Autologin roundcube?

Corianito · February 7, 2024, 12:23pm

Hello, I have read that you do not want to implement autologin in Roundcube as other panels do. For us, this is very important.

Do you know if it could be done on a budget? Could you tell me the cost of implementing such functionality? If it is not too exorbitant, I would be willing to finance it.

Best regards!

eris · February 7, 2024, 12:48pm

The only way to give an admin access via auto login is to temporary overwrite the password and reset it after xx min.

I have zero interests in implementing via this route…

Corianito · February 7, 2024, 1:06pm

I have seen, for example, that CWP accesses with tokens. Is there no way to do it in that manner?

eris · February 7, 2024, 2:03pm

Roundcube is nothing more then a passthrough towards dovecot…

Corianito · February 7, 2024, 3:50pm

I know, but this feature is quite requested by the end customer, so it would be interesting to have some form of automatic login to Roundcube. I have been reviewing, and the Roundcube plugin they use in CWP is something like this: (I don’t know if it will be useful)

/usr/local/cwpsrv/var/services/roundcube/plugins/cwpautologon/

<?php
class cwpautologon extends rcube_plugin{
    public $task = 'login';
    function init(){
        $this->add_hook('startup', array($this, 'startup'));
        $this->add_hook('authenticate', array($this, 'authenticate'));
    }

    function startup($args){
        if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']) && $this->is_localhost())
            $args['action'] = 'login';
        return $args;
    }

    function authenticate($args){
        if (!empty($_GET['_autologin']) && $this->is_localhost()) {
            if(isset($_GET['sess'])){
                $token=base64_decode(base64_decode($_GET['sess']));
                $js=json_decode($token);

                $args['user'] =trim($js->user);
                $args['pass'] =trim($js->pass);
                $args['host' ] =trim($js->host);
                return $args;
            }
        }
    }
    function is_localhost(){
        return $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1';
    }
}

As I have mentioned, I am willing to cover the cost of this implementation. If you wish, provide me with a quote privately.

I believe this is a useful feature for end users. Additionally, I have seen that it has been requested in some message before, but it was indicated that there was no plan to implement it.

I think the correct way would be:

Generate a token and save the value along with the email that has requested to log in.
Validate that the token is correct and has not expired → perform the autologin.

eris · February 7, 2024, 4:04pm

We still need to have the authentication with the mail server. And we don’t store the passwords in plain text on the server …

dpin · July 17, 2024, 9:17am

Hello @Corianito, any progress on that? I’m looking into ways to make this happen because my clients also want the ability to access multiple email accounts directly from the Hestia panel (like in cPanel).

Corianito · July 18, 2024, 9:49am

Hello!
At the moment nothing, I haven’t paid much attention either, because I keep moving servers from CWP to Hestia, when I finish, I will try to find someone to see if they are capable of doing something customized or is it technically impossible.

system · August 17, 2024, 9:49am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.