starred/modoboa-modoboa
1
0
Fork 0
mirror of https://github.com/modoboa/modoboa.git synced 2026-04-27 18:05:58 +03:00
Code Issues 60 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #523] Add support for the Roundcube password plugin #499

New issue
Closed
opened 2026-02-27 11:12:05 +03:00 by kerem · 10 comments
kerem commented 2026-02-27 11:12:05 +03:00
Owner
Copy link

Originally created by @SomeGeek on GitHub (Feb 13, 2014).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/523

Originally assigned to: @tonioo on GitHub.

We should create a simple driver for the Roundcube password changing plugin: https://github.com/roundcube/roundcubemail/tree/master/plugins/password

Using the API of Modoboa. Roundcube is a very popular webmail client. Doing this has the advantage of not having to have the database world-accessible.

Originally created by @SomeGeek on GitHub (Feb 13, 2014). Original GitHub issue: https://github.com/modoboa/modoboa/issues/523 Originally assigned to: @tonioo on GitHub. We should create a simple driver for the Roundcube password changing plugin: https://github.com/roundcube/roundcubemail/tree/master/plugins/password Using the API of Modoboa. Roundcube is a very popular webmail client. Doing this has the advantage of not having to have the database world-accessible.
kerem 2026-02-27 11:12:05 +03:00
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@carragom commented on GitHub (Jul 10, 2014):

I use Roundcube and it's password plugin with modoboa without issues. There is at least one topic in the google group about it, https://groups.google.com/forum/#!topic/modoboa-users/DKqLFnd5haU.

<!-- gh-comment-id:48578517 --> @carragom commented on GitHub (Jul 10, 2014): I use Roundcube and it's password plugin with modoboa without issues. There is at least one topic in the google group about it, https://groups.google.com/forum/#!topic/modoboa-users/DKqLFnd5haU.
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@SomeGeek commented on GitHub (Jul 10, 2014):

This requires you to have the DB server accessible worldwide. That's not recommended practice, to say the least. My proposal was a plugin that calls Modoboa instead of the database...

<!-- gh-comment-id:48579356 --> @SomeGeek commented on GitHub (Jul 10, 2014): This requires you to have the DB server accessible worldwide. That's not recommended practice, to say the least. My proposal was a plugin that calls Modoboa instead of the database...
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@carragom commented on GitHub (Jul 10, 2014):

So the goal here would be to develop a Roundcube plugin that could change the account password but without having to connect to the modoboa database ?

<!-- gh-comment-id:48629328 --> @carragom commented on GitHub (Jul 10, 2014): So the goal here would be to develop a Roundcube plugin that could change the account password but without having to connect to the modoboa database ?
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@patrickbenkoetter commented on GitHub (Jul 10, 2014):

Yes. Ideally modo would expose an interface an external service can connect
to. An interface that hides the complexity and stays stable at the same time,
while modo is free to change the db schema or access or anything else as it
evolves.

p@rick

[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

<!-- gh-comment-id:48646788 --> @patrickbenkoetter commented on GitHub (Jul 10, 2014): Yes. Ideally modo would expose an interface an external service can connect to. An interface that hides the complexity and stays stable at the same time, while modo is free to change the db schema or access or anything else as it evolves. p@rick - carragom reply@reply.github.com: > So the goal here would be to develop a Roundcube plugin that could change the account password but without having to connect to the modoboa database ? > > --- > Reply to this email directly or view it on GitHub: > https://github.com/tonioo/modoboa/issues/523#issuecomment-48629328 ## [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Jul 11, 2014):

I think a REST API (or similar) could be the right answer. Problem is: is it secure to propose such a service?

<!-- gh-comment-id:48706775 --> @tonioo commented on GitHub (Jul 11, 2014): I think a REST API (or similar) could be the right answer. Problem is: is it secure to propose such a service?
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@carragom commented on GitHub (Jul 14, 2014):

Not having to worry about Roundcube every time Modoboa is upgraded as explained by @patrickbenkoetter does sounds very attractive.
As for security, Modoboa already allows any user to change it's own password through the web interface, right?. If this is the case, I don't think allowing the same operation through a REST API would make Modoboa less secure. My 2 cents.

<!-- gh-comment-id:48865428 --> @carragom commented on GitHub (Jul 14, 2014): Not having to worry about Roundcube every time Modoboa is upgraded as explained by @patrickbenkoetter does sounds very attractive. As for security, Modoboa already allows any user to change it's own password through the web interface, right?. If this is the case, I don't think allowing the same operation through a REST API would make Modoboa less secure. My 2 cents.
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@kryskool commented on GitHub (Aug 2, 2014):

Hi @tonioo

Why not provide an URI like http://modoboa.domain.tld/changes?account=me@my.domain.tld and send directly an email to the user, with a link like http://modoboa.domain.tld/changes?token=ah5tR4URfdcEs6g435h009HG (this token is create and memorized at the first request) and display a form to change the password

Optionally you can add an expiry date on the token, and protection for DDOS on the first link

Comments ?

