Help needed for a simple plugin

[JulienV]

Hi,

I am trying to write a plugin which simply adds a button on the taskbar, which provides a link to a secured webpage.
This page is secured by a basic HTTP authentication.

Actually, for those who might be interested, this webpage is the DSPAM Control Center.

As you might have understood, I would like that the credentials used for RoundCube provide the HTTP authentication (both the IMAP server and DSPAM CC use the same database).

For now, I have been able to add a link which uses a https://username:[email protected] scheme. It does work, but I am concerned by the fact the user password appears in clear on RoundCube.

I attach what I have done so far to give an idea.

I would like to be able to make something similar but in a more "secure" way (considering both RC and DSPAM CC are secured via SSL, I am OK to use unencrypted GET, but I want to avoid that the password appears on the webmail, in case a user leaves a session open while having a lunch for example!).

I am pretty sure javascript can help me, but I am not much of a programmer and I am not sure to really understand the way the RC plugin API works...

The following JS snippet could help, but I cannot understand how I can integrate it in RC:

Code Select Expand


    var url = "https://" + username + ":" + password + "@domain.com"
    http.open("get", url, false, username, password);
    http.send("");
if (http.status == 200) {
document.location = url;
}


Thanks in advance for your comments. Any help will be appreciated!

Cheers,
Julien

[JulienV]

up...

Anyone willing to help?

Cheers,
Julien

[SKaero]

From the looks of it you are trying to do a AJAX request, RoundCube has jQuery so you can use jQuery's Get function Ajax/jQuery.get - jQuery JavaScript Library then all you need to do is put it in a JavaScript document and include it by using the include_script Doc_Plugins ? Roundcube Webmail

Code Select Expand

$this->include_script('client.js');

[JulienV]

Hi skaero,

I think that should help, thanks for your answer.

However, I fear I do not have the required skills to do this (I have really tried understanding the documentation without success).

I need to get the user and password in JS so that the query can state them.
Something really simple I am sure for developers, which I am not unfortunately...

And I cannot find anywhere in the plugin API documentation the available information from the rcmail object (ie. is the PHP $_['session'] available anywhere?)

I have found the following page which is already a good start for HTTP auth and JQuery: How to do HTTP Basic Auth in Ajax | Coder's Eye

Cheers,
Julien

[SKaero]

If I understand correctly you are trying to use JavaScript to perform an AJAX request that would get the username and password of the current user and add it to a url then forward the user to the DSPAM control center using the url with the login information. That way a user can't see there password making it more secure, but why bother using JavaScript at all? I did a little re-write of your code so the button links to ?_task=mail&_action=dspam that gets the user information and does a php redirect, the user can't see the password and you don't have to mess with JavaScript. I have attached the code.

[JulienV]

Hi,

Thanks a lot, that's exactly what I was trying to do!

Would you please confirm your real name and address email (via private message or email) so that I can credit you in case I "release" this plugin which might be useful for other DSPAM users?

Thanks again!

Cheers,
Julien

[JulienV]

Unfortunately, it doesn't work with Internet Exporer 8
For unknown reason, I get an error like "Cannot connect to the requested website".

It does work with Firefox (though there is a warning message asking for the user's confirmation about the username, which I think we can live with).

Cheers,
Julien