This pull request is based on the multi-server version of the plugin that @mperaya posted in https://github.com/kevinoid/auth-mailbox-joomla/issues/3#issuecomment-449068699. Several of the improvements from his version (including the es-ES language files) are already included in v1.0.10. This PR is to consider the multi-server support specifically. It also does not include the very impressive repeatable tab layout that @mperaya created, which may be considered in a future PR.
This PR has a few known technical issues that should be fixed before it is merged:
[ ] Configuration is lost when upgrading from previous versions. Perhaps the configuration could be migrated in update method of an install script?
[ ] The configuration form has lots of empty space on the left margin. I think it is a bug in layout="joomla.form.field.subform.repeatable" that when hiddenLabel is true the label space is not removed (as it is for groupByFieldset in repeatable-table). It's low priority, but should be discussed with Joomla! developers.
I am still considering whether this feature justifies the additional complexity and maintenance burden, and if so, how best to implement it. I'd appreciate feedback from potential users, particularly about the following issues:
Should the login username be tried on all servers? If so, login will be slow for later servers and there is a risk that the Joomla! server will be blacklisted by the mail server based on the number of failed login attempts. If not, how should this be configured?
This PR currently attempts authentication when the login username either matches the Default Domain or doesn't contain a domain. This is simple and understandable, but limiting. It prevents use when a server serves multiple mail domains. Checking the login username against a configurable regular expression for each server would be another option.
How should the plugin handle conflicting usernames? If "Include Mail Domain in Joomla! Username" is "No" in the plugin configuration, users on different servers would authenticate as the same Joomla! account. This could cause problems and allow account stealing by users who can create new email accounts on the mailbox servers. Can this be prevented, or is adding a configuration warning the only reasonable option?
Which configuration options should be per-server? Most of the current configuration options are server-specific. Some, such as "Create Users", "Include Mail Domain in Joomla! Username", "Show Protocol Errors" may not be. Are there use cases where it would be desirable to have the mail domain in some usernames but not others, or to only create users from some servers? "Default Mail Domain" is particularly interesting, since it could be used to try the same username with different domains on different servers (if per-server). Alternatively, it could be used to map usernames without domains to specific servers (if not per-server).
Feedback on these questions from users with real use cases would be appreciated. Alternatively, if someone with this use case would like to publish and maintain a multi-server plugin based on this code, I would fully encourage it!
This pull request is based on the multi-server version of the plugin that @mperaya posted in https://github.com/kevinoid/auth-mailbox-joomla/issues/3#issuecomment-449068699. Several of the improvements from his version (including the es-ES language files) are already included in v1.0.10. This PR is to consider the multi-server support specifically. It also does not include the very impressive repeatable tab layout that @mperaya created, which may be considered in a future PR.
This PR has a few known technical issues that should be fixed before it is merged:
updatemethod of an install script?layout="joomla.form.field.subform.repeatable"that whenhiddenLabelistruethe label space is not removed (as it is forgroupByFieldsetinrepeatable-table). It's low priority, but should be discussed with Joomla! developers.I am still considering whether this feature justifies the additional complexity and maintenance burden, and if so, how best to implement it. I'd appreciate feedback from potential users, particularly about the following issues:
Should the login username be tried on all servers? If so, login will be slow for later servers and there is a risk that the Joomla! server will be blacklisted by the mail server based on the number of failed login attempts. If not, how should this be configured?
This PR currently attempts authentication when the login username either matches the Default Domain or doesn't contain a domain. This is simple and understandable, but limiting. It prevents use when a server serves multiple mail domains. Checking the login username against a configurable regular expression for each server would be another option.
How should the plugin handle conflicting usernames? If "Include Mail Domain in Joomla! Username" is "No" in the plugin configuration, users on different servers would authenticate as the same Joomla! account. This could cause problems and allow account stealing by users who can create new email accounts on the mailbox servers. Can this be prevented, or is adding a configuration warning the only reasonable option?
Which configuration options should be per-server? Most of the current configuration options are server-specific. Some, such as "Create Users", "Include Mail Domain in Joomla! Username", "Show Protocol Errors" may not be. Are there use cases where it would be desirable to have the mail domain in some usernames but not others, or to only create users from some servers? "Default Mail Domain" is particularly interesting, since it could be used to try the same username with different domains on different servers (if per-server). Alternatively, it could be used to map usernames without domains to specific servers (if not per-server).
Feedback on these questions from users with real use cases would be appreciated. Alternatively, if someone with this use case would like to publish and maintain a multi-server plugin based on this code, I would fully encourage it!