whmcsZimbraSingle/zimbraSingle.php

<?php

/**
 * WHMCS Zimbra Provisioning Module
 *
 * Provisioning for private mailboxes on a Zimbra Server
 *
 * @see https://www.zimbra.com
 * @copyright Copyright (c) Thurdata GmbH 2020
 * @license GPL
 */

if (!defined('WHMCS')) {
    die('This file cannot be accessed directly');
}
use WHMCS\Database\Capsule;

/**
 * Requires this PHP api to make soap calls and parse responses
 * This is an extend version of:
 * @see https://github.com/alloylab/zimbra-admin-api-soap-php
 */
require_once(__DIR__ . '/api/Zm/Auth.php');
require_once(__DIR__ . '/api/Zm/Account.php');
require_once(__DIR__ . '/api/Zm/Domain.php');
require_once(__DIR__ . '/api/Zm/Server.php');

/**
 * Helper function to find values of a named key in a multidimensional arrays or objects
 * 
 * @param array $haystack mixed data
 * @param string $needle key to search for values
 * @return array of values
 */
function zimbraSingleFindAll($haystack, $needle)
{
    $values = array();
    $iterator  = new RecursiveArrayIterator((array)$haystack);
    $recursive = new RecursiveIteratorIterator(
        $iterator,
        RecursiveIteratorIterator::SELF_FIRST
    );
    foreach ($recursive as $key => $value) {
        if ($key === $needle) {
            array_push($values, $value);
        }
    }
    return $values;
}

/**
 * server side password check
 * 
 * recheck the client side password check
 * in case that the client side check has been disabled
 * 
 * @param string $pwd password
 * 
 * @return string missing features or null if the password matches our needs
 */
function zimbraSingleCheckPassword($pwd) {
    if (strlen($pwd) < 8) {
        return 'Das das Passwort ist zu kurz. Es werden mind. 8 Zeichen benötigt';
    }

    if (!preg_match('#[0-9]+#', $pwd)) {
        return 'Das Passwort muss mindestens eine Zahl enthalten';
    }

    if (!preg_match('#[A-Z]+#', $pwd)) {
        return 'Das Passwort muss mindestens einen Grossbuchstaben (A-Z) enthalten';
    }     

    if (!preg_match('#[a-z]+#', $pwd)) {
        return 'Das Passwort muss mindestens einen Kleinbuchstaben (a-z) enthalten';
    }     

    if (!preg_match('#[^\w]+#', $pwd)) {
        return 'Das Passwort muss mindestens ein Sonderzeichen (.,-:=) enthalten';
    }
    return null;
}

/**
 * Define module related meta data.
 *
 * Values returned here are used to determine module related abilities and
 * settings.
 *
 * @see https://developers.whmcs.com/provisioning-modules/meta-data-params/
 *
 * @return array
 */
function zimbraSingle_MetaData() {
    return array(
        'DisplayName' => 'Zimbra Single Mailbox Provisioning',
        'APIVersion' => '1.2',
        'DefaultNonSSLPort' => '7071',
        'DefaultSSLPort' => '7071',
        'RequiresServer' => true,
        'ServiceSingleSignOnLabel' => 'Login to Zimbra',
        'AdminSingleSignOnLabel' => 'Login to Zimbra Admin'
    );
}

/**
 * Test connection to a Zimbra server with the given server parameters.
 *
 * Allows an admin user to verify that an API connection can be
 * successfully made with the given configuration parameters for a
 * server.
 *
 * When defined in a module, a Test Connection button will appear
 * alongside the Server Type dropdown when adding or editing an
 * existing server.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return array
 */
function zimbraSingle_TestConnection($params) {
    $auth = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $auth->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Connection failed, cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return array(
            'success' => false,
            'error' => 'Connection failed, cannot login to ' . $params['serverhostname'],
        );
    }
    return array(
        'success' => true,
        'error' => '',
    );
}

/**
 * Client area output logic handling.
 *
 * This function is used to define module specific client area output. It should
 * return an array consisting of a template file and optional additional
 * template variables to make available to that template.
 *
 * The template file you return can be one of two types:
 *
 * * tabOverviewModuleOutputTemplate - The output of the template provided here
 *   will be displayed as part of the default product/service client area
 *   product overview page.
 *
 * * tabOverviewReplacementTemplate - Alternatively using this option allows you
 *   to entirely take control of the product/service overview page within the
 *   client area.
 *
 * Whichever option you choose, extra template variables are defined in the same
 * way. This demonstrates the use of the full replacement.
 *
 * Please Note: Using tabOverviewReplacementTemplate means you should display
 * the standard information such as pricing and billing details in your custom
 * template or they will not be visible to the end user.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return array
 */
function zimbraSingle_ClientArea($params) {
    $clientInfo = array();
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $accessData['zimbraServer'],
            $login->getMessage()
        );
        return false;
    }
    $apiAccountManager = new Zm_Account($api);
    $accountInfo = $apiAccountManager->getAccountInfo($params['username']);
    if(is_a($accountInfo, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not gather informations for ' . $params['username'],
            $accountInfo->getMessage()
        );
        return false;
    }
    $webmailUrl = zimbraSingleFindAll($accountInfo, 'PUBLICMAILURL');
    $clientInfo['webmailurl'] = $webmailUrl[0]['DATA'];
    return array(
        'templatefile' => 'clientarea',
        'vars' => $clientInfo,
    );
}

/**
 * Usage Update
 * 
 * Important: Runs daily per server not per product
 * Run Manually: /admin/reports.php?report=disk_usage_summary&action=updatestats
 * @param array $params common module parameters
 * 
 * @see https://developers.whmcs.com/provisioning-modules/usage-update/
 */
function zimbraSingle_UsageUpdate($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return false;
    }
    $apiAccountManager = new Zm_Account($api);
    $productsObj = Capsule::table('tblhosting')
        ->select('*')
        ->where('server', '=', $params['serverid'])
        ->where('domainstatus', '=', 'Active')
        ->get();
    foreach((array)$productsObj as $productObj) {
        $product = get_object_vars($productObj[0]);
        $accountQuota = $apiAccountManager->getQuota($product['username']);
        if(is_a($accountQuota, 'Exception')) {
            logModuleCall(
                'zimbrasingle',
                __FUNCTION__,
                $params,
                'Error : could not find quota for ' . $product['username'],
                $accountQuota->getMessage()
            );
            break;
        }
        $mboxObj = $apiAccountManager->getMailbox($product['username']);
        if(is_a($mboxObj, 'Exception')) {
            logModuleCall(
                'zimbrasingle',
                __FUNCTION__,
                $params,
                'Error: could not fetch mailbox info for ' . $product['username'],
                $mboxObj->getMessage()
            );
            break;
        }
        $mboxVars = get_object_vars($mboxObj);
        $mboxSize = $mboxVars['S'];
        try {
            Capsule::table('tblhosting')
                ->where('id', '=', $product['id'])
                ->update(
                    array(
                        'diskusage' => round($mboxSize / 1048576,2),
                        'disklimit' => round($accountQuota / 1048576,2),
                        'lastupdate' => Capsule::raw('now()')
                    )
                );
        } catch (\Exception $e) {
            logModuleCall(
                'zimbrasingle',
                __FUNCTION__,
                $params,
                'Error: could update usage information for ' . $product['username'],
                $e->getMessage()
            );
        }
    }
}

/**
 * Change the password for a Zimbra account.
 *
 * Called when a password change is requested. This can occur either due to a
 * client requesting it via the client area or an admin requesting it from the
 * admin side.
 *
 * This option is only available to client end users when the product is in an
 * active status.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_ChangePassword($params) {
	$checkPassword = zimbraSingleCheckPassword($params['password']);
	if ($checkPassword != null) {
	    return $checkPassword;
	}
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return false;
    }
    $apiAccountManager = new Zm_Account($api);
    $response = $apiAccountManager->setAccountPassword($params['username'], $params['password']);
    if(is_a($response, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: password could not be set for ' . $params['username'],
            $response->getMessage()
        );
        return false;
    }
    return 'success';
}

