Usage of short login creates invalid identity

[cm-schl]

Hi,

I'm trying to use SnappyMail with the config option "use short login" inside the domain configuration. I need this option because the server I'm trying to logon does not uses the mail address as username. In combination with Nextcloud this means:

1. Nextcloud passes the username user to SnappyMail
2. SnappyMail adds the default domain example.com to the username
3. Logon is successful and SnappyMail tries to logon to the IMAP server by stripping of example.com because of the setting "use short login"

Everything seems fine until you try to send a mail. There the sender name of the user is user@example.com but this mail address does not exist as the correct one would be name.surname@example.com. So also if the SMTP server would not check if the sender address exists the recipient of a mail could not answer...

I tried to find a solution but I'm not sure how to handle this situation..? Is it possible to let SnappyMail overwrite the not existing identity with a existing one? Adding other identities would be a partly solution, but the wrong one would exist nevertheless...

[cm-schl]

Hi, thanks for your commit that pointed me to #458 and the other issues!

I've tried to find a solution to my question and now I'm asking myself a bit why the whole login process and also the account object carries a login variable that first is empty and afterwards gets set to the mail address? https://github.com/the-djmaze/snappymail/blob/c5c180cb2eec09df933ec5d6c6373133c7622604/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/UserAuth.php#L119

As I don't have a complete sight over the login process maybe this is used afterwards? I'm asking because maybe this could be a part of the solution to my problem described in my first post: At the moment the Nextcloud integration seams to pass to SnappyMail the username or the mail address of the Nextcloud user (basing on the auto login setting inside Nextcloud). If the sLogin variable would be taken into account when logging in the Nextcloud integration could pass the mail address AND the username to SnappyMail: the username then could be used to login to IMAP and SMTP and the mail address could be used to set the correct identity...

[the-djmaze]

SnappyMail login username john. This is missing the @domain.tld part, so based on default domain configuration this becomes john@default domain. Then the domains list is checked for default domain and if not found, the default * is used.

SnappyMail login username john@domain.tld. The domains list is checked for domain.tld and if not found, the default * is used.

Now login using IMAP. Check if domain IMAP uses "short login" then $sLogin becomes john else john@domain.tld.

On success you can view all messages.

SMTP

When you want to send a message the domain SMTP settings are used. Check if domain SMTP uses "short login" then $sLogin becomes john else john@domain.tld. The password that you used for Login/IMAP is also used for SMTP.

If your SMTP is using completely different credentials, then this whole process fails.

When your SMTP server is local and allows local sending without login, then just uncheck the Use authentication option and the mail is send without login.

With the "Override SMTP Credentials" extension you could also configure a general username and password for all users.

Since these solutions don't solve all setups, i've prepared some code to allow custom SMTP credentials (in the future).

[cm-schl]

First of all thanks a lot for taking time to explain the process!

In fact my problem is "just" the wrong mail address in the default identity of my users (the generated address john@domain.tld does not exist, it's a product of the login name and the default domain).

So I looked into Identity.php and it seams that the mail address inside $sEmail is always set to the mail address used at login (= the non existing john@domain.tld). If this is true the mail address of the primary identity cannot be modified - what seams correct as the UI does not allow this for the default identity.

Don't know if I would have to extend my plugin https://github.com/the-djmaze/snappymail/tree/master/plugins/ldap-mail-accounts or write a new one that injects the correct mail address into the default identity (after a suitable hook is found / created in the source).

[the-djmaze]

I think i understand you, and it is like this:

1. john.doe@example.com IMAP login is john or john@example.com
2. john.doe@example.com SMTP login is john.doe@example.com

What you want is:

1. IMAP login as john but see john.doe@example.com
2. Send mail as john.doe@example.com

Correct?

[cm-schl]

Mostly correct:

User logs in automatically from Nextcloud with john-user0123. His real mail address is john.doe@example.com. SnappyMail uses john-user0123@example.com (because of the default domain set to example.com). IMAP login is john-user0123. SMTP login is the same as for IMAP.

I'm completely fine if the user sees the SnappyMail internal username john-user0123@example.com as long as the IMAP login could remain john-user0123 (the fact that the user in the upper right sees the internal username is no problem). But the mails sent by the user should be sent with john.doe@example.com as sender email and not with john-user0123@example.com because the recipients will not be able to answer to mails.

[the-djmaze]

Understood. Now how to know/find the real email address?

[cm-schl]

That's the point I'm also asking me... There are multiple options that came into my mind, but all depends from the specific installation:

• LDAP query basing on the username for those who have an LDAP running
• Passing the mail address through the various integrations to SnappyMail (for example Nextcloud mostly knows already a mail address of the user although we can't know if this is also the mail address the user would like to use inside of SnappyMail)
• Setting it manually - for those who are using SnappyMail standalone
• A workaround i found would be to let the user login with mail address -> passing it through the custom-login-mapping extension -> using his username to login at IMAP. The downside of this is, that an admin has to insert every single user into the extension config as otherwise the user will not be able to login. For bigger companies this would mean to have to inject the list with a script or some other solution... Also I can't say if this "solution" has other side effects (not tested enough).

This are just a bunch of ideas - obviously there could be better solutions to this problem 🙂 .

[the-djmaze]

Here's another idea when you know the email address: Add as identity and make it the default

[cm-schl]

True! Is this already possible from the UI and / or by a extension? In this situation you would also need the possibility to disable the "wrong" identity that is generated automatically (as it is not usable for mails)...

[cm-schl]

Hi @the-djmaze,

I made again some thoughts on this how this could be solved in a way everyone could benefit of this. I looked again into the code. I'm seeing it from my Nextcloud auto logon perspective, but i think it would work also for standalone installs:

Actually the variable $sLogin is always set to the mail address of the user here: https://github.com/the-djmaze/snappymail/blob/b9ef8ae2c932a3b7f0dcedb63f806dc3c585cb43/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/UserAuth.php#L102

What if we would optionally pass the username to the function following function? https://github.com/the-djmaze/snappymail/blob/b9ef8ae2c932a3b7f0dcedb63f806dc3c585cb43/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/UserAuth.php#L115

So in theory in LoginProcess SnappyMail could check if a username was already passed by a integration / a plugin / maybe the login screen and then not overwrite the variable $sLogin with the mail address. So in situations similar at mine the admin would not activate the "short login" functionality but SnappyMail would (should) use the value of $sLogin.

For integrations like Nextcloud the mail address and username could be passed to SnappyMail as Nextcloud must already know both...

Thinking about standalone installs the login mask maybe could extended to show an optional username field to use - similarly like it shows the optional language selection dialog when SnappyMail is configured to show this.

To me this would look like a minimally invasive change...? What do you think? 🙂

[the-djmaze]

Added a new plugin named "Login Override" for next v2.25.2 It has two mapping options: IMAP and SMTP

Each line in the field will be like user@example.com:user1:password1

• user@example.com the currently used email address to login with
• user1 when set it will be used for IMAP or SMTP login
• password1 when set it will be used for IMAP or SMTP login

user@example.com::password1 will used the default login name user@example.com:user1: will used the default login password

Why v2.25.2? Well i've modified the config options system to allow storing encrypted values. As the mapping contains sensitive login credentials it will be stored encrypted.

[cm-schl]

Thanks for the new plugin - I will test it as soon as the new version is released. But if I'm not completely wrong this is a "similar" solution to the workaround described in https://github.com/the-djmaze/snappymail/issues/859#issuecomment-1386627381? It is ok for me as I'm also trying to move to the possibility to use the mail address as username for IMAP logins - but my request was a bit more general to rethink the way the username is used inside the identity object (see https://github.com/the-djmaze/snappymail/issues/859#issuecomment-1403567464). As said I'm going to test your plugin 👍

[the-djmaze]

Yes this new plugin is not perfect but at least we have something to work with

[the-djmaze]

This last commit also add an option to change the email address.

So it will be like: john-user0123@example.com:john.doe@example.com

This way you can create setups however you want as you could also do it in reverse when login as john.doe@example.com then the IMAP/SMTP entries will be: john.doe@example.com:john-user0123@example.com:

[cm-schl]

Actually I'm getting an error when I'm trying to configure the plugin by clicking on the cogwheel:

POST[INFO]: {"id":"login-override","Action":"AdminPluginLoad","XToken":"4313ea9d4e1206eb74134bae9b6b54642c09655f"}
JSON[ERROR]: JsonException: Syntax error in /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/snappymail/crypt.php:244
Stack trace:
#0 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/snappymail/crypt.php(244): json_decode()
#1 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/snappymail/crypt.php(79): SnappyMail\Crypt::jsonDecode()
#2 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/RainLoop/Plugins/Property.php(192): SnappyMail\Crypt::DecryptFromJSON()
#3 [internal function]: RainLoop\Plugins\Property->jsonSerialize()
#4 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/RainLoop/Utils.php(32): json_encode()
#5 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/RainLoop/ServiceActions.php(177): RainLoop\Utils::jsonEncode()
#6 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/RainLoop/Service.php(112): RainLoop\ServiceActions->ServiceJson()
#7 /var/www/nextcloud/apps/snappymail/app/snappymail/v/2.25.2/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#8 /var/www/nextcloud/apps/snappymail/lib/Util/SnappyMailHelper.php(90): RainLoop\Service::Handle()
#9 /var/www/nextcloud/apps/snappymail/lib/Controller/PageController.php(114): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#10 /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php(225): OCA\SnappyMail\Controller\PageController->indexPost()
#11 /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php(133): OC\AppFramework\Http\Dispatcher->executeController()
#12 /var/www/nextcloud/lib/private/AppFramework/App.php(172): OC\AppFramework\Http\Dispatcher->dispatch()
#13 /var/www/nextcloud/lib/private/Route/Router.php(298): OC\AppFramework\App::main()
#14 /var/www/nextcloud/lib/base.php(1047): OC\Route\Router->match()
#15 /var/www/nextcloud/index.php(36): OC::handleRequest()
#16 {main}

I also restarted the webserver to make sure it isn't a caching problem...

[the-djmaze]

I've made a change to prevent decrypt errors

[the-djmaze]

Should be fixed with v2.25.4

[cm-schl]

Tested and it works for the situations your plugin is made for - at least I think so: the mapping for IMAP and SMTP seams to work, for the mapping of the mail address I'm not sure. I've set up john-user0123@example.com:john.doe@example.com like in the example situation described here https://github.com/the-djmaze/snappymail/issues/859#issuecomment-1385562838 and this not changed anything I think... In the upper left and in the new message dialog the user sees the mail address john-user0123@example.com.

Unfortunately this plugin has a side effect on my plugin ldap-mail-accounts and is also not very usable for bigger installations (because the admin would have to insert every single user into this configuration dialog). But maybe I can use your work as base to extend my plugin 🙂

[the-djmaze]

Good. I hope you find a solution!