Author Topic: External Login does not work properly  (Read 5543 times)

Offline darkhedie

  • Newbie
  • *
  • Posts: 1
External Login does not work properly
« on: December 12, 2016, 01:57:25 PM »
Hello

I would like to login with a php script.
This is my actual script:

Code: [Select]
<?php

/**
 * Class to automatically login on a Roundcube installation
 * @compatibility RoundCube 1.0.2+
 */

// a roundcube exception class
class RoundCubeException extends Exception {}

// main class
class RoundcubeAutoLogin
{
    
// roundcube link (with a trailing slash)
    
private $_rc_link 'http://mail.domain.ch/';

    
/**
     * Creates a new RC object
     * @param $roundcube_link the roundcube link with a trailing slash
     */
    
public function __construct($roundcube_link)
    {
        
$this->_rc_link $roundcube_link;
    }

    
/**
     * Tries to log a RC user in using cURL. Does two requests. One to
     * get a session token to perform the login, and one to do the actual
     * login of the user
     *
     * @param $email the full e-mailaddress of the user
     * @param $password the password of the user
     *
     * @returns The cookies you should set with setcookie
     */
    
public function login($email$password)
    {
        try
        {
            
$token $this->_get_token();

            if(
$token === FALSE) {
                throw new 
RoundCubeException('Unable to get token, is your RC link correct?');
            }

            
// make the request to roundcube
            
$post_params = array(
                
'_token' => $token,
                
'_task' => 'login',
                
'_action' => 'login',
                
'_timezone' => '',
                
'_url' => '_task=login',
                
'_user' => $email,
                
'_pass' => $password
            
);

            
$ch curl_init($this->_rc_link '?_task=login');
            
curl_setopt($chCURLOPT_COOKIEFILE'cookiejar.txt');
            
curl_setopt($chCURLOPT_POSTTRUE);
            
curl_setopt($chCURLOPT_HEADERTRUE);
            
curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
            
curl_setopt($chCURLOPT_POSTFIELDShttp_build_query($post_params));
            
$response curl_exec($ch);
            
$response_info curl_getinfo($ch);
            
curl_close($ch);

            if(
$response_info['http_code'] == 302)
            {
                
// find all relevant cookies to set (php session + rc auth cookie)
                
preg_match_all('/Set-Cookie: (.*)\b/'$response$cookies);

                
$cookie_return = array();

                foreach(
$cookies[1] as $cookie)
                {
                    
preg_match('|([A-z0-9\_]*)=([A-z0-9\_\-]*);|'$cookie$cookie_match);
                    if(
$cookie_match) {
                        
$cookie_return[$cookie_match[1]] = $cookie_match[2];
                    }
                }

                return 
$cookie_return;
            }
            else
            {
                throw new 
RoundCubeException('Login failed, please check your credentials.');
            }

        }
        catch(
RoundCubeException $e)
        {
            echo 
'RC error: ' $e->getMessage();
        }
        catch(
Exception $e)
        {
            echo 
'General error: ' $e->getMessage();
        }
    }

    
/**
     * Redirect to RC
     */
    
public function redirect()
    {
        
header('Location: ' $this->_rc_link '?_task=mail');
    }

    
/**
     * Gets a token to use for the login
     */
    
private function _get_token()
    {
        
$ch curl_init($this->_rc_link);
        
curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
        
curl_setopt($chCURLOPT_COOKIEJAR'cookiejar.txt');
        
$response curl_exec($ch);
        
curl_close($ch);

        
preg_match('|<input type="hidden" name="_token" value="([A-z0-9]*)">|'$response$matches);

        if(
$matches) {
            return 
$matches[1];
        }
        else {
            return 
FALSE;
        }
    }
}

$rc = new RoundcubeAutoLogin('http://mail.domain.ch'); // set your roundcube domain path

$cookies $rc->login('user@domain.ch''password');

// now you can set the cookies with setcookie php function, or using any other function of a framework you are using

foreach($cookies as $cookie_name => $cookie_value)
{
setcookie($cookie_name$cookie_value0'/''');
}

// and redirect to roundcube with the set cookies
$rc->redirect();

?>


Unfortunately this does not work.

I always get the following error in the log file:
[12-Dec-2016 19:49:31 +0100]: <e4ktafd9> Aborted session e4ktafd9ndm3f9h3cf380ckt34; no valid session data found

There is no ERROR.
If i change the user to something else, i get a login error.
Therefore i think the login itself is ok.

There must be something wrong with the session.

Could anyone help me?
Thanks

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: External Login does not work properly
« Reply #1 on: December 13, 2016, 03:10:15 AM »
CSRF protection in Roundcube prevents things like this from working. What you need to do is build a plugin for Roundcube which can accept input from your script and perform the login. The autologin plugin shipped with Roundcube can provide a starting put for how to do this https://github.com/roundcube/roundcubemail/blob/master/plugins/autologon/autologon.php
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