Menu
▾
▴
squirrelmail-plugins
|
From: Alexey S. <al...@sh...> - 2021-05-29 10:26:08
|
Hi all, I'm developing a plugin which lets SquirrelMail use CardDAV server as an addressbook backend. It's based on https://github.com/mstilkerich/carddavclient and for now I'm just copying code from its quickstart.php example script into the "Address book backend template" SquirrelMail plugin. As of today, listing of all addresses and adding new ones works, so it can be used in a "read-and-append-only" mode (editing and deleting existing entries not implemented yet). Code is at https://github.com/Lex-2008/abook_carddav My main question is: does anyone else feel interested in using this plugin or am I doing it only for myself? If if will have any other users - I will add some user-visible options, otherwise they all will be hardcoded. Thanks, Alexey. |
|
From: tlhackque <tlh...@ya...> - 2021-05-29 14:35:28
Attachments:
OpenPGP_signature
|
On 29-May-21 06:26, Alexey Shpakovsky wrote: > My main question is: does anyone else feel interested in using this plugin > or am I doing it only for myself? If if will have any other users - I will > add some user-visible options, otherwise they all will be hardcoded. > > Thanks, > Alexey. > I might try it, but it's not a high priority. This list is not very active - there were 6 posts last year and 2 in 2019. Not sure where you might get a wider audience; -devel is also quiet. FWIW, my cardDAV address books (I have more than one) each run several hundred addresses, so address completion (full and/or partial) is pretty much required for it to be useful. Also, squirrelmail seems to be used as lightweight MUA, especially where bandwidth is limited and/or expensive. So listing "all" and/or generating a lot of client traffic should be avoided. Better to send the server a partial name and get back only matches. "carddavclient" mentions a local cache - if this is in the squirrelmail browser, you need to consider how the end user can flush it/ensure it disappears - e.g. when a shared/public PC is used. There's likely to be a lot of effort required between "works for me" and "others can use in production"... |
|
From: Alan in T. <squ...@fi...> - 2021-05-29 16:14:20
|
On Sat, May 29, 2021 6:26 am, Alexey Shpakovsky via squirrelmail-plugins wrote: > Hi all, > > I'm developing a plugin which lets SquirrelMail use CardDAV server as an > addressbook backend. It's based on At one time I might have been interested. I've worked with others on development of a couple of plugins "back in the day". Nowadays, SquirrelMail is virtually dead. Its user base is almost gone as large installations have moved on to newer mail clients that are in active development. There hasn't been an official stable release in ten years, raising questions about security. Most people don't want such an old client, especially given potential security issues. It was a terrific tool at one time, but its time has passed, unfortunately. Still, if it serves your needs, then that's great. Just don't be surprised if you end up coding this plugin just for yourself. Good luck. |
|
From: Alexey S. <al...@sh...> - 2021-05-29 17:02:29
|
On Sat, May 29, 2021 18:26, Alan in Toronto wrote: > On Sat, May 29, 2021 6:26 am, Alexey Shpakovsky via squirrelmail-plugins > wrote: >> Hi all, >> >> I'm developing a plugin which lets SquirrelMail use CardDAV server as an >> addressbook backend. It's based on > > At one time I might have been interested. I've worked with others on > development of > a couple of plugins "back in the day". > > Nowadays, SquirrelMail is virtually dead. Its user base is almost gone as > large > installations have moved on to newer mail clients that are in active > development. > There hasn't been an official stable release in ten years, raising > questions about > security. Most people don't want such an old client, especially given > potential > security issues. While I agree with you, to be completely fair to Paul it worth noting that there were almost 50 commits this year, according to https://sourceforge.net/p/squirrelmail/code/commit_browser And yes, for some (at least for me) it feels much faster/snappier than other webmail clients that I looked into, and almost as fast as desktop mail clients (except synchronization phase when you just need to wait until Thunderbird crunches through all your emails). > It was a terrific tool at one time, but its time has passed, > unfortunately. Still, > if it serves your needs, then that's great. Just don't be surprised if you > end up > coding this plugin just for yourself. Good luck. Thanks for the warm words, Alan! And no problem, it's not the first plugin I'm coding for myself only :) Alexey. |
|
From: Ted H. <te...@io...> - 2021-05-30 00:47:24
|
