Forum OpenACS Development: Re: refactoring acs-mail-lite for use with imap

8: Re: refactoring acs-mail-lite for use with imap (response to 6)

Posted by Gustaf Neumann on 09/14/17 11:11 AM

OpenACS has multiple variants for signed value checking. The most basic one is the following, where ad_verify_signature_with_expr [1] returns either the expiration time or 0 if the validation fails

set value 123
set secret "secret phrase" 
set signature [ad_sign  -max_age 600 -secret $secret $value]
ad_verify_signature_with_expr -secret $secret $value $signature

-gn
[1] https://openacs.org/api-doc/proc-view?proc=ad_verify_signature_with_expr

9: Re: refactoring acs-mail-lite for use with imap (response to 8)

Posted by Benjamin Brink on 09/14/17 08:59 PM

I see how to use a signed variable for email now.

Where a url is supplied in an email for a user to get via a browser, standard export_vars -sign -url ... applies.

Where input requires authenticating a reply and obtaining associated form inputs, pass the uniqueID mapped to the inputs, where the uniqueID is signed using export_vars and adjusted to fit email message-id specs.

This keeps from leaking data, and message-id is re-generated using existing code.

Thank you, Gustaf!
That makes the implementation much cleaner.