Author Topic: Use session from other web-app (Read 4175 times)

Revage · « **on:** June 17, 2009, 12:51:32 AM »

Hey folks,

I'm currently trying to integrate Roundcube into my exisiting website (writte in Ruby on Rails).

The main idea is to let the login system there handly any logins. This means, that the user has to login at one central point while a link afterwards sends him to the likely themed php site, housing roundcube.

Is there any way, to disable the roundcube login and use the existing session information from other (in this case Ruby on Rails) webapps to authenticate users?

Any help would be apreciated

Greetings,

Revage

rosali · « **Reply #1 on:** June 17, 2009, 01:18:22 AM »

Two ways:
#1- Either you hack the code not use database based session handling.

#2- Or you use current SVN from trac.roundcube.net (trunk) and the autologon plugin found at Plugin_Repository ? RoundCube Webmail
Notice: the autologon plugin is just a proof of concept. You will have to insert some en/decoding for the password as the password is added into a hidden form.

Revage · « **Reply #2 on:** June 17, 2009, 06:01:45 AM »

Quote from: rosali;19675

Two ways:
#1- Either you hack the code not use database based session handling.

How would I do that? I´m not really into Php, but I could possibly make my way through the code.

Wouldn´t it be possible to let Roundcube use the session cookie of my login system to authenticate users and redirect them to my login form when the user is not logged in?

CarlB · « **Reply #3 on:** June 18, 2009, 12:48:07 AM »

I am trying to do this as well.

Is there any way I can change RC so it uses my sites existing cookie?

This would make the intergration very simple and clean, and take care of log out issues.

I have tried a few things to pass the user name and password to RC in the background, but can only get it to work with a clear text password. Not MD5.

My current method would work if I could get RC to accept a MD5 hash for the password...

Thanks for any help!

Carl

corbosman · « **Reply #4 on:** June 18, 2009, 05:03:16 AM »

The problem is that your backend IMAP server (nothing to do with Roundcube) needs your password to fetch your mail. So RC needs access to the plaintext password to be able to use the IMAP server.

Revage · « **Reply #5 on:** June 21, 2009, 10:53:15 AM »

Assuming I would use the same password scheme in my login system, as it would be used by roundcube?