ts-mailcow-api 1.4.0 → 1.6.0

package/README.md

@@ -92,6 +92,7 @@ at a typed interface documented in the
 | `domains`          | Domains                           |
 | `fail2Ban`         | Fail2Ban configuration            |
 | `forwardingHosts`  | Forwarding hosts                  |
+| `identityProvider` | External IdP (Keycloak/LDAP/OIDC) |
 | `logs`             | ACME, API, dovecot, postfix, ...  |
 | `mailbox`          | Mailboxes (and ACL, pushover, ...)|
 | `oauth2`           | OAuth2 clients                    |

package/dist/client.d.ts

@@ -23,6 +23,7 @@ import { TlsPolicyMapEndpoints } from './endpoints/tls-policy-map-endpoints';
 import { DkimEndpoints } from './endpoints/dkim-endpoints';
 import { DomainAdminEndpoints } from './endpoints/domain-admin-endpoints';
 import { RoutingEndpoints } from './endpoints/routing-endpoints';
+import { IdentityProviderEndpoints } from './endpoints/identity-provider-endpoints';
 /**
  * Class containing all the logic to interface with the Mailcow API in TypeScript.
  * @external
@@ -174,5 +175,12 @@ declare class MailcowClient {
      * @external
      */
     routing: RoutingEndpoints;
+    /**
+     * Endpoint for configuring the external Identity Provider (Keycloak,
+     * LDAP, or a generic OIDC provider).
+     * See {@link IdentityProviderEndpoints}
+     * @external
+     */
+    identityProvider: IdentityProviderEndpoints;
 }
 export default MailcowClient;

