Auto-login for gollem and IMP

Marcus I. Ryan marcus@riboflavin.net
Mon, 11 Mar 2002 11:19:04 -0600
Previous message: [cvs] cvs commit: horde/lib Horde.php horde problem.php imp identities.php prefs.php turba data.php prefs.php
Next message: [dev] Auto-login for gollem and IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've talked before about auto-login for IMP and Gollem based on Horde's
Auth mechanism.  Now, I've basically decided a genuinely unified login
is, for now, way above my head.  What I'm looking at now is adding an
attribute to a server in servers.php: 'auth = "horde"'.  This could be
used later as part of a larger unified login system.  If the options are
such that we select a server automatically, and that server has an
auth=horde setting, then redirect.php would check Auth::getAuth and
Auth::getCredential to validate the user and log them in.

The problem I'm looking at here is that I want redirect.php to handle
the login without having to call login.php, assuming everything is
established already through preferences, etc. (basically if login.php
would only need to ask for login name and password).

To do so, I have to copy a lot of logic from login.php to redirect.php.
 Would it be better to move this logic (e.g. isPreferred()) to
lib/base.php?  I'm also a little concerned about some of the other
logic, but most of it so small it shouldn't be an issue to duplicate it.

Any thoughts?  Is this a reasonable way to handle it?

The other part of the question is a security vs. convenience issue.  I'm
not really sure I like this myself, but if the server has auth=horde
set, and the user can select other options, should we autofill their
username and password in the appropriate fields using javascript?  This
wouldn't be hard to do, but it means their cleartext password is part of
the HTML, unless there are Javascript methods to use the secret key
cookie to encrypt it and decrypt it.  Then it would just be up to the
user to not leave their browser unattended, especially if their browser
lets you highlight a password field and copy it as anything but ********...

-- 
Marcus I. Ryan, marcus@riboflavin.net
-----------------------------------------------------------------------
 "Love is a snowmobile racing across the tundra and then suddenly it
 flips over, pinning you underneath.  At night, the ice weasels come."
                 -- Matt Groening
-----------------------------------------------------------------------


>From nuno@eth.pt Date: 11 Mar 2002 18:03:50 +0000
Return-Path: <nuno@co.eth.pt>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 32501 invoked from network); 11 Mar 2002 18:04:14 -0000
Received: from hq.eth.pt (root@194.65.84.1)
  by clark.horde.org with SMTP; 11 Mar 2002 18:04:14 -0000
Received: from dev.hq.eth.pt (dev.hq.eth.pt [10.1.1.10])
	by hq.eth.pt (8.11.6/8.11.6) with ESMTP id g2BI4A121147
	for <dev@lists.horde.org>; Mon, 11 Mar 2002 18:04:10 GMT
From: Nuno Loureiro <nuno@eth.pt>
To: dev@lists.horde.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailer: Evolution/1.0.2 
Date: 11 Mar 2002 18:03:50 +0000
Message-Id: <1015869830.1214.26.camel@dev.hq.eth.pt>
Mime-Version: 1.0
Subject: Question about merge

Hi!

  I have a question about the merging. The merge is from CVS HEAD to CVS
RELENG, right? If so, why aren't my pt_PT translations updates in RELENG
if Jan committed them to CVS in 6th March?

  I just checked out Horde RELENG_2, IMP RELENG_3, and Turba RELENG_1
and I don't see my updates there. Should I rest and sleep first, before
sending such message to the mailing list? ;)

Regards,

   Nuno=20

--=20
Nuno Loureiro <nuno@eth.pt>
Ethernet, Solu=E7=F5es Inform=E1ticas, LDA
http://www.eth.pt



>From nuno@eth.pt Date: 11 Mar 2002 18:15:20 +0000
Return-Path: <nuno@co.eth.pt>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 32973 invoked from network); 11 Mar 2002 18:15:41 -0000
Received: from hq.eth.pt (root@194.65.84.1)
  by clark.horde.org with SMTP; 11 Mar 2002 18:15:41 -0000
Received: from dev.hq.eth.pt (dev.hq.eth.pt [10.1.1.10])
	by hq.eth.pt (8.11.6/8.11.6) with ESMTP id g2BIFe121195
	for <dev@lists.horde.org>; Mon, 11 Mar 2002 18:15:40 GMT
From: Nuno Loureiro <nuno@eth.pt>
To: dev@lists.horde.org
In-Reply-To: <1015869830.1214.26.camel@dev.hq.eth.pt>
References: <1015869830.1214.26.camel@dev.hq.eth.pt>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailer: Evolution/1.0.2 
Date: 11 Mar 2002 18:15:20 +0000
Message-Id: <1015870520.9007.30.camel@dev.hq.eth.pt>
Mime-Version: 1.0
Subject: Re: [dev] Question about merge


Forget it!!

I knew I should sleep before sending the last email. =3D)


On Mon, 2002-03-11 at 18:03, Nuno Loureiro wrote:
> Hi!
>=20
>   I have a question about the merging. The merge is from CVS HEAD to CVS
> RELENG, right? If so, why aren't my pt_PT translations updates in RELENG
> if Jan committed them to CVS in 6th March?
>=20
>   I just checked out Horde RELENG_2, IMP RELENG_3, and Turba RELENG_1
> and I don't see my updates there. Should I rest and sleep first, before
> sending such message to the mailing list? ;)
>=20
> Regards,
>=20
>    Nuno=20
>=20
> --=20
> Nuno Loureiro <nuno@eth.pt>
> Ethernet, Solu=E7=F5es Inform=E1ticas, LDA
> http://www.eth.pt
>=20
>=20
> --=20
> Horde Developers mailing list: http://horde.org/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe@lists.horde.org
--=20
Nuno Loureiro <nuno@eth.pt>
Ethernet, Solu=E7=F5es Inform=E1ticas, LDA
http://www.eth.pt
Previous message: [cvs] cvs commit: horde/lib Horde.php horde problem.php imp identities.php prefs.php turba data.php prefs.php
Next message: [dev] Auto-login for gollem and IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]