Show explicit error message when provided hostname is invalid (#1488550)

4 files changed, 63 insertions, 12 deletions

diff --git a/CHANGELOG b/CHANGELOG
index bdc472ad3..54aecd690 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Show explicit error message when provided hostname is invalid (#1488550)
 - Fix wrong compose screen elements focus in IE9 (#1488541)
 - Fix fatal error when date.timezone isn't set (#1488546)
 - Update to TinyMCE 3.5.4.1
diff --git a/index.php b/index.php
index c823f19ae..54b87ce0a 100644
--- a/index.php
+++ b/index.php
@@ -100,12 +100,9 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
     'valid' => $request_valid,
   ));
 
-  // check if client supports cookies
-  if ($auth['cookiecheck'] && empty($_COOKIE)) {
-    $OUTPUT->show_message("cookiesdisabled", 'warning');
-  }
-  else if ($auth['valid'] && !$auth['abort'] &&
-    $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
+  // Login
+  if ($auth['valid'] && !$auth['abort'] &&
+    $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
   ) {
     // create new session ID, don't destroy the current session
     // it was destroyed already by $RCMAIL->kill_session() above
@@ -140,9 +137,23 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
     $OUTPUT->redirect($redir);
   }
   else {
-    $error_code = is_object($RCMAIL->storage) ? $RCMAIL->storage->get_error_code() : 1;
+    if (!$auth['valid']) {
+      $error_code  = RCMAIL::ERROR_INVALID_REQUEST;
+    }
+    else {
+      $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
+    }
+
+    $error_labels = array(
+      RCMAIL::ERROR_STORAGE          => 'storageerror',
+      RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
+      RCMAIL::ERROR_INVALID_REQUEST  => 'invalidrequest',
+      RCMAIL::ERROR_INVALID_HOST     => 'invalidhost',
+    );
+
+    $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';
 
-    $OUTPUT->show_message($error_code < -1 ? 'storageerror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning');
+    $OUTPUT->show_message($error_message, 'warning');
     $RCMAIL->plugins->exec_hook('login_failed', array(
       'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
     $RCMAIL->kill_session();
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 8ec8cfe47..63ae8e20f 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -58,6 +58,12 @@ class rcmail extends rcube
 
   const JS_OBJECT_NAME = 'rcmail';
 
+  const ERROR_STORAGE          = -2;
+  const ERROR_INVALID_REQUEST  = 1;
+  const ERROR_INVALID_HOST     = 2;
+  const ERROR_COOKIES_DISABLED = 3;
+
+
   /**
    * This implements the 'singleton' design pattern
    *
@@ -366,15 +372,23 @@ class rcmail extends rcube
    * @param string Mail storage (IMAP) user name
    * @param string Mail storage (IMAP) password
    * @param string Mail storage (IMAP) host
+   * @param bool   Enables cookie check
    *
    * @return boolean True on success, False on failure
    */
-  function login($username, $pass, $host=NULL)
+  function login($username, $pass, $host = null, $cookiecheck = false)
   {
+    $this->login_error = null;
+
     if (empty($username)) {
       return false;
     }
 
+    if ($cookiecheck && empty($_COOKIE)) {
+      $this->login_error = self::ERROR_COOKIES_DISABLED;
+      return false;
+    }
+
     $config = $this->config->all();
 
     if (!$host)
@@ -391,11 +405,18 @@ class rcmail extends rcube
           break;
         }
       }
-      if (!$allowed)
-        return false;
+      if (!$allowed) {
+        $host = null;
       }
-    else if (!empty($config['default_host']) && $host != rcube_utils::parse_host($config['default_host']))
+    }
+    else if (!empty($config['default_host']) && $host != rcube_utils::parse_host($config['default_host'])) {
+      $host = null;
+    }
+
+    if (!$host) {
+      $this->login_error = self::ERROR_INVALID_HOST;
       return false;
+    }
 
     // parse $host URL
     $a_host = parse_url($host);
@@ -534,6 +555,23 @@ class rcmail extends rcube
   }
 
 
+    /**
+     * Returns error code of last login operation
+     *
+     * @return int Error code
+     */
+    public function login_error()
+    {
+        if ($this->login_error) {
+            return $this->login_error;
+        }
+
+        if ($this->storage && $this->storage->get_error_code() < -1) {
+            return self::ERROR_STORAGE;
+        }
+    }
+
+
   /**
    * Auto-select IMAP host based on the posted login information
    *
diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index 995be7b65..cabc9998b 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -33,6 +33,7 @@ $messages['requesttimedout'] = 'Request timed out';
 $messages['errorreadonly'] = 'Unable to perform operation. Folder is read-only.';
 $messages['errornoperm'] = 'Unable to perform operation. Permission denied.';
 $messages['invalidrequest'] = 'Invalid request! No data was saved.';
+$messages['invalidhost'] = 'Invalid server name.';
 $messages['nomessagesfound'] = 'No messages found in this mailbox.';
 $messages['loggedout'] = 'You have successfully terminated the session. Good bye!';
 $messages['mailboxempty'] = 'Mailbox is empty.';