package/dist/client.js

@@ -24,6 +24,7 @@ const tls_policy_map_endpoints_1 = require("./endpoints/tls-policy-map-endpoints
 const dkim_endpoints_1 = require("./endpoints/dkim-endpoints");
 const domain_admin_endpoints_1 = require("./endpoints/domain-admin-endpoints");
 const routing_endpoints_1 = require("./endpoints/routing-endpoints");
+const identity_provider_endpoints_1 = require("./endpoints/identity-provider-endpoints");
 /**
  * Class containing all the logic to interface with the Mailcow API in TypeScript.
  * @external
@@ -186,6 +187,13 @@ class MailcowClient {
      * @external
      */
     routing = (0, routing_endpoints_1.routingEndpoints)(this);
+    /**
+     * Endpoint for configuring the external Identity Provider (Keycloak,
+     * LDAP, or a generic OIDC provider).
+     * See {@link IdentityProviderEndpoints}
+     * @external
+     */
+    identityProvider = (0, identity_provider_endpoints_1.identityProviderEndpoints)(this);
 }
 exports.default = MailcowClient;
 //# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAGH,mEAAgF;AAChF,uEAAsF;AACtF,mEAAkF;AAClF,uDAA+C;AAC/C,iEAA6E;AAC7E,qEAAmF;AACnF,2EAA4F;AAC5F,6DAAuE;AACvE,uFAA8G;AAC9G,uEAAsF;AACtF,mEAAgF;AAChF,uEAAsF;AACtF,iFAAmG;AACnG,2EAA4F;AAC5F,yEAA2F;AAC3F,mEAAgF;AAChF,+EAAgG;AAChG,mFAAoG;AACpG,+DAA0E;AAC1E,+EAAgG;AAChG,qEAAmF;AAEnF;;;GAGG;AACH,MAAM,aAAa;IACjB;;;OAGG;IACM,QAAQ,CAAS;IAE1B;;;OAGG;IACM,OAAO,CAAS;IAEzB;;;OAGG;IACH,YAAY,CAAqB;IAEjC;;;;;OAKG;IACH,YAAY,QAAgB,EAAE,OAAe,EAAE,kBAAuC;QACpF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/F,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,wCAAwC;QACxC,IAAI,CAAC,YAAY,GAAG;YAClB,GAAG,kBAAkB;YACrB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,IAAI,CAAC,OAAO;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,cAAc,GAAG,IAAI,yBAAc,CAAC,IAAI,CAAC,CAAC;IAEjD;;;OAGG;IACI,OAAO,GAAmB,IAAA,gCAAc,EAAC,IAAI,CAAC,CAAC;IAEtD;;;;OAIG;IACI,OAAO,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAExD;;;;OAIG;IACI,UAAU,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE/D;;;;OAIG;IACI,OAAO,GAAqB,IAAA,mCAAgB,EAAC,IAAI,CAAC,CAAC;IAE1D;;;;OAIG;IACI,QAAQ,GAAqB,IAAA,oCAAgB,EAAC,IAAI,CAAC,CAAC;IAE3D;;;;OAIG;IACI,eAAe,GAAwB,IAAA,0CAAmB,EAAC,IAAI,CAAC,CAAC;IAExE;;;;OAIG;IACI,gBAAgB,GAA8B,IAAA,sDAAyB,EAAC,IAAI,CAAC,CAAC;IAErF;;;;OAIG;IACI,IAAI,GAAiB,IAAA,4BAAY,EAAC,IAAI,CAAC,CAAC;IAE/C;;;;OAIG;IACI,QAAQ,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE7D;;;;OAIG;IACI,MAAM,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAEvD;;;;OAIG;IACI,SAAS,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE9D;;;;OAIG;IACI,YAAY,GAA0B,IAAA,+CAAqB,EAAC,IAAI,CAAC,CAAC;IAEzE;;;;OAIG;IACI,UAAU,GAAwB,IAAA,0CAAmB,EAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACI,UAAU,GAAwB,IAAA,yCAAmB,EAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACI,MAAM,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAEvD;;;;OAIG;IACI,YAAY,GAAyB,IAAA,6CAAoB,EAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACI,aAAa,GAA0B,IAAA,gDAAqB,EAAC,IAAI,CAAC,CAAC;IAE1E;;;;OAIG;IACI,IAAI,GAAkB,IAAA,8BAAa,EAAC,IAAI,CAAC,CAAC;IAEjD;;;;OAIG;IACI,YAAY,GAAyB,IAAA,6CAAoB,EAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACI,OAAO,GAAqB,IAAA,oCAAgB,EAAC,IAAI,CAAC,CAAC;CAC3D;AAED,kBAAe,aAAa,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAGH,mEAAgF;AAChF,uEAAsF;AACtF,mEAAkF;AAClF,uDAA+C;AAC/C,iEAA6E;AAC7E,qEAAmF;AACnF,2EAA4F;AAC5F,6DAAuE;AACvE,uFAA8G;AAC9G,uEAAsF;AACtF,mEAAgF;AAChF,uEAAsF;AACtF,iFAAmG;AACnG,2EAA4F;AAC5F,yEAA2F;AAC3F,mEAAgF;AAChF,+EAAgG;AAChG,mFAAoG;AACpG,+DAA0E;AAC1E,+EAAgG;AAChG,qEAAmF;AACnF,yFAA+G;AAE/G;;;GAGG;AACH,MAAM,aAAa;IACjB;;;OAGG;IACM,QAAQ,CAAS;IAE1B;;;OAGG;IACM,OAAO,CAAS;IAEzB;;;OAGG;IACH,YAAY,CAAqB;IAEjC;;;;;OAKG;IACH,YAAY,QAAgB,EAAE,OAAe,EAAE,kBAAuC;QACpF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/F,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,wCAAwC;QACxC,IAAI,CAAC,YAAY,GAAG;YAClB,GAAG,kBAAkB;YACrB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,IAAI,CAAC,OAAO;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,cAAc,GAAG,IAAI,yBAAc,CAAC,IAAI,CAAC,CAAC;IAEjD;;;OAGG;IACI,OAAO,GAAmB,IAAA,gCAAc,EAAC,IAAI,CAAC,CAAC;IAEtD;;;;OAIG;IACI,OAAO,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAExD;;;;OAIG;IACI,UAAU,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE/D;;;;OAIG;IACI,OAAO,GAAqB,IAAA,mCAAgB,EAAC,IAAI,CAAC,CAAC;IAE1D;;;;OAIG;IACI,QAAQ,GAAqB,IAAA,oCAAgB,EAAC,IAAI,CAAC,CAAC;IAE3D;;;;OAIG;IACI,eAAe,GAAwB,IAAA,0CAAmB,EAAC,IAAI,CAAC,CAAC;IAExE;;;;OAIG;IACI,gBAAgB,GAA8B,IAAA,sDAAyB,EAAC,IAAI,CAAC,CAAC;IAErF;;;;OAIG;IACI,IAAI,GAAiB,IAAA,4BAAY,EAAC,IAAI,CAAC,CAAC;IAE/C;;;;OAIG;IACI,QAAQ,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE7D;;;;OAIG;IACI,MAAM,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAEvD;;;;OAIG;IACI,SAAS,GAAsB,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IAE9D;;;;OAIG;IACI,YAAY,GAA0B,IAAA,+CAAqB,EAAC,IAAI,CAAC,CAAC;IAEzE;;;;OAIG;IACI,UAAU,GAAwB,IAAA,0CAAmB,EAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACI,UAAU,GAAwB,IAAA,yCAAmB,EAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACI,MAAM,GAAoB,IAAA,kCAAe,EAAC,IAAI,CAAC,CAAC;IAEvD;;;;OAIG;IACI,YAAY,GAAyB,IAAA,6CAAoB,EAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACI,aAAa,GAA0B,IAAA,gDAAqB,EAAC,IAAI,CAAC,CAAC;IAE1E;;;;OAIG;IACI,IAAI,GAAkB,IAAA,8BAAa,EAAC,IAAI,CAAC,CAAC;IAEjD;;;;OAIG;IACI,YAAY,GAAyB,IAAA,6CAAoB,EAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACI,OAAO,GAAqB,IAAA,oCAAgB,EAAC,IAAI,CAAC,CAAC;IAE1D;;;;;OAKG;IACI,gBAAgB,GAA8B,IAAA,uDAAyB,EAAC,IAAI,CAAC,CAAC;CACtF;AAED,kBAAe,aAAa,CAAC"}

