'checkbox', 'label' => 'htmlsignature', 'onclick' => 'return rcmail.toggle_editor(this, \'_signature\');
'),
                        'standard'     => array('type' => 'checkbox', 'label' => 'setdefault'));
 
@@ -122,6 +136,15 @@
       unset($attrib['mce_editable']);
       }
 
+    if ($colprop['type'] == 'select')
+      {
+      $attrib['options'] = $colprop['options'];
+      }
+    else
+      {
+      unset($attrib['options']);
+      }
+
     $label = strlen($colprop['label']) ? $colprop['label'] : $col;
     $value = rcmail_get_edit_field($col, $IDENTITY_RECORD[$col], $attrib, $colprop['type']);
 
}}}

[tensor]

Another option would be to provide a query to set the email via DB lookup.
And another options should control whether users are allowed to change email in their identity.

[alec]

Should be implemented as plugin.