Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO and related extensions are not working #1869

Open
greenreader9 opened this issue Dec 17, 2024 · 4 comments
Open

SSO and related extensions are not working #1869

greenreader9 opened this issue Dec 17, 2024 · 4 comments

Comments

@greenreader9
Copy link

greenreader9 commented Dec 17, 2024

Hello,

I am going to assume that I am missing something major here, so if someone could point it out I would greatly appreciate it.

Essentially, all of my users are configured under the * domain configuration in snappymail (And all users can login via the login form with a username and password and everything works). Now, I want to add a one-click login button in my custom control panel, however I can't seem to get any sort of oAuth/SSO/remote login working at all.

Things I have tried:

  1. Using the "Login External" plugin
    My request:
    image
    What I see:
    The normal login screen

  2. Using the "Login External SSO" plugin
    Extension Setup:
    image
    My Request:
    image
    What I see:

  3. Using the SSO Login script found here: https://github.com/the-djmaze/snappymail/blob/master/test/sso.php

I uploaded the following to https://webmail.mydomain.tld/sso.php:

<?php

if(!isset($_POST['email']) || !isset($_POST['password'])){
	header('location: https://mydomain.tld/');
}

// Enable SnappyMail Api and include index file
$_ENV['SNAPPYMAIL_INCLUDE_AS_API'] = true;
require_once 'index.php';

/**
 * Get SSO hash
 */
$aAdditionalOptions = array(
	// One of /snappymail/v/0.0.0/app/localization/*
//	'Language' = 'en-US'
);
$bUseTimeout = false; // 10 seconds
$ssoHash = \RainLoop\Api::CreateUserSsoHash($_POST['email'], $_POST['password'], $aAdditionalOptions, $bUseTimeout);

// redirect to webmail sso url
echo 'https://webmail.mydomain.tld/snappymail/?sso&hash='.$ssoHash;
exit;
header('location: https://webmail.mydomain.tld/snappymail/?sso&hash='.$ssoHash);

// Destroy the SSO hash
//\RainLoop\Api::ClearUserSsoHash($ssoHash);

And making the following request:

curl --location 'https://webmail.mydomain.tld/sso.php' \
--data-urlencode '[email protected]' \
--data-urlencode 'password=mail'

Returns a result like:
https://webmail.mydomain.tld/snappymail/?sso&hash=1361c4ce65d....a07700fb

Visiting https://webmail.mydomain.tld/snappymail/?sso&hash=1361c4ce65d....a07700fb shows a lightspeed 404 error

Visiting https://webmail.mydomain.tld/?sso&hash=1361c4ce65d....a07700fb shows the default login page

Expected behavior
The ability to login as any user from an external page, like my control panel

Please complete the following information:

  • Browser: Brave | 1.73.101 Chromium: 131.0.6778.139 (Official Build) (64-bit)
  • IMAP daemon: NA
  • PHP version: 8.3
  • SnappyMail Version: 2.38.2
  • Mode: standalone

Debug/logging information

I have logging enabled but there is no /data/_data_/_default_/logs directory
image

image

Thank you!

@peterkeist
Copy link

For working SSO on my Server I had to add the line secfetch_allow = "mode=navigate,dest=document,site=cross-site" in the file application.ini That's exactly what your request wants too. Can you try this?

@greenreader9
Copy link
Author

@peterkeist, I set the secfetch_allow value to both mode=navigate,dest=document,site=cross-site and mode=navigate;dest=document;site=cross-site (As the description notes ; is the separator), however that did not have an effect on any of the above examples of the issue.

@peterkeist
Copy link

@greenreader9, secfetch_allow can have more than one value, ; is the separator for this case. Try again with this line:
secfetch_allow = "mode=navigate,dest=document,site=cross-site;mode=navigate,dest=document,site=same-site"
If that doesn't help either, unfortunately I don't know what to do.

@greenreader9
Copy link
Author

Hello

Try again with this line: secfetch_allow = "mode=navigate,dest=document,site=cross-site;mode=navigate,dest=document,site=same-site"

Unfortunately that had no effect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants