SOLVED API for SSO to individual email address rather than account

Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
As I understand it, there is no API call to give webmail access to an individual email account, but the API call cp_create_user_session allows Single Sign On for webmail access to the master email account. Am I missing some technique that would allow me to place the user in a specific webmail account for a specific email once I generate the SSO session?
 
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
Seems like there is.... I see logged sessions from specific email users. :

Code:
Current Sessions (6)
User Session Timestamp Browser Remote Host Authenticated Applications
[email protected] [bdabnchciuc4tfu790fvjfm8q1] Thu, 18 May 2017 10:17:55 -0500 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 static-173-78-153-228.tampfl.fios.frontiernet.net [1.1.1.228] horde, imp, ingo, kronolith, turba, nag, mnemo, trean, timeobjects
master_user [uiqeq53msntd67j8lul5vpdpi7] Thu, 01 Jun 2017 08:03:47 -0500 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 static-173-78-153-228.tampfl.fios.frontiernet.net [1.1.1.228] horde, imp, ingo, kronolith, turba, nag, mnemo, trean, timeobjects
[email protected] [kjjqvok69lus5r547q8oh5qg06] Thu, 18 May 2017 10:21:59 -0500 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 static-173-78-153-228.tampfl.fios.frontiernet.net [1.1.1.228] horde, imp, ingo, kronolith, turba, nag, mnemo, trean, timeobjects
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Am I missing some technique that would allow me to place the user in a specific webmail account for a specific email once I generate the SSO session?
Hello,

Could you clarify how you achieve this outside of the API so we can verify the specific functionality you are seeking?

Thank you.
 
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
If you access the hosting account and navigate to the email, you can get a list of all the email addresses. Each email listed has a webmail link:
<a id="email_table_menu_webmail_8" href="[email protected]&domain=example.com" target="_blank">Access Webmail</a>

Currently, I am only able to direct users to the hosting accounts master email account via webmail with API call create_user_session, using the URL returned. I'd like to send the user to the specific email (even though the user can navigate to the specific email from the master email account).
 
Last edited:
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
The URL I am currently using to login users is:
Code:
https://example.dnc.io:2096/cpsess0892882848/login/?session=username%3arUOiFCt6vTcb5BBv%3acreate_user_session%2cd0dff965711404b736e94dbaf475ba1d
It works, in the sense that the user is taken to that account. But I want a specific account email address
 
Last edited by a moderator:
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
I am going to post some code and attempt to be clear regarding what I am attempting to accomplish.

I want a link from my own web interface directly into a users webmail, accessing the users individual email address.
user username with email addresses [email protected], [email protected], [email protected], [email protected]. I am able to reset the passwords for each of the 4 addresses, I am able to delete the email addresses and I am able to edit the disk quota for each address without sending the user to the cpanel webinterface. However, when I want to read the messages in each address, I have to access the master account and navigate to the specific address. I am looking for a technique to send users directly to their web address account to read their webmail for each specific account.

In my attempt to direct users to their webmail, I have succeeded in using WHM API 1 function create_user_session to generate a session for use on the URL to identify users and allow them to access their webmail account.

As I understand it, I need to use the cpsession##### generated in the create_user_session step to allow users to access directly from my host webinterface to the cpanel webmail interface.
Code:
<PHP code: this code works, we've been using it for a while>
public function runquery($request="", $object=null, $server){
        foreach($object as $key=>$value){
            $params.="&".$key."=".$value;
        }

        $query="https://".$server.":2087/json-api/".$request."?api.version=1".$params;
        $this->curl = curl_init();
        curl_setopt($this->curl, CURLOPT_SSL_VERIFYPEER,0);
        curl_setopt($this->curl, CURLOPT_SSL_VERIFYHOST,0);
        curl_setopt($this->curl, CURLOPT_HEADER,0);
        curl_setopt($this->curl, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($this->curl,CURLOPT_VERBOSE,0);
        $header[0] = "Authorization: Basic " . base64_encode($whm_user.":".$whm_pass) . "\n\r";
        curl_setopt($this->curl, CURLOPT_HTTPHEADER, $header);
        curl_setopt($this->curl, CURLOPT_URL, $query);
        $result = curl_exec($this->curl);

        $code = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);

        if ($result == false){
         $this->error("curl_exec threw error \"" . curl_error($this->curl) . "\" for $query");
        }

        if($code<>200){
          $this->error("Got response ".$code." from ".$server);
        }

// new PHP code:

$decoded_response = json_decode($result, true);
$session_url = urldecode($decoded_response['data']['url']);
// $session_url looks like: [URL]https://host001.example.com:2096/cpsess1506012239/login/?session=username:5ATGAQ7lmtKpNsmu:create_user_session,345e34b4ed19236957ed630a39cc2599[/URL]
// using this URL directly gives no joy

$cookie_jar = 'cookie.txt'; 
curl_setopt($this->curl, CURLOPT_HTTPHEADER, array());           // Unset the authentication header.
curl_setopt($this->curl, CURLOPT_COOKIESESSION, true);          // Initiate a new cookie session.
curl_setopt($this->curl, CURLOPT_COOKIEJAR, $cookie_jar);       // Set the cookie jar.
curl_setopt($this->curl, CURLOPT_COOKIEFILE, $cookie_jar);      // Set the cookie file.
curl_setopt($this->curl, CURLOPT_URL, $session_url);                 // Set the query url to the session login url.
$result2 = curl_exec($this->curl);                                              // Execute the session login call.