package/dist/endpoints/identity-provider-endpoints.d.ts

@@ -0,0 +1,27 @@
+import MailcowClient from '../index';
+import { IdentityProviderAttributes, MailcowResponse } from '../types';
+/**
+ * Interface for the external Identity Provider endpoint.
+ *
+ * Mailcow has a single global identity-provider configuration -- there
+ * is no add or delete, only edit -- so this group exposes a single
+ * method.
+ */
+export interface IdentityProviderEndpoints {
+    /**
+     * Configure (or reconfigure) the external Identity Provider used for
+     * Mailcow login. Pass the attributes for one of the supported
+     * `authsource` values; the wrapper supplies the required
+     * `items: ['identity-provider']` envelope.
+     *
+     * @param attr - The identity-provider attributes to apply.
+     */
+    edit(attr: IdentityProviderAttributes): Promise<MailcowResponse>;
+}
+/**
+ * Binder function between the MailcowClient class and the
+ * IdentityProviderEndpoints.
+ * @param bind - The MailcowClient to bind.
+ * @internal
+ */
+export declare function identityProviderEndpoints(bind: MailcowClient): IdentityProviderEndpoints;

package/dist/endpoints/identity-provider-endpoints.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.identityProviderEndpoints = identityProviderEndpoints;
+const IDENTITY_PROVIDER_ENDPOINTS = {
+    EDIT: 'edit/identity-provider',
+};
+/**
+ * Binder function between the MailcowClient class and the
+ * IdentityProviderEndpoints.
+ * @param bind - The MailcowClient to bind.
+ * @internal
+ */
+function identityProviderEndpoints(bind) {
+    return {
+        edit(attr) {
+            return bind.requestFactory.post(IDENTITY_PROVIDER_ENDPOINTS.EDIT, {
+                attr,
+                items: ['identity-provider'],
+            });
+        },
+    };
+}
+//# sourceMappingURL=identity-provider-endpoints.js.map

