OAuth redirect URIs should be customizable

[nick-oconnor]

Prerequisites

• I have searched for duplicate or closed issues
• I can recreate the issue with all plugins disabled

Describe the issue

I use an nginx proxy which terminates TLS requests on port 443 and proxies the requests to a Roundcube instance running on port 80. Roundcube generates the correct OAuth redirect URIs when use_https is set, i.e. https://domain.tld/index.php/login/oauth.

The problem arises when running Roundcube on non-standard ports, i.e. the non-root variant containers added in roundcube/roundcubemail-docker/pull/310 runs Apache on port 8000. In this case, Roundcube generates https://domain.tld:8000/index.php/login/oauth which is incorrect.

There does not appear to be a way to work around the issue. I think the simplest and most robust solution is to allow users to customize the non-path portions of the redirect URI.

What browser(s) are you seeing the problem on?

No response

What version of PHP are you using?

No response

What version of Roundcube are you using?

1.7-git

JavaScript errors

No response

PHP errors

No response

[alecpl]

I guess, something like this for a start:

-- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@@ -374,6 +374,9 @@ $config['oauth_identity_uri'] = null;
 // Optional: Endpoint for OIDC Logout propagation
 $config['oauth_logout_uri'] = null;
 
+// Optional: Base URL for authentication redirect. /index.php/login/oauth will be added to it.
+$config['oauth_redirect_uri'] = null;
+
 // Optional: timeout for HTTP requests to OAuth server
 $config['oauth_timeout'] = 10;
 
diff --git a/program/include/rcmail_oauth.php b/program/include/rcmail_oauth.php
index b51358529..83194bced 100644
--- a/program/include/rcmail_oauth.php
+++ b/program/include/rcmail_oauth.php
@@ -490,7 +490,7 @@ class rcmail_oauth
      */
     public function get_redirect_uri()
     {
-        $url = $this->rcmail->url([]);
+        $url = $this->rcmail->config->get('oauth_redirect_uri') ?: $this->rcmail->url([]);
 
         // rewrite redirect URL to not contain query parameters because some providers do not support this
         $url = preg_replace('/\?.*/', '', $url);

[alecpl]

I introduced support for X-Forwarded-Host/X-Forwarded-Port header. Also I added request_url option.