From 8cb5ef363a7752ad4e1aa8e747c8c8235f8c0edc Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Mon, 29 Nov 2021 14:38:05 -0500
Subject: [PATCH] fix(mail): only apply IMAP host constraint when SSO is
 enabled

Fixes #5433
---
 SoObjects/Mailer/SOGoMailBaseObject.m                 | 11 +++++++++--
 .../js/Preferences/AccountDialogController.js         |  4 ++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/SoObjects/Mailer/SOGoMailBaseObject.m b/SoObjects/Mailer/SOGoMailBaseObject.m
index f02e70acdf..9d415c67a1 100644
--- a/SoObjects/Mailer/SOGoMailBaseObject.m
+++ b/SoObjects/Mailer/SOGoMailBaseObject.m
@@ -1,6 +1,5 @@
 /*
-  Copyright (C) 2007-2014 Inverse inc.
-  Copyright (C) 2004-2005 SKYRIX Software AG
+  Copyright (C) 2007-2021 Inverse inc.
 
   This file is part of SOGo.
 
@@ -31,6 +30,7 @@
 #import <NGImap4/NGImap4Client.h>
 
 #import <SOGo/SOGoCache.h>
+#import <SOGo/SOGoSystemDefaults.h>
 #import <SOGo/SOGoUser.h>
 #import <SOGo/WORequest+SOGo.h>
 
@@ -134,6 +134,8 @@ - (NGImap4Connection *) _createIMAP4Connection
   NGImap4Connection *newConnection;
   NSString *password;
   NSHost *host;
+  SOGoSystemDefaults *sd;
+  BOOL usesSSO;
 
   [self imap4URL];
 
@@ -141,7 +143,12 @@ - (NGImap4Connection *) _createIMAP4Connection
   // for an account number greater than 0 (default account). We prevent that
   // for security reasons if admins use an IMAP trust.
   host = [NSHost hostWithName: [[self imap4URL] host]];
+
+  sd = [SOGoSystemDefaults sharedSystemDefaults];
+  usesSSO = [[sd authenticationType] isEqualToString: @"cas"] || [[sd authenticationType] isEqualToString: @"saml2"];
+
   if (![[[self mailAccountFolder] nameInContainer] isEqualToString: @"0"] &&
+      usesSSO &&
       [[host address] isEqualToString: @"127.0.0.1"])
     {
       [self errorWithFormat: @"Trying to use localhost for additional IMAP account - aborting."];
diff --git a/UI/WebServerResources/js/Preferences/AccountDialogController.js b/UI/WebServerResources/js/Preferences/AccountDialogController.js
index 51ca172785..fc57577895 100644
--- a/UI/WebServerResources/js/Preferences/AccountDialogController.js
+++ b/UI/WebServerResources/js/Preferences/AccountDialogController.js
@@ -9,13 +9,13 @@
    */
   AccountDialogController.$inject = ['$timeout', '$window', '$mdConstant', '$mdDialog', 'FileUploader', 'Dialog', 'sgSettings', 'defaults', 'account', 'accountId', 'mailCustomFromEnabled'];
   function AccountDialogController($timeout, $window, $mdConstant, $mdDialog, FileUploader, Dialog, Settings, defaults, account, accountId, mailCustomFromEnabled) {
-    var vm = this;
+    var vm = this, usesSSO = $window.usesCASAuthentication || $window.usesSAML2Authentication;
 
     this.defaultPort = 143;
     this.defaults = defaults;
     this.account = account;
     this.accountId = accountId;
-    this.hostnameRE = accountId > 0 ? /^(?!(127\.0\.0\.1|localhost(?:\.localdomain)?)$)/ : /./;
+    this.hostnameRE = usesSSO && accountId > 0 ? /^(?!(127\.0\.0\.1|localhost(?:\.localdomain)?)$)/ : /./;
     this.addressesSearchText = '';
     this.emailSeparatorKeys = [
       $mdConstant.KEY_CODE.ENTER,