/**
 * Provision a new instance of a Zimbra account.
 *
 * Attempt to provision a new Zimbra mail account. This is
 * called any time provisioning is requested inside of WHMCS. Depending upon the
 * configuration, this can be any of:
 * * When a new order is placed
 * * When an invoice for a new order is paid
 * * Upon manual request by an admin user
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_CreateAccount($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $params['username'] = $params['customfields']['username'] . '@' . $params['customfields']['maildomain'];
    $apiAccountManager = new Zm_Account($api);
    $accountExists = $apiAccountManager->accountExists($params['username']);
    if(is_a($accountExists, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not verify ' . $params['username'],
            $accountExists->getMessage()
        );
        return 'Error: could not verify '. $params['username'];
    }
    if($accountExists === true) {
        return 'Error: account already exists ' . $params['username'];
    }
    $attrs = array();
    $attrs['gn'] = $params['customfields']['givenname'];
    $attrs['sn'] = $params['customfields']['sn'];
    $attrs['displayName'] = $attrs['gn'] . ' ' . $attrs['sn'];
    $passDecrypt = localAPI('DecryptPassword', array('password2' => $params['customfields']['password']));
    if ($passDecrypt['result'] == 'success') {
        $params['password'] = $passDecrypt['password'];
    } else {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not decrypt password',
            $passDecrypt['message']
            );
            return 'Error: could not decrypt password';
    }
    $cosID = $apiAccountManager->getCosId($params['configoption1']);
    if(is_a($cosID, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not find serviceclass ' . $params['configoption1'],
            $cosID->getMessage()
        );
        return 'Error: could not find serviceclass ' . $params['configoption1'];
    }
    $attrs['zimbraCOSId'] = $cosID;
    $zimbraID = $apiAccountManager->createAccount($params['username'], $params['password'], $attrs);
    if(is_a($zimbraID, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not create account ' . $params['username'],
            $zimbraID->getMessage()
        );
        return 'Error: could not create account ' . $params['username'];
    }
    try {
        Capsule::table('tblhosting')
            ->where('id', '=', $params['serviceid'])
            ->update(
                array(
                    'username' => $params['username'],
                    'password' => $params['customfields']['password'],
                )
            );
    } catch (\Exception $e) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could save username & password in database',
            $e->getMessage()
        );
        return 'Error: could save username & password in database';
    }
    return 'success';
}

/**
 * Set a Zimbra account to status locked.
 *
 * Called when a suspension is requested. This is invoked automatically by WHMCS
 * when a product becomes overdue on payment or can be called manually by admin
 * user.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_SuspendAccount($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $apiAccountManager = new Zm_Account($api);
    $response = $apiAccountManager->setAccountStatus($params['username'], 'locked');
    if(is_a($response, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not lock account ' . $params['username'],
            $response->getMessage()
        );
        return false;
    }
    return 'success';
}

/**
 * Set a Zimbra account to status active.
 *
 * Called when an un-suspension is requested. This is invoked
 * automatically upon payment of an overdue invoice for a product, or
 * can be called manually by admin user.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_UnsuspendAccount($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $apiAccountManager = new Zm_Account($api);
    $response = $apiAccountManager->setAccountStatus($params['username'], 'active');
    if(is_a($response, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not unlock account ' . $params['username'],
            $response->getMessage()
            );
        return 'Error: could not unlock account ' . $params['username'];
    }
    return 'success';
}

/**
 * Removes a Zimbra account.
 *
 * Called when a termination is requested. This can be invoked automatically for
 * overdue products if enabled, or requested manually by an admin user.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_TerminateAccount($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $apiAccountManager = new Zm_Account($api);
    $accountStatus = $apiAccountManager->getAccountStatus($params['username']);
    if(is_a($accountStatus, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not verify account '. $params['username'],
            $accountStatus->getMessage()
        );
        return 'Error : account ' . $params['username'] . ' Name could not verified';
    }
    if ($accountStatus != 'locked') {
        return 'Account '. $params['username'] . ' is active, suspend account first!';
    }
    $response = $apiAccountManager->deleteAccount($params['username']);
    if(is_a($response, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not remove account '. $params['username'],
            $response->getMessage()
        );
        return 'Error: could not remove account '. $params['username'];
    }
    return 'success';
}

/**
 * Set a new class of service for a Zimbra account.
 *
 * Called to apply a change of the class of service. It
 * is called to provision upgrade or downgrade orders, as well as being
 * able to be invoked manually by an admin user.
 *
 * This same function is called for upgrades and downgrades of both
 * products and configurable options.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return string 'success' or an error message
 */
function zimbraSingle_ChangePackage($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $apiAccountManager = new Zm_Account($api);
    $response = $apiAccountManager->setAccountCos($params['username'], $params['configoption1']);
    if(is_a($response, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not set class of service for '. $params['username'],
            $response->getMessage()
        );
        return 'Error: could not set class of service for '. $params['username'];
    }
    $accountQuota = $apiAccountManager->getQuota($params['username']);
    if(is_a($accountQuota, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error : could not find quota for ' . $params['username'],
            $accountQuota->getMessage()
        );
    }
    try {
        Capsule::table('tblhosting')
            ->where('id', '=', $params['serviceid'])
            ->update(
                array(
                    'disklimit' => $accountQuota,
                )
            );
    } catch (\Exception $e) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not update quota in database',
            $e->getMessage()
        );
        return 'Error: could not update quota in database';
    }
    return 'success';
}

