search

LeonardoRM / owncloud-roundcube

OwnCloud app to integrate RoundCube Webmail
GNU Affero General Public License v3.0
6 stars 14 forks source link

Save login data for later rc_login #1

Closed LeonardoRM closed 5 years ago

LeonardoRM commented 5 years ago

Currently the OC_RC app auto-logins to RC on OC_Login and refreshes the session every other minute. Even if you never access the OC_RC app.

Proposal:

  1. On OC_Login, save user password safely for later use by storing a pair of keys on user session and the encrypted password plus a passphrase on a cookie. So a part is on server memory and the other part on user's browser.
  2. Don't login to RC until we hit the OC_RC app.
  3. Let RC manage the session refresh, not OC_RC app.

Will this work?

LeonardoRM commented 5 years ago

Pull request implements this issue: #2