keepassxc-mail
keepassxc-mail copied to clipboard
kkapsner
Add support for Cardbook
Hello, Currently, accounts of the extension Carbook does not pick passwords in the KPXC database.
I'm not sure if this is due to KPXC-mail or Cardbook itself though. Please tell me if you need anything on their end and I'll post an issue to them instead.
Probably not the right place for a comment but I wanted to say a big Thank You for creating keepasxc-mail as a TB add-on. I have been using the combination of KeePass and KeeBird until recently but have now switched to KeepassXC and KeePassXC-mail which will make the upgrade for Thunderbird to version 78 much easier. I am also using Cardbook hence excited to see that there is planned support for it in the next KeePassXC-mail version.
I have problems to get all necessary information to do the proper search in the password database. So I think Cardbook and keepassxc-mail have to work together to get this running. Please open an issue at their repository.
Hi @CardBook
good question... I do not want you to build a hard dependency on keepassxc-mail and to be honest the current way I implemented this is kind of hacky (I use an 'experiment' to hook into the necessary functions). But I see no other good way to do it with a mail-extension.
What I basically need is a way to receive the host (including protocol) and the username that CardBook needs the password for. Best would be if the messaging would be asynchronous but synchronous could also work (I use Services.tm.spinEventLoopUntilOrShutdown to achieve that).
What I tried was to intercept the Services.logins.findLogins call which works (not directly but over the storage-json.js) but then I have no clue about the username and the requested realm is not specific enough to deduce the host.
I also tried to hook into cardbookPasswordManager.jsm but this is not working either as you are using it as a sub script and not an import. (This is just a guess but it didn't work.)
So I'm quite open on how to achieve this. Do you have any suggestions? Is there a way for you to detect if keepassxc-mail is installed? I can detect CardBook.
The easiest for me would be if you could call requestCredentials or waitForCredentials directly. But I guess I would have to expose them somehow...
Hi
I'm also open to change everything you want in Cardbook but I don't want to add something to detect keepassxc-mail... maybe the easiest way would be to hook with the file cardbookPasswordManager.jsm ? can't you access the function cardbookRepository.cardbookPasswordManager.getPassword() by loading cardbookRepository ?
the addon simple mail redirection uses this :+1:
registerChromeUrl(context, [ ["content", "cardbook", "chrome/content/"] ]);
try {
cardbookRepository=ChromeUtils.import("chrome://cardbook/content/cardbookRepository.js");
cardbookRepository=cardbookRepository.cardbookRepository;
} catch(e) {
console.debug('SMR: cardbook not installed: '+e);
}
by loading cardbookRepository
This was exactly the piece of information I was missing. I tried to load the cardbookPasswordManager.jsm directly which did not work.
Please try keepassxc-mail-0.1.7.2.zip.
The necessary information for the entry in the password database can be seen in the console (I have very limited access/experience with CardBook):
Kudos to you who are working together on this subject. Love your professional approach and achieving results. Keepassxc-mail and Cardbook are core, important apps for me and we try to recommend them to our customers for wider use.
Hi @kkapsner
How do you make it work (I've installed KPXC on my Ubuntu, and created one database, and the above addon in Thunderbird), but this seems not to work....
@CardBook: what exactly is not working? Did you follow the instruction in the readme? Any entries in the console?
oki I've now followed the readme instructions and I'm a bit further :)
so I see entries in the console (but when I open the KPXC standalone program, these entries weren't inserted) :
got credential request:
{…}
host: "oauth://accounts.google.com"
login: "[email protected]"
<prototype>: Object { … }
main.js:118:10
Error 15: Aucuns identifiants trouvés keepass.js:1142:13
but when I want to sync a remote account, the sync fails with this :
2021.03.12 14:02:39:131 : cardbookSynchronization.syncAccount error : TypeError: originalGetPassword.get is undefined
Oh - my bad (copy/paste at almost midnight is not the best idea...) try this: keepassxc-mail-0.1.7.2.zip
now the sync is OK, all seems OK...
but to understanf where are put all those entries ?... I can't find anything in KPXC...
oauth is a little bit complicated to use so I will touch on it later. First on a normal login:
If you see something like got credential request: {host: "smtp://smtp.host.com", login: "[email protected]"} you create an entry in KeePassXC with "[email protected]" as username, your password and "smtp://smtp.host.com" as URL.
oauth would work similarly BUT you usually don't know your token. So you do the normal steps you would in CardBook to login (keepassxc-mail could help there as well - what is the chrome URL of you overlay where the login is done?) and let it write your token to the Thunderbird password manager (in a next step we could intercept this and store the token directly in the database. I would intercept addPassword for that. Is this the only place you write to the password manager?). Then you can retrieve the token from the password manager, copy it to the database and delete the token in Thunderbird.
CardBook gets the refresh tokens with these 2 functions for Google : (cardbookRepository.cardbookSynchronizationGoogle.requestNewRefreshTokenForGoogleCarddav() and cardbookRepository.cardbookSynchronizationGoogle.requestNewRefreshTokenForGoogleClassic() and this single function for Yahoo : cardbookRepository.cardbookSynchronizationYahoo.requestNewRefreshTokenForYahoo()
once these refresh tokens are obtained (and stored), the sync is made using access tokens that are asked with the refresh tokens.
I still do not see my Thunderbird passwords coming into the standalone program KPXC, what am I missing ?
It's usually the other way round. The passwords are entered in KPXC and then requested by Thunderbird.
Where do you enter passwords in Thunderbird that should be commin gto KPXC?
the password are added with the function cardbookRepository.cardbookPasswordManager.rememberPassword(), so it is triggered when adding a new address book, when syncing if the password is not correct or known, and a little case in CardBook preferences if you want to open a soft phone with an URL...
Would like to add here that the move to keepassxc-mail-0.1.7.2.zip from previous 0.1.7.1 made the difference with the Cardbook integration and I do not need to store a password for this any longer in Thunderbird. Instead, the password when needed (i.e. during synch operation) is taken from the Keepass-XC database entry.
In my case, the contacts are synched to our SOGo backend and my Keepass-XC entry looks like the below (a bit obfuscated):
https://sogo.xyz.nz/SOGo/dav/
Thanks for your work on this!
@kkapsner, why don't you add version 0.1.7.2 to releases? The latest version in releases (0.1.7.1) still has this issue.
@CardBook: your (and my) changes for the latest Thunderbird broke the integration (see #111) and my fix for it got rejected:
- Please get in touch with the developer of CardBook to create an official WebExtension API interface for accessing the passwords, using runtime messaging. The implementation on CardBook's side needs to get consent from the user to expose the passwords.
The current implementation is rejected, because it violates our review policies: Add-ons always have to use available WebExtension APIs instead of Experiments.
I am open for suggestions.