package/dist/endpoints/identity-provider-endpoints.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-provider-endpoints.js","sourceRoot":"","sources":["../../src/endpoints/identity-provider-endpoints.ts"],"names":[],"mappings":";;AAgCA,8DASC;AAnBD,MAAM,2BAA2B,GAAG;IAClC,IAAI,EAAE,wBAAwB;CAC/B,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,yBAAyB,CAAC,IAAmB;IAC3D,OAAO;QACL,IAAI,CAAC,IAAgC;YACnC,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAA+C,2BAA2B,CAAC,IAAI,EAAE;gBAC9G,IAAI;gBACJ,KAAK,EAAE,CAAC,mBAAmB,CAAC;aAC7B,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/endpoints/quarantine-endpoints.d.ts

@@ -1,4 +1,4 @@
-import { DeleteQuarantineRequest, MailcowResponse, QuarantineItem } from '../types';
+import { DeleteQuarantineRequest, EditQuarantineItemRequest, MailcowResponse, QuarantineItem } from '../types';
 import MailcowClient from '../index';
 /**
  * Interface for all Quarantine endpoints related to email handling in Mailcow.
@@ -10,6 +10,13 @@ export interface QuarantineEndpoints {
      * @returns A promise that resolves to the Mailcow API response indicating success or failure.
      */
     delete(payload: DeleteQuarantineRequest): Promise<MailcowResponse>;
+    /**
+     * Acts on quarantined emails: release them to the recipient's inbox
+     * or learn them as ham to improve future Rspamd filtering.
+     * @param payload - The IDs to act on and the action to take.
+     * @returns A promise that resolves to the Mailcow API response indicating success or failure.
+     */
+    edit(payload: EditQuarantineItemRequest): Promise<MailcowResponse>;
     /**
      * Retrieves all emails currently held in quarantine.
      * @returns A promise that resolves to an array of `QuarantineItem` representing each quarantined email.

package/dist/endpoints/quarantine-endpoints.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.quarantineEndpoints = quarantineEndpoints;
 const QUARANTINE_ENDPOINTS = {
     DELETE: 'delete/qitem',
+    EDIT: 'edit/qitem',
     GET: 'get/quarantine/all',
 };
 /**
@@ -15,6 +16,9 @@ function quarantineEndpoints(bind) {
         delete(payload) {
             return bind.requestFactory.post(QUARANTINE_ENDPOINTS.DELETE, payload.items);
         },
+        edit(payload) {
+            return bind.requestFactory.post(QUARANTINE_ENDPOINTS.EDIT, payload);
+        },
         get() {
             return bind.requestFactory.get(QUARANTINE_ENDPOINTS.GET);
         },

package/dist/endpoints/quarantine-endpoints.js.map

@@ -1 +1 @@
-{"version":3,"file":"quarantine-endpoints.js","sourceRoot":"","sources":["../../src/endpoints/quarantine-endpoints.ts"],"names":[],"mappings":";;AA+BA,kDASC;AAnBD,MAAM,oBAAoB,GAAG;IAC3B,MAAM,EAAE,cAAc;IACtB,GAAG,EAAE,oBAAoB;CAC1B,CAAC;AAEF;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,IAAmB;IACrD,OAAO;QACL,MAAM,CAAC,OAAgC;YACrC,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAA4B,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACzG,CAAC;QACD,GAAG;YACD,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAmB,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC7E,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"quarantine-endpoints.js","sourceRoot":"","sources":["../../src/endpoints/quarantine-endpoints.ts"],"names":[],"mappings":";;AAwCA,kDAYC;AAvBD,MAAM,oBAAoB,GAAG;IAC3B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,YAAY;IAClB,GAAG,EAAE,oBAAoB;CAC1B,CAAC;AAEF;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,IAAmB;IACrD,OAAO;QACL,MAAM,CAAC,OAAgC;YACrC,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAA4B,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACzG,CAAC;QACD,IAAI,CAAC,OAAkC;YACrC,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAA6C,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAClH,CAAC;QACD,GAAG;YACD,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAmB,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC7E,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/types.d.ts

