afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server
https://afterlogic.org/webmail-lite-8
GNU Affero General Public License v3.0
335 stars 72 forks source link

Unable to logout of webmail #78

Closed neoget-dipankar closed 3 years ago

neoget-dipankar commented 3 years ago

while login programmatically is working fine for me, the logout is not working , I am trying to invalidate the AuthToken for auto logout but its not working but if I clear my cookies The user is auto logged out but clearing the cookies using php fails to perform the same task of logging out the user

afterlogic-support commented 3 years ago

You can use Logout method of Core module available in both Web API and PHP API.

neoget-dipankar commented 3 years ago

error_reporting(E_ALL); ini_set('ignore_repeated_errors', TRUE); ini_set('display_errors', true); ini_set('log_errors', TRUE); ini_set('error_log', './logOutError.log'); include '../system/autoload.php'; include_once "../modules/Core/Module.php"; \Aurora\System\Api::Init(); $aData = \Aurora\System\Api::GetModuleDecorator('Core')->Logout(); print_r($_COOKIE);

is this the right way to call this method? this code is present in a logoutfile.php , present in a subdirectory of mail directory.

afterlogic-support commented 3 years ago

According to our devs, it's necessary to do both Logout method call and unsetting a cookie:

$aData = \Aurora\System\Api::GetModuleDecorator('Core')->Logout();
setcookie('AuthToken', null, -1, '/webmail/'); 

To log user out, technically it's sufficient to invalidate AuthToken cookie. Note that it's important to set the 4th attribute of setcookie() method call so that it matches actual cookie path set in WebMail, you can check that one using browser's developer tools (F12 > Application > Cookies). You can also get it via API with:

\Aurora\System\Api::getCookiePath()
neoget-dipankar commented 3 years ago

one last question. is there a way to hide the logout button. I want to logout with my apps logout option. so I don't want to give the user to logout in webmail UI?

afterlogic-support commented 3 years ago

You can comment out or remove the code found in modules/CoreWebclient/templates/HeaderView.html file:

<span class="item logout" data-bind="visible: showLogout">
    <span class="link" data-bind="i18n: {'key': '%MODULENAME%/ACTION_LOGOUT'}, click: logout"></span>
</span>

Be sure to purge data/cache/ directory content to apply changes.

neoget-dipankar commented 3 years ago

how to remove openPGP from setting menu and also how to remove or disable the add identity from Email account settings??

afterlogic-support commented 3 years ago

how to remove openPGP from setting menu

Set Disabled to true in data/settings/modules/OpenPgpWebclient.config.json file.

how to remove or disable the add identity from Email account settings??

That's AllowIdentities parameter in data/settings/modules/Mail.config.json file, see How to use or disable identities documentation page.

Hope this helps. Please note that community editions of our products do not come with guaranteed free support from Afterlogic, and this resource is for reporting issues with the product. If you may be interested in using webmail client with premium features and getting commercial-grade support, consider trying out the Pro version.

neoget-dipankar commented 3 years ago

yes planning to take the pro version once everything is setup properly

neoget-dipankar commented 3 years ago

one last question. when I logged in as a user, at the top I can see the username and contact and then gap and towards the right end there is setting and logout. I have hidden the logout. can u kindly tell me how i can add new options before the username and also bring setting from right to left?

afterlogic-support commented 3 years ago

You're probably looking for modifying modules/CoreWebclient/templates/HeaderView.html file. Upon making changes there, be sure to purge data/cache/ directory content.

As for moving Settings link to the right side, see styles.css of the skin you use - for Default skin, that's static/styles/themes/Default/styles.css file:

.tabsbar .mobile,
.tabsbar .settings,
.tabsbar .logout {
  font-size: 8pt;
  order: 100;
}

Remove order line to move "Settings" to the left, you may also want to remove font-size line so that character size is the same as for other links there. Remember to clear web browser cache to apply changes.

neoget-dipankar commented 3 years ago

see I am facing the logout issue. it is not resolved. the folder structure is -central folder and inside this folder I have two sub-folder as displayed below central-folder ->mail ->myPortal I am login into webmail from a file in myPortal folder, using the Logging in programmatically code present in developer's guide documentation but I am not redirecting the user to webmail, so I commented out the \Aurora\System\Api::Location('') statement. when this process is complete, authToken is created and I redirect to my own webpages present in myPortal folder .from there I have a link to mail folder. when I try to visit the webmail index.php of mail folder, one more authToken cookie is generated with different path. why is that so? when I check my cookie, I have two authToken with different path and a deviceId cookie.

for logout , I am trying to clear the authToken from a file present in central-folder. so the file structure becomes- central-folder ->webmailAutoLogOut.php ->mail ->myPortal

authToken cookie is first generated for path - "/central-folder/" next time authToken cookie is generated for path - "/central-folder/mail/" deviceId cookie is first generated for path - "/central-folder/mail"

afterlogic-support commented 3 years ago

I understand you're referring to this documentation page: https://afterlogic.com/docs/webmail-lite-8/developers-guide/logging-in-programmatically The code contains setcookie call, and you must ensure that it holds the valid path to WebMail.

afterlogic-support commented 3 years ago

Update: it appears that \Aurora\System\Api::getCookiePath() will in fact return the URL path pointing to current script location, not the WebMail URL path. So you'll need to specify the correct cookie path manually in the code, I believe that should be "/central-folder/mail/" in your case.

neoget-dipankar commented 3 years ago

how to prevent user from seeing the afterlogic webmail login page. i want to redirect if user directly access the mail's index.php without login from my portal? i did give a diff url for both CustomLogoutUrl and DefaultAnonymScreenHash
and finally thanks to you all my logout is done as intended

afterlogic-support commented 3 years ago

There's CustomLoginUrl setting in data/settings/modules/StandardLoginFormWebclient.config.json file, set it to your portal's login page URL.

neoget-dipankar commented 3 years ago

hello again. see in production server , I have two domains xyz.abc.com and another is the email.abc.com . the email.abc.com contains the entire afterlogic files. i am facing a issue of setting cookie in email.abc.com. since xyz and email are two diff domain, i am sending a request to a file in present in email.abc.com from a file in xyz.abc.com but it is unable to set the $sAuthTokken . is there a specific reason for this behaviour?

afterlogic-support commented 3 years ago

The approach of setting a cookie from a different domain is not supported by this integration method. Consider using Single Sign-On instead, it was specifically designed to bypass this limitation. Another option is sending login credentials via POST - it's less secure, but would work between domains or even between different servers.

neoget-dipankar commented 3 years ago

but will it not take us to the webmail page? i doont want that. i only want the cookie to be set and proceed to my own page

afterlogic-support commented 3 years ago

Yes it will redirect to main page of WebMail. You can change that in modules/Core/Module.php file, EntrySso() function - see the last line of the code there:

\Aurora\System\Api::Location('./');