Results 1 to 5 of 5

Thread: [SOLVED] Test to see if application is being run by authenticated user

  1. #1
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default [SOLVED] Test to see if application is being run by authenticated user

    Hello,

    I am nearly finished porting a PHP application to a Zimbra 5.0 server. It will be invoked using a zimlet. It uses a "normal" web server (i.e. not Zimbra) which is guaranteed to be on the same server as the Zimbra server. It uses a different port, and uses SSL (https) only.

    Everything works fine, except that I need to validate the application was invoked via the Zimlet and not merely connected to from the "outside" (i.e. from the internet). Here's the application flow:

    - User logs into Zimbra, sees and clicks on Zimlet
    - Zimlet has an action url that says "https://host.domain:20443/some/path
    - PHP app is at /some path and is handled by the other web server
    - The app validates that this user has already logged into Zimbra and does not have to re-authenticate.

    Here's the zimlet:

    <zimlet name="com_phpministry_oss" version="1.0" description="Database">
    <includeCSS>oss.css</includeCSS>
    <resource>oss.gif</resource>
    <zimletPanelItem label="Manage All My Seminars" icon="oss-panelIcon">
    <toolTipText>Right-click to Schedule Seminar</toolTipText>
    <contextMenu>
    <menuItem label="Online Seminar Scheduling" id="mail.testserver.us:20443/oss" icon="oss-panelIcon">
    <canvas type="window" title="Support Form" />
    <actionUrl method="post" target="https://mail.testserver.us:20443/oss">
    <param name="param">${setting.USERNAME}</param>
    </actionUrl>
    </menuItem>
    </contextMenu>
    </zimletPanelItem>
    </zimlet>

    The problem:

    A user from the outside can connect to this URL directly from the outside. I need a piece of code in
    /some/path/index.php

    that says:

    if ($This came from the Zimlet)
    {
    echo "It's ok to enter"
    }
    else
    {
    echo "It's not ok to enter";
    }

    How do I test to see if this user has actually gotten here via the zimlet?

    Thanks and regards,

    Dave

  2. #2
    Join Date
    Mar 2008
    Posts
    40
    Rep Power
    7

    Default

    You could send a SOAP request to Zimbra to authenticate the user. See this.

  3. #3
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default zm_auth_no longer passed

    I thought about that, but ZM_AUTH_TOKEN is no longer passed from the zimlet to the application in a cookie as it used to be under 4.5.6_GA_1044.RHEL5_20070706163724 (my production box, where I also tested that possibility).

    Is the value of ZM_AUTH_TOKEN available to the Zimlet where I could pass it as a parameter to the app, something like:

    <param> ${ZmSetting.ZM_AUTH_TOKEN} </param>

    from within the Zimlet?

    Thanks and regards,

    Dave

  4. #4
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default Mea Culpa

    Oy.

    Zimbra DOES pass ZM_AUTH_TOKEN in v5. I had changed the domain (mail.test.us and test.us), so the cookie didn't make it to my php app. I'm going to try the soap call now.

    Thank you, agnes

  5. #5
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default works now

    The authorization token did, indeed, show up when the domains were the same. Cocurrently, I figured out how to get a SOAP call to work in PHP, and I used the ZM_AUTH_TOKEN to validate, and all is working now.

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  2. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  3. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 06:38 PM
  4. Network edition - strange behavior
    By goetzi in forum Installation
    Replies: 6
    Last Post: 11-16-2005, 02:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •