Author Topic: Help needed for a simple plugin  (Read 8315 times)

Offline JulienV

  • Newbie
  • *
  • Posts: 5
Help needed for a simple plugin
« on: October 10, 2009, 01:14:07 PM »
Hi,

I am trying to write a plugin which simply adds a button on the taskbar, which provides a link to a secured webpage.
This page is secured by a basic HTTP authentication.

Actually, for those who might be interested, this webpage is the DSPAM Control Center.

As you might have understood, I would like that the credentials used for RoundCube provide the HTTP authentication (both the IMAP server and DSPAM CC use the same database).

For now, I have been able to add a link which uses a https://username:password@host.tld scheme. It does work, but I am concerned by the fact the user password appears in clear on RoundCube.

I attach what I have done so far to give an idea.

I would like to be able to make something similar but in a more "secure" way (considering both RC and DSPAM CC are secured via SSL, I am OK to use unencrypted GET, but I want to avoid that the password appears on the webmail, in case a user leaves a session open while having a lunch for example!).

I am pretty sure javascript can help me, but I am not much of a programmer and I am not sure to really understand the way the RC plugin API works...

The following JS snippet could help, but I cannot understand how I can integrate it in RC:
Code: [Select]

    var url = "https://" + username + ":" + password + "@domain.com"
    http.open("get", url, false, username, password);
    http.send("");
if (http.status == 200) {
document.location = url;
}


Thanks in advance for your comments. Any help will be appreciated!

Cheers,
Julien
« Last Edit: October 10, 2009, 01:17:08 PM by JulienV »

Offline JulienV

  • Newbie
  • *
  • Posts: 5
Help needed for a simple plugin
« Reply #1 on: October 17, 2009, 05:26:47 AM »
up...

Anyone willing to help?

Cheers,
Julien

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Help needed for a simple plugin
« Reply #2 on: October 19, 2009, 05:08:15 AM »
From the looks of it you are trying to do a AJAX request, RoundCube has jQuery so you can use jQuery's Get function Ajax/jQuery.get - jQuery JavaScript Library then all you need to do is put it in a JavaScript document and include it by using the include_script Doc_Plugins ? Roundcube Webmail
Code: [Select]
$this->include_script('client.js');

Offline JulienV

  • Newbie
  • *
  • Posts: 5
Help needed for a simple plugin
« Reply #3 on: October 19, 2009, 01:01:35 PM »
Hi skaero,

I think that should help, thanks for your answer.

However, I fear I do not have the required skills to do this (I have really tried understanding the documentation without success).

I need to get the user and password in JS so that the query can state them.
Something really simple I am sure for developers, which I am not unfortunately...

And I cannot find anywhere in the plugin API documentation the available information from the rcmail object (ie. is the PHP $_['session'] available anywhere?)

I have found the following page which is already a good start for HTTP auth and JQuery: How to do HTTP Basic Auth in Ajax | Coder's Eye

Cheers,
Julien

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Help needed for a simple plugin
« Reply #4 on: October 20, 2009, 03:05:54 AM »
If I understand correctly you are trying to use JavaScript to perform an AJAX request that would get the username and password of the current user and add it to a url then forward the user to the DSPAM control center using the url with the login information. That way a user can't see there password making it more secure, but why bother using JavaScript at all? I did a little re-write of your code so the button links to ?_task=mail&_action=dspam that gets the user information and does a php redirect, the user can't see the password and you don't have to mess with JavaScript. I have attached the code.
« Last Edit: October 20, 2009, 03:51:16 AM by skaero »

Offline JulienV

  • Newbie
  • *
  • Posts: 5
Help needed for a simple plugin
« Reply #5 on: October 20, 2009, 12:59:38 PM »
Hi,

Thanks a lot, that's exactly what I was trying to do!

Would you please confirm your real name and address email (via private message or email) so that I can credit you in case I "release" this plugin which might be useful for other DSPAM users?

Thanks again!

Cheers,
Julien

Offline JulienV

  • Newbie
  • *
  • Posts: 5
Help needed for a simple plugin
« Reply #6 on: October 20, 2009, 01:13:17 PM »
Unfortunately, it doesn't work with Internet Exporer 8
For unknown reason, I get an error like "Cannot connect to the requested website".

It does work with Firefox (though there is a warning message asking for the user's confirmation about the username, which I think we can live with).

Cheers,
Julien