On Sat, 29 May 2021, Alexey Shpakovsky via squirrelmail-plugins wrote: > Hi all, > > I'm developing a plugin which lets SquirrelMail use CardDAV server as an > addressbook backend. It's based on > https://github.com/mstilkerich/carddavclient and for now I'm just copying > code from its quickstart.php example script into the "Address book backend > template" SquirrelMail plugin. > > As of today, listing of all addresses and adding new ones works, so it can > be used in a "read-and-append-only" mode (editing and deleting existing > entries not implemented yet). Code is at > https://github.com/Lex-2008/abook_carddav > > My main question is: does anyone else feel interested in using this plugin > or am I doing it only for myself? If if will have any other users - I will > add some user-visible options, otherwise they all will be hardcoded. > > Thanks, > Alexey. > > > > Despite what others might say I would be interested in a cardDAV plugin. Ted. |
|
From: Alexey S. <al...@sh...> - 2021-06-01 19:56:34
|
On Sat, May 29, 2021 16:35, tlhackque via squirrelmail-plugins wrote: > I might try it, but it's not a high priority. It looks like there are only three of us interested in this plugin, so I suggest let's take it off-list. I'll contact you and Ted privately. If someone else want to join - let me know or check this repo: https://github.com/Lex-2008/abook_carddav - I'll try to keep readme up to date as long as repo is maintained. > FWIW, my cardDAV address books (I have more than one) each run > several hundred addresses, so address completion (full and/or > partial) is pretty much required for it to be useful. Also, > squirrelmail seems to be used as lightweight MUA, especially > where bandwidth is limited and/or expensive. So listing "all" > and/or generating a lot of client traffic should be avoided. Better to send the server a partial name and get back only matches. Agreed! I assume you mean "autocomplete" plugin? It indeed has two modes of operation: "Pre-load Contacts" (insert your whole addressbook into "compose" page) or send a request to server after each typed character. Although in my case (single hundred addresses) it takes almost same time to load "compose" page with whole address book (~600ms) as to find a single matching entry for a typed email address (~500ms). So preloading it is for me, then :) > "carddavclient" mentions a local cache - if this is in the > squirrelmail browser, you need to consider how the end user can > flush it/ensure it disappears - e.g. when a shared/public PC is used. No, I believe it's to synchronize CardDAV and squirrelmail servers. I haven't figured out how it works exactly (carddavclient doesn't have API to save/load the cache), and it sounds like an idea for a different plugin - which will just synchronize squirrelmail addressbook with a remote one. This plugin just proxies requests from squirrelmail ("give me all contacts whose name starts with A") to CardDAV server. > There's likely to be a lot of effort required between "works for me" > and "others can use in production"... Agreed. And it looks like there are not that many people eager to run it in production, so guess I won't be putting too much effort in moving it too far from "works for me" state. Alexey |
|
From: Paul L. <pa...@sq...> - 2021-06-07 03:33:23
|
On Tue, June 1, 2021 7:56 pm, Alexey Shpakovsky via squirrelmail-plugins wrote: > On Sat, May 29, 2021 16:35, tlhackque via squirrelmail-plugins wrote: >> I might try it, but it's not a high priority. > > It looks like there are only three of us interested in this plugin, On mailing lists there are always people reading but not responding, or people who may see your posts at a later date, which makes it valuable to have such conversations here. > so I suggest let's take it off-list. I'll contact you and Ted privately. If > someone else want to join - let me know or check this repo: I don't see any reason why having a private conversation is any more useful, whereas you always have the ability to get feedback at any point in the conversation from more people if you talk in public. Cheers, -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Alexey S. <al...@sh...> - 2021-06-09 21:45:41
|
On Mon, June 7, 2021 05:32, Paul Lesniewski wrote:
> On Tue, June 1, 2021 7:56 pm, Alexey Shpakovsky via squirrelmail-plugins
wrote:
>> It looks like there are only three of us interested in this plugin,
> On mailing lists there are always people reading but not responding, or
people who may see your posts at a later date, which makes it valuable to
have such conversations here.
Sounds reasonable! Then let me paste here (slightly amended) email which I
sent privately.
First, few notes on compatibility:
---------------------------------
* The carddavclient library that this plugin is using requires something
like php 7.1 or 7.4, and I doubt I can decrease its requirements :)
* I'm currently using and testing this plugin in SquirrelMail 1.2.23 SVN
(recent snapshot), but it should be easy to adapt to other versions, if
someone finds a compatibility issue.
Then, my biggest question:
-------------------------
What are your opinions about mapping of vcard fields (name, org, title,
notes, address, phone, etc - there are plenty of them) to SquirrelMail
address book fields (name, nickname, info)?
Note that SquirrelMail uses "nickname" field as unique key to identify
address book entries when editing/deleting them: when user clicks a button
to delete an address, SquirrelMail tells addressbook backend: "please
delete user with this nickname". For CardDAV servers, such unique keys are
otherwise meaningless URIs.
Also SquirrelMail supports only one email address per contact, while vcard
can have multiple.
So I came up with this otherwise strange idea: add an option (checkbox)
whether addressbook is writeable, and make field contents depend on it:
* when addressbook is in read-only mode, "nickname" field in SquirrelMail
shows content of "organisation" field in vcard.
* when addressbook is write-enabled, "nickname" field contains vcard URI,
and "info" field contains value of "organisation" field from vcard (which
you actually can edit).
Moreover, when addressbook is in read-only mode, each vcard is repeated as
many times as there are email addresses in it, and also "info" field has
different phone numbers (but you can't edit them).
Sounds messy, but works nice in my case :)
I of course would like to hear other opinions: how do __you__ think it
should be done or how would you like to see it?
Installation instructions:
-------------------------
Described in the repo readme, but TL;DR version is:
* download or clone that repo
* extract it into "abook_carddav" subdir in your plugins directory
* open "discover" page at
{your.squirrelmail.installation}/plugins/abook_carddav/discover.php - for
example, if your main squirrelmail page URL looks like this:
https://mail.example.com/src/webmail.php
then URL of the "discover" page is this:
https://mail.example.com/plugins/abook_carddav/discover.php
* If everything goes well, it should show you a form with three fields.
Exact content of first one depends on your CardDAV server setup, but in
some cases it's enough to provide just hostname, in other cases you can
provide full URL to dav endpoint - for example, in case of Baikal server
running on https://baikal.example.com:8000/, discovery URL is
https://baikal.example.com:8000/dav.php . Valid username and password are
required to find addressbooks available to a specific user.
* after submitting that form, scroll to the very bottom. If you see a
number greater than 0 after "Addressbooks discovered:" - you're lucky :)
In my case, I have this:
Addressbooks discovered: 1
* Name: Default addressbook
Addressbook URI:
https://baikal.example.com:8000/dav.php/addressbooks/alexey/default/
Base URL: https://baikal.example.com:8000
(where "default" is addressbook name)
* After that, enable the plugin if you haven't done so yet, and enter
Addressbook URI together with Base URL and you username/password into
relevant fields at the bottom of Options - Display Preferences page.
Note about password storage:
---------------------------
This plugin has three options regarding password storage:
* use same password for CardDav account as for IMAP (usually it's the
password you enter to login to SquirrelMail) - obviously it's the best
option from the password storage point of view, but only if your CardDav
and IMAP accounts have the same password (note that usernames might
differ).
* _encrypt_ your CardDav password using your IMAP password - probably the
best option in all other cases, but remember that you will have to
re-enter your CardDav password (for it to be re-encrypted) in case your
IMAP password changes. _Encryption_ used here is basically XORing CardDav
password with sha256 checksum of IMAP password and storing the result.
* No encryption, CardDav password is stored in your prefs file in plain text.
Obviously, in last case if someone gets hold of your prefs file (malicious
server admin, php script, or via backups) - they can read your CardDav
password from it.
In second case, in addition to copy of your prefs file, they need to know
your IMAP password - and then they can find out your CardDav password.
If anyone has a better (more secure) idea of password storage - please let
me know!
Also, when user switches from first option ("use IMAP password") to last
one ("store password in plaintext") - their IMAP password appears in prefs
file in plain text. Fixing this is first item on my list.
Some more notes:
---------------
* Currently, CardDav server/account is configured by each user
individually, although it should be pretty easy to add an option of
admin-specified "global" or per-user CardDav server/account.
* Also, it should be pretty simple to implement multiple CardDav address
books (just call add_account function multiple times with different
arguments), but I don't have good idea how to implement it UI-wise.
Thoughts, comments?
Alexey.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X