[SIP Beyond VoIP] Sylkserver - authentication against an IMAP server

Tijmen de Mes tijmen at ag-projects.com
Wed Apr 29 14:29:34 CEST 2020 

Hi Valentin,

I looked first at the patch to sylk-webrtc and I have some questions.
If I understand the patch correctly the following is happening:

First you check if the account contains an ‘@‘ sign, if it does, you split it and check if the domain is in the config.nonSipDomain. Then you set ha1 to false.

If this is how it works, then option.ha1 will always be set to false, since you set the defaultDomain to the nonSipDomain in the config.

So I guess the logic needs to change slightly to handle this. Also if the config variable is meant to hold multiple domains, I would call it nonSipDomains.

Tijmen

> Op 7 apr. 2020, om 16:40 heeft Valentin Kleibel <valentin at vrvis.at> het volgende geschreven:
> 
> Hi,
> 
> Thanks for your comments on the code. We've done some work based on them.
> 
>> Unless you have a modified client like yours, this server add-on is kind of useless because it only works for you. We do not want to always send the password in clear text over the web socket, as you require. So if you build a client to use IMAP and you can as well build the server and maintain it yourself.
> 
> We totally agree that sending the plaintext password over ws is a inferior solution if you use sip. unfortunately, to implement any other authentication without even more changes, we need this. therefore we create a configurable client and sylkrtc.js which by default sends ha1 but can be changed to send plain passwords. see patches sylkrtc-ha1-conditional.patch and  sylk-webrtc-ha1-conditional.patch.
> Those don't change the default code path and can be used independently of each other if you want to send ha1.
> 
>> Regarding the patch itself, it is blocking. If the IMAP server is not responding, the whole application is stuck. You should figure out an async way todo the IMAP authentication so that is non-blocking.  If you do this, we may add this functionality to the main server code with some comments about where. To download the modified client.
> 
> We have also written a patch for a non-blocking imap authentication.
> The authentication itself is in a separate auth.py which also facilitates to implement other authentication methods.
> 
> What is your opinion on this approach?
> 
> Regards,
> Valentin
> <sylkrtc-ha1-conditional.patch><sylk-webrtc-ha1-conditional.patch><sylkserver-auth-imap-async.patch>_______________________________________________
> SIPBeyondVoIP mailing list
> SIPBeyondVoIP at lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/sipbeyondvoip

More information about the SIPBeyondVoIP mailing list