New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Authenticator] additional backend: IMAP #1205

Open
DJCrashdummy opened this Issue Jun 11, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@DJCrashdummy
Contributor

DJCrashdummy commented Jun 11, 2018

beforehand: thank you for such an awesome FOSS-project! i really like Kimai and hopefully we start using it in our company. 馃
just for curiosity: where does the name come from? - maybe it helps me to remember it more easily...


while testing and playing around with Kimai i stumbled across the alternative Authenticators... kudos for also implementing such a nice feature! 馃憦
but now my question is: is it somehow possible to authenticate against an IMAP-server (alternatively POP3 or SMTP)?

we use the IMAP-backend also at Nextcloud ('user_backends') and it would be really awesome to do the same with Kimai.

@simonschaufi

This comment has been minimized.

Member

simonschaufi commented Jun 11, 2018

What is your exact requirement with imap auth? I don't understand your usecase yet.

@DJCrashdummy

This comment has been minimized.

Contributor

DJCrashdummy commented Jun 13, 2018

in short: do the same as with other backends, but use already setup mail-accounts (IMAP).


the complete usecase/workflow:

  1. the policy in our company is BYOD

  2. every co-worker & employee gets a personal mail-account at the companies domain.

  3. our companies Nextcloud is setup to authenticate against this IMAP-domain/-accounts, so there is nothing to do at the Nextcloud as long as the IMAP-authentication is configured in the config.php:

    'user_backends' =>
    	array (
    		'class' => 'OC_User_IMAP',
    		'arguments' => array ('{mail.domain.tld:993/imap/ssl/readonly}INBOX', 'domain.tld'),
    	),
    

    nextcloud-documentation at https://docs.nextcloud.com/server/13/admin_manual/configuration_user/user_auth_ftp_smb_imap.html#imap
    parameters can be found at https://secure.php.net/imap_open#refsect1-function.imap-open-parameters

  4. everyone can login at the companies Nextcloud with exact the same login data as of their mail-account (and no further setup is required).

  5. the goal is, that everyone can authenticate with the same login data at everything used for the company - and only has to change it at one place if needed.

therefore an authentication somehow against an mail-server in Kimai would be awesome.

@kevinpapst

This comment has been minimized.

Member

kevinpapst commented Jun 13, 2018

Interesting setup. Normally I would expect some kind of LDAP authentication in such a situation, to handle groups and such. But okay ... so basically the plugin tries to login against the mail server and accept the user if it worked.
Then we only need to find someone interested to build that AuthAdapter.

@DJCrashdummy

This comment has been minimized.

Contributor

DJCrashdummy commented Jun 24, 2018

for sure LDAP would be a better way to go, but its a small company without a root-server and just using a shared hoster for now... so this is the best option i know.
beside that, i guess exchanging external backends may be somehow easier instead of switching from an internal database to an external backend...

basically the plugin tries to login against the mail server and accept the user if it worked.

exactly!

Then we only need to find someone interested to build that AuthAdapter.

i'm sadly not a developer, so i'm not sure... but maybe some parts of the http-authenticator can be reused or rather some code from the nextcloud-app (i somehow found just this)?

@kevinpapst

This comment has been minimized.

Member

kevinpapst commented Jun 24, 2018

That looks fairly easy:

$mbox = @imap_open($this->mailbox, $uid, $password);
imap_errors();
imap_alerts();
if($mbox){
	imap_close($mbox);
	return $uid;
}else{
	return false;
}

taken from here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment