Opened 5 years ago
Closed 4 years ago
#1485076 closed Feature Patches (fixed)
Reuse HTTP authentication for login
| Reported by: | dfoerster | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.3.1 |
| Component: | Plugin API | Version: | 0.1.1 |
| Severity: | normal | Keywords: | login, http authentication |
| Cc: | rasky@… |
Description
Hi,
the attached patch allows to reuse HTTP authentication credentials for the login. If the webmail installation is protected by HTTP authentication with matching credentials, the user only needs to enter them once.
The feature needs to be enabled by a configuration option.
It's working fine for me but the patch could be refactored a little bit by someone with some more knowledge about roundcube's internals. It applies to the 0.1.1 version.
Regards
David
Attachments (2)
Change History (11)
Changed 5 years ago by dfoerster
comment:1 Changed 5 years ago by thomasb
- Milestone later deleted
- Resolution set to duplicate
- Status changed from new to closed
comment:2 Changed 5 years ago by ryanroth
Can you update this to work with the current SVN?
comment:3 Changed 5 years ago by ryanroth
http://trac.roundcube.net/ticket/1388203 does not work with the current release or SVN
comment:4 Changed 5 years ago by ryanroth
- Resolution duplicate deleted
- Status changed from closed to reopened
comment:5 Changed 5 years ago by dan
thanks for the patch. It certianly helped me with bug 1485224
things i noted
$host = $RCMAIL->autoselect_host(); seems unneeded as login can just take username/password and it seems to workout the host then.
$OUTPUT->redirect() instead of header( 'refresh: 1'); for consistency with the login.
i didn't bother with cookie checking as i think that is done elsewhere
logouts don't particularly work when the authentication is already there. (I don't know how to fix this either)
you could use the email2user functions to handle virtual users.
your patch doesn't include the main.inc.php.dist change to enable http authenticaion
comment:6 Changed 5 years ago by alec
- Milestone set to later
comment:7 Changed 5 years ago by rasky@…
- Cc rasky@… added
As explained in a duplicate bug (which contained more infos than this bug...), a quick way to disable the useless logout button is to put "display: none" in the CSS. Obviously, a correct fix has to be done elsewhere.
comment:8 Changed 4 years ago by dan
comment:9 Changed 4 years ago by alec
- Component changed from Client Scripts to Plugin API
- Milestone changed from later to 0.3.1
- Resolution set to fixed
- Status changed from reopened to closed

Duplicate of #1388203