[nodebb-plugin-calendar] Fully featured calendar plugin for NodeBB - Testers needed


  • @julian Okay, yes, this should work. ICS-Export is not extremely secure. There is a wide range of apps, that can import ICS, but I guess many of them have no ssh-key-validation included and accept any key.

    Who enables ICS-export should know, that a capable attacker can find a way to get the ICS of some users.

    Hopefully next week, I may find time to have a look on it.

  • GNU/Linux Admin

    @MitjaStachowiak wait, did I say that it wasn't going to go away?

    Now I am thinking that maybe it should go away 😔 the rss token functionality could potentially be rolled into the already existing API token feature...

    That said there are a lot of steps between here and using the API token for this ... The main stumbling block being done RSS clients do not send customizable headers when grabbing RSS feeds... So it might be a no-go from the start.

    Anyway, just thinking aloud.


  • @julian The ICS-Export in my calendar works with an URL like

    https://theforum.xy/app.php/calendar/?action=ics&user=2&password=XXXXXX&from=D-10&promoters=27,8
    

    User ID (here 2) and a special password (here XXXXXX) are given in the URL. Yes, it is possible to use HTTP-Passwords as well, but not all clients support this. So I decided to go for the URL-password.

    The script, that generates the ICS must be accessible for public. You simply give each user an extra ICS-key in the database and grab the events directly from there. If the rss-token can be used for this - nice. If not, the addon needs to add an extra column in the db.

    phpBB has a migrationsystem, that manages databasemodifications for extensions and I needed a felt couple of months to understand this 😜 . If someone gives me a code point, where the special-key-authentification is done and a database access is possible, I can write the ICS composition for export.


Suggested Topics

| | |

© 2014 – 2022 NodeBB, Inc. — Made in Canada.