/**
 * Define Zimbra product configuration options.
 *
 * Gather classes of service from the Zinbra server.
 * Calls a function to create all necessary customfields for the order form using the selected values.
 *
 * @see https://developers.whmcs.com/provisioning-modules/config-options/
 *
 * @return array
 */
function zimbraSingle_ConfigOptions($params) {
    $whmcs = App::self();
    $serverGroupID = $whmcs->get_req_var('servergroup');
    $serverIDObj = Capsule::table('tblservergroupsrel')
        ->select('serverid')
        ->where('groupid', '=', $serverGroupID)
        ->get();
    $serverIDArray = zimbraSingleFindAll($serverIDObj,'serverid');
    $server = Capsule::table('tblservers')
        ->select('ipaddress', 'username', 'password')
        ->where('id', $serverIDArray)
        ->where('active', '=', 1)
        ->get();
    $accessData['zimbraServer'] = $server[0]->ipaddress;
    $accessData['adminUser'] = $server[0]->username;
    $adminPassCrypt = $server[0]->password;
    $adminPassDecrypt = localAPI('DecryptPassword', array('password2' => $adminPassCrypt));
    if ($adminPassDecrypt['result'] == 'success') {
        $accessData['adminPass'] = $adminPassDecrypt['password'];
    } else {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $adminPassCrypt,
            'Error: cloud not decrypt admin password' ,
            $adminPassDecrypt['message']
        );
        return false;
    }
    $api = new Zm_Auth($accessData['zimbraServer'], $accessData['adminUser'], $accessData['adminPass'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $accessData['zimbraServer'],
            $login->getMessage()
        );
        return false;
    }
    $apiAccountManager = new Zm_Account($api);
    $cosIDs = $apiAccountManager->getAllCos();
    if(is_a($cosIDs, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: could not fetch classes of service',
            $cosIDs->getMessage()
        );
        return false;
    }
    $cosNames = zimbraSingleFindAll($cosIDs, 'NAME');
    $configOptions = array();
    $configOptions['cos'] = array(
        'FriendlyName' => 'Class of Service',
        'Type' => 'dropdown',
        'Options' => implode(',', $cosNames),
        'Description' => 'Select COS',
    );
    return $configOptions;
}

/**
 * Perform single sign-on for a given instance of a product/service.
 *
 * Called when single sign-on is requested for an instance of a product/service.
 *
 * When successful, returns an URL to which the user should be redirected.
 *
 * @param array $params common module parameters
 *
 * @see https://developers.whmcs.com/provisioning-modules/module-parameters/
 *
 * @return array
 */
function zimbraSingle_ServiceSingleSignOn($params) {
    $api = new Zm_Auth($params['serverhostname'], $params['serverusername'], $params['serverpassword'], 'admin');
    $login = $api->login();
    if(is_a($login, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error: cannot login to ' . $params['serverhostname'],
            $login->getMessage()
        );
        return $login->getMessage();
    }
    $apiDomainManager = new Zm_Domain($api);
    $domainOptions = $apiDomainManager->getDomainOptions($params['customfields']['maildomain']);
    if(is_a($domainOptions, 'Exception')) {
        logModuleCall(
            'zimbrasingle',
            __FUNCTION__,
            $params,
            'Error : could not fetch options for ' . $params['customfields']['maildomain'],
            $domainOptions->getMessage()
        );
        return $domainOptions->getMessage();
    }
    $preAuthKey = $domainOptions['zimbraPreAuthKey'];
    $apiAccountManager= new Zm_Account($api);
    $authToken = $apiAccountManager->getAccountToken($params['username'], $preAuthKey, '1000');
    logModuleCall(
        'zimbrasingle',
        __FUNCTION__,
        $params,
        'Debug',
        $authToken
    );
    return array(
        'success' => true,
        'redirectTo' => 'https://testserver.test.local/' . $authToken,
    );
}