$code = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
// $code here responds with http 302. I could filter out 404 etc, but these error codes are not helpful
curl_close($this->curl);
return $result2;
}
</END PHP code>
$result2 looks something like:
Code:
<html><head><META HTTP-EQUIV="refresh" CONTENT="2;URL=/cpsess0123456789/webmail/paper_lantern/index.html?login=1&post_login=63249329327397"></head><body></body></html>

preg_match('/(URL=)(.*)(\"\>\<\/head\>)/', $result2, $match);
I passed this $session_url which looks like:
https://host001.example.com:2096/cpsess0123456789
to the location.href of a javascript embedded in a page, redirecting my users, and splicing on my desired URL:

I also tried passing the URL from $result2, but that doesnt seem to be what I want. I am attempting to generate a URL that looks like when pulled from source code in the interface screen above (more->access webmail):
https://host001.example.com:2096/[email protected]&domain=example.com

Note: The server I am serving this page from is not the same server I a directing the users to their webmail on. I recognize this may be a problem. Is it?

I tried a third round of CURL... which was intended to follow instructions I read indicating that the session id would not be recognized until utilized.

curl_setopt($this->curl, CURLOPT_URL, $query);
$result3 = html_entity_decode( curl_exec($this->curl) );

But pulling the cpsess### from there didn't seem to result in anything useful. Sending the users to that page resulted in invalid token login error.

Where am I going off track?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello Michael,

I'm not sure that functionality is supported. I recommend sending an email to integration [@] cpanel.net to see if one of our integration developers can help clarify if this is possible.

Thank you.
 
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
Yes, @Sebastian Ng I was given a solution by William Little at cpanel integrations. Here is his email:

-----------------------------------------------------------------------------------------------------------------------------
Hi Michael,

I can see our documentation for the 'create_user_session' API call doesn't actually show that email addresses can be passed, but when used with the 'webmaild' service parameter, email addresses are considered valid input, and will take you directly to the Email Addresses webmail interface:

Code:
====
# whmapi1 create_user_session [email protected] service=webmaild
---
data:
cp_security_token: /cpsess1236989019
expires: '1497891424'
service: webmaild
session: [email protected]:5a06TIlYlUxrOxcf:create_user_session,258f3793b015bc151e65a7550ebae7e7
url: https://host.example.com:2096/cpsess1236989019/login/?session=testing%40example2.com%3a5a06TIlYlUxrOxcf%3acreate_user_session%2c258f3793b015bc151e65a7550ebae7e7
metadata:
command: create_user_session
reason: Created session
result: 1
version: 1
====
This may save you the trouble of trying to parse and splice out the correct URI from cPanel > Email > Access Webmail. Please let me know if this information wasn't helpful or if I didn't fully understand your issue.

Thanks,

--
William L.
Technical Analyst
cPanel, Inc.
cPanel Forums

-----------------------------------------------------------------------------------------------------------------------------
So, while manually creating the URL with email user does not work, the API does allow the passing of email (as user) when utilizing create_user_session with webmaild. Good luck!

/Michael
 
Last edited by a moderator:

Sebastian Ng

Member
May 2, 2017
16
4
3
Penang, Malaysia
cPanel Access Level
Root Administrator
Dear @Michael Turner ,

Thank you, i manage to create the user session.
I still facing some problem to open webmail.

I tried
1. "/frontend/paper_lantern/mail/[email protected]&domain=example.com" fail.
2. "webmail/paper_lantern/index.html?login=1" this give me some indication does work properly not expected result.

How did you manage to open webmail?

Sorry to trouble you again.

regards,
Sebastian Ng
 
Mar 31, 2017
18
5
3
Tampa, FL
cPanel Access Level
DataCenter Provider
No, that approach does not work. (IE manually creating a URL behind the session_id does not work.)

What does work is to include the specific email for user -> "[email protected]" as a parameter when generating the session key with API function create_user_session (check manual: WHM API 1 Functions - create_user_session - Software Development Kit - cPanel Documentation).

Note that this email address for user technique only works when service is set to webmaild.

The URL returned by create_user_session is then exactly what you need, you need not try to assemble one manually.

<code>
$data=new stdClass;
$data->user=$email;
$data->service="webmaild";
$data->cpanel_jsonapi_user=$username;
$data->cpanel_jsonapi_module="Email";
$return = create_user_session($data); // function create_user_session should have the curl code--available on cpanel site
</code>

your query for the curl will look like this:

$query= "https://your.server.com:2087/
json-api/cpanel/?cpanel_jsonapi_module=Email&cpanel_jsonapi_apiversion=1&cpanel_jsonapi_func=
create_user_session&user=$email&service=webmaild&cpanel_jsonapi_user=$username";


Note there is both an cpanel_jsonapi_user and the user parameter, which is an email address.

The response will have a URL you can use to access the specific email address account.