Hi,
I am trying to write a plugin which simply adds a button on the taskbar, which provides a link to a secured webpage.
This page is secured by a basic HTTP authentication.
Actually, for those who might be interested, this webpage is the DSPAM Control Center.
As you might have understood, I would like that the credentials used for RoundCube provide the HTTP authentication (both the IMAP server and DSPAM CC use the same database).
For now, I have been able to add a link which uses a https://username:
[email protected] scheme. It does work, but I am concerned by the fact the user password appears in clear on RoundCube.
I attach what I have done so far to give an idea.
I would like to be able to make something similar but in a more "secure" way (considering both RC and DSPAM CC are secured via SSL, I am OK to use unencrypted GET, but I want to avoid that the password appears on the webmail, in case a user leaves a session open while having a lunch for example!).
I am pretty sure javascript can help me, but I am not much of a programmer and I am not sure to really understand the way the RC plugin API works...
The following JS snippet could help, but I cannot understand how I can integrate it in RC:
var url = "https://" + username + ":" + password + "@domain.com"
http.open("get", url, false, username, password);
http.send("");
if (http.status == 200) {
document.location = url;
}
Thanks in advance for your comments. Any help will be appreciated!
Cheers,
Julien
up...
Anyone willing to help?
Cheers,
Julien
From the looks of it you are trying to do a AJAX request, RoundCube has jQuery so you can use jQuery's Get function Ajax/jQuery.get - jQuery JavaScript Library (http://docs.jquery.com/Ajax/jQuery.get) then all you need to do is put it in a JavaScript document and include it by using the include_script Doc_Plugins ? Roundcube Webmail (http://trac.roundcube.net/wiki/Doc_Plugins) $this->include_script('client.js');
Hi skaero,
I think that should help, thanks for your answer.
However, I fear I do not have the required skills to do this (I have really tried understanding the documentation without success).
I need to get the user and password in JS so that the query can state them.
Something really simple I am sure for developers, which I am not unfortunately...
And I cannot find anywhere in the plugin API documentation the available information from the rcmail object (ie. is the PHP $_['session'] available anywhere?)
I have found the following page which is already a good start for HTTP auth and JQuery: How to do HTTP Basic Auth in Ajax | Coder's Eye (http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html)
Cheers,
Julien
If I understand correctly you are trying to use JavaScript to perform an AJAX request that would get the username and password of the current user and add it to a url then forward the user to the DSPAM control center using the url with the login information. That way a user can't see there password making it more secure, but why bother using JavaScript at all? I did a little re-write of your code so the button links to ?_task=mail&_action=dspam that gets the user information and does a php redirect, the user can't see the password and you don't have to mess with JavaScript. I have attached the code.
Hi,
Thanks a lot, that's exactly what I was trying to do!
Would you please confirm your real name and address email (via private message or email) so that I can credit you in case I "release" this plugin which might be useful for other DSPAM users?
Thanks again!
Cheers,
Julien
Unfortunately, it doesn't work with Internet Exporer 8
For unknown reason, I get an error like "Cannot connect to the requested website".
It does work with Firefox (though there is a warning message asking for the user's confirmation about the username, which I think we can live with).
Cheers,
Julien