<!-- gh-comment-id:50962367 --> @kryskool commented on GitHub (Aug 2, 2014): Hi @tonioo Why not provide an URI like http://modoboa.domain.tld/changes?account=me@my.domain.tld and send directly an email to the user, with a link like http://modoboa.domain.tld/changes?token=ah5tR4URfdcEs6g435h009HG (this token is create and memorized at the first request) and display a form to change the password Optionally you can add an expiry date on the token, and protection for DDOS on the first link Comments ?
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Aug 21, 2014):

Hi @kryskool

I think the original idea was to be able to modify the password directly from roundcube. A two steps procedure, like the one you propose, is not bad but the REST API seems like a better option as it will expose more than just a "change password" service.

<!-- gh-comment-id:52979142 --> @tonioo commented on GitHub (Aug 21, 2014): Hi @kryskool I think the original idea was to be able to modify the password directly from roundcube. A two steps procedure, like the one you propose, is not bad but the REST API seems like a better option as it will expose more than just a "change password" service.
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@jonathan00 commented on GitHub (Nov 10, 2015):

FYI,
vboxadm also implemented an HTTP API on the server side and an roundcube plugin on client side to let users change their passwords (and some other things). Maybe that helps you ;-)

Server side:
https://github.com/dominikschulz/VBoxAdm/blob/master/lib/VBoxAdm/Controller/API.ipm

Client side:
https://github.com/dominikschulz/roundcube-plugin-vboxadm/blob/master/roundcube/plugins/vboxadm/vboxadm.php

<!-- gh-comment-id:155554355 --> @jonathan00 commented on GitHub (Nov 10, 2015): FYI, vboxadm also implemented an HTTP API on the server side and an roundcube plugin on client side to let users change their passwords (and some other things). Maybe that helps you ;-) Server side: https://github.com/dominikschulz/VBoxAdm/blob/master/lib/VBoxAdm/Controller/API.ipm Client side: https://github.com/dominikschulz/roundcube-plugin-vboxadm/blob/master/roundcube/plugins/vboxadm/vboxadm.php
kerem commented 2026-02-27 11:12:06 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Nov 27, 2015):

So, the API part is done. Now, we need a roundcube plugin.

<!-- gh-comment-id:160173134 --> @tonioo commented on GitHub (Nov 27, 2015): So, the API part is done. Now, we need a roundcube plugin.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/sievefilters-allow-email-in-rule-name
dependabot/npm_and_yarn/frontend/axios-1.15.0
translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP
translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP
fix/login-issue-3995
fix/sievefilters-issues
add-vitepress-openapi
2974-dmarc-empty-email
2.3.x
updated-doc-2.3.0
feature/OIDC
delete-all-alarms
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca
1.x
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK
1.8.x
1.7.x
1.6.x
1.4.x
1.3.x
1.2.x
2.8.2
2.8.1
2.8.0
2.7.2
2.7.1
2.7.0
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.1
2.5.0
2.4.11
2.4.10
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.3.0-beta.4
2.3.0-beta.3
2.3.0-beta.2
2.3.0-beta.1
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.1
1.17.0
1.16.1
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.7
1.10.6
1.10.5
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.2.2
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.2.0-rc2
1.2.0-rc1
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8.8
0.8.7
0.8.6.1
0.8.6
0.8.5
0.8.4
0.8.3
0.8.3-rc1
0.8.2
0.8.1
0.8
0.8-rc2
0.8-rc1
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5
0.3
0.2
0.1
Labels
Clear labels   
bug

   
bug

   
dependencies

   
design

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
feedback-needed

   
help-needed

   
help-needed

   
installer

   
invalid

   
looking-for-sponsors

   
modoboa-contacts

   
new-ui

   
new-ui

   
pr

   
pull-request

Mirrored from GitHub Pull Request

  
pyconfr

   
python

   
question

   
security

   
stale

   
webmail

   
wontfix
No labels
bug
bug
dependencies
design
documentation
duplicate
enhancement
enhancement
enhancement
feedback-needed
help-needed
help-needed
installer
invalid
looking-for-sponsors
modoboa-contacts
new-ui
new-ui
pr
pull-request
pyconfr
python
question
security
stale
webmail
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#499
No description provided.