@@ -1687,6 +1687,33 @@ export interface DeleteQuarantineRequest {
      */
     items: number[];
 }
+/**
+ * Action to take on a quarantined email via `edit/qitem`.
+ *
+ * - `release` -- deliver the email to the original recipient's inbox.
+ * - `learnham` -- mark the email as ham and feed it back to Rspamd as
+ *   a training sample. Useful for false positives.
+ *
+ * The quarantine queue is already presumed-spam by definition, so there
+ * is no `learnspam` counterpart -- Mailcow does not document one.
+ */
+export type QuarantineItemAction = 'release' | 'learnham';
+/**
+ * Request payload for `edit/qitem`.
+ *
+ * The `items` array holds the IDs of the quarantined messages to act
+ * on; the same `attr.action` is applied to every entry.
+ */
+export interface EditQuarantineItemRequest {
+    /**
+     * IDs of the quarantined messages to act on. Get them from
+     * `mcc.quarantine.get()`.
+     */
+    items: number[];
+    attr: {
+        action: QuarantineItemAction;
+    };
+}
 /**
  * Request payload to edit rate limits for specified domains.
  */
@@ -2246,6 +2273,213 @@ export interface TransportMap {
      */
     username: string;
 }
+/**
+ * Identity Provider authentication source.
+ *
+ * Mailcow's external authentication backends. `mailcow` (the built-in
+ * local password database) is not configurable via this endpoint and is
+ * therefore not part of this union.
+ */
+export type IdentityProviderAuthsource = 'ldap' | 'keycloak' | 'generic-oidc';
+/**
+ * Attributes shared across every identity-provider configuration,
+ * regardless of which auth source it targets.
+ */
+export interface BaseIdentityProviderAttributes {
+    /**
+     * If no matching attribute mapping exists for a user, the default template
+     * is used when creating the mailbox (not on update). Mailcow expects the
+     * template name as configured under "Mailbox templates".
+     */
+    default_template?: string;
+    /**
+     * Attribute values used to match a mailbox template. Each element pairs
+     * positionally with `templates` -- the n-th `mappers` entry selects the
+     * n-th `templates` entry.
+     */
+    mappers?: string[];
+    /**
+     * Mailbox template names. See `mappers` for how the two arrays are
+     * correlated.
+     */
+    templates?: string[];
+    /**
+     * Skip TLS certificate validation when contacting the auth source.
+     * @defaultValue false
+     */
+    ignore_ssl_error?: boolean;
+    /**
+     * Whether Mailcow should periodically pull every user from the auth
+     * source. Defaults to `false`; combine with `sync_interval` and
+     * `import_users` to enable scheduled syncs.
+     * @defaultValue false
+     */
+    periodic_sync?: boolean;
+    /**
+     * Whether new users discovered during a sync should be imported into
+     * Mailcow as mailboxes.
+     * @defaultValue false
+     */
+    import_users?: boolean;
+    /**
+     * Interval, in minutes, between periodic syncs.
+     * @defaultValue 15
+     */
+    sync_interval?: number;
+}
+/**
+ * Identity provider attributes for an external Keycloak server.
+ */
+export interface KeycloakIdentityProviderAttributes extends BaseIdentityProviderAttributes {
+    authsource: 'keycloak';
+    /**
+     * Base URL of the Keycloak server (no trailing slash needed).
+     */
+    server_url: string;
+    /**
+     * Keycloak realm where the Mailcow client is configured.
+     */
+    realm: string;
+    /**
+     * Client ID of the Mailcow OIDC client inside the realm.
+     */
+    client_id: string;
+    /**
+     * Client secret paired with `client_id`. Sent back from Mailcow as
+     * `"*"` once configured.
+     */
+    client_secret: string;
+    /**
+     * Primary redirect URL configured for the Mailcow client in Keycloak.
+     */
+    redirect_url: string;
+    /**
+     * Additional accepted redirect URLs.
+     */
+    redirect_url_extra?: string[];
+    /**
+     * Keycloak version (for example `26.1.3`). Mailcow uses this to pick
+     * the right admin API shape internally.
+     */
+    version: string;
+    /**
+     * Validate user passwords via the Keycloak admin REST API instead of
+     * relying only on the Authorization Code Flow. Required for IMAP/SMTP
+     * to keep working when Keycloak is the source of truth for passwords.
+     * @defaultValue false
+     */
+    mailpassword_flow?: boolean;
+}
+/**
+ * Identity provider attributes for an external LDAP / Active Directory
+ * server.
+ */
+export interface LdapIdentityProviderAttributes extends BaseIdentityProviderAttributes {
+    authsource: 'ldap';
+    /**
+     * Hostname (or comma-separated list of hostnames for fallback) of the
+     * LDAP server.
+     */
+    host: string;
+    /**
+     * LDAP port as a string.
+     */
+    port: string;
+    /**
+     * Use LDAPS. If `port` is 389 it is forced to 636.
+     * @defaultValue false
+     */
+    use_ssl?: boolean;
+    /**
+     * Use StartTLS. Mutually exclusive with `use_ssl`; preferred over SSL.
+     * @defaultValue false
+     */
+    use_tls?: boolean;
+    /**
+     * Base DN under which user searches are performed.
+     */
+    basedn: string;
+    /**
+     * LDAP attribute used to identify users at login.
+     * @defaultValue 'mail'
+     */
+    username_field?: string;
+    /**
+     * Optional LDAP search filter to limit who may authenticate.
+     */
+    filter?: string;
+    /**
+     * LDAP attribute whose value Mailcow maps to a mailbox template via
+     * `mappers` / `templates`.
+     */
+    attribute_field: string;
+    /**
+     * Bind DN used to perform user searches.
+     */
+    binddn: string;
+    /**
+     * Password for `binddn`.
+     */
+    bindpass: string;
+}
+/**
+ * Identity provider attributes for an arbitrary OIDC provider that is
+ * not Keycloak (Authentik, Auth0, Okta, ...).
+ */
+export interface GenericOidcIdentityProviderAttributes extends BaseIdentityProviderAttributes {
+    authsource: 'generic-oidc';
+    /**
+     * Authorization endpoint URL.
+     */
+    authorize_url: string;
+    /**
+     * Token endpoint URL.
+     */
+    token_url: string;
+    /**
+     * Userinfo endpoint URL.
+     */
+    userinfo_url: string;
+    /**
+     * Client ID issued by the OIDC provider.
+     */
+    client_id: string;
+    /**
+     * Client secret issued by the OIDC provider.
+     */
+    client_secret: string;
+    /**
+     * Primary redirect URL registered with the provider.
+     */
+    redirect_url: string;
+    /**
+     * Additional accepted redirect URLs.
+     */
+    redirect_url_extra?: string[];
+    /**
+     * Space-separated list of OIDC scopes requested at login.
+     * @defaultValue 'openid profile email mailcow_template'
+     */
+    client_scopes?: string;
+}
+/**
+ * Discriminated union of every supported identity-provider
+ * configuration. The `authsource` field is the discriminant.
+ */
+export type IdentityProviderAttributes = KeycloakIdentityProviderAttributes | LdapIdentityProviderAttributes | GenericOidcIdentityProviderAttributes;
+/**
+ * Wire-level body of the `edit/identity-provider` request. The wrapper
+ * builds this for you from {@link IdentityProviderAttributes}, but it
+ * is exported in case callers need to construct it manually.
+ *
+ * `items` is always `['identity-provider']` -- the array type is used
+ * (rather than a fixed tuple) so callers do not have to use a `const`
+ * assertion to satisfy this interface.
+ */
+export interface IdentityProviderEditRequest {
+    attr: IdentityProviderAttributes;
+    items: 'identity-provider'[];
+}
 /**
  * Interface for a general Mailcow API response.
  *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ts-mailcow-api",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "TypeScript wrapper for the mailcow API.",
   "scripts": {
     "test": "ts-mocha \"test/**/*.test.ts\"",