Univention Bugzilla – Bug 50077
Add support for OX Mail App
Last modified: 2020-01-28 16:39:44 CET
The mobile (Android / iOS) app from OX needs server side support. The free-for-test version should allow to use the app without further configuration. If users have a OX license, facilitate the installation of push certificates, so push notifications are used.
* new package univention-ox-mobile-api-facade will install all requirements * non-paying customers will have to use "reload", but otherwise the mail app will work out of the box * paying customers will automatically get push notifications * created a new app version (7.10.2-ucs2) * updated README_UPDATE* * updated ox-repo-to-uapp.sh to download facade package [4.4 4a55a16] Bug #50077: add support for OX Mail App univention-ox (11.0.0-25) This must be considered WIP until OX created the repository for the push certificates package. Then the entry in "COMPONENTS" in univention-ox/65univention-ox.inst may have to be adapted.
[4.4 e01002d] Bug #50077: add repos for mail push
Updated the READMEs and added a "Recommends:" for the push certificates package: [4.4 850740a] Bug #50077: add Recommends for push certificates package [4.4 6af1868] Bug #50077: advisory univention-ox (11.0.0-28) The new integration packages and README* were uploaded to the test app center (app version is 4.4/oxseforucs=7.10.2-ucs3).
Important manuals used for implementation: https://oxpedia.org/wiki/index.php?title=AppSuite:OX_Mail_App https://oxpedia.org/wiki/index.php?title=AppSuite:Mobile_API_Facade https://documentation.open-xchange.com/7.10.2/middleware/mail/dovecot/dovecot_push.html https://documentation.open-xchange.com/7.10.2/middleware/mail/mail_push.html https://doc.dovecot.org/configuration_manual/push_notification/ Changes: The new OX repositories "mobileapirestricted200" and "mobileapi167" have been introduced by the joinscript 65univention-ox.inst (joinscript version has been increased). → requires execution of join script The UCR template for /etc/apache2/conf-available/proxy_http_ox_100_appsuite.conf has been extended for the ProxyPass for /preliminary. An UCR template for /etc/apache2/conf-available/proxy_http_ox_130_facade.conf has been added. The meta package univention-ox-mobile-api-facade has been introduced and is automatically installed together with univention-ox-meta-singleserver. REOPEN: where does univention-ox-mobile-api-facade have to be installed in a distributed installation? Unused files have been removed from git: univention-ox/debian/univention-ox-common.{postrm,preinst,postinst} univention-ox/debian/univention-ox-framework.{postrm,postinst,preinst} In univention-ox-mobile-api-facade.postinst the file /opt/open-xchange/etc/pns.properties is created if missing, so ox/cfg/pns.properties/com.openexchange.pns.transport.apn.ios.enabled?true and ox/cfg/pns.properties/com.openexchange.pns.transport.gcm.enabled?true will become effective. univention-ox.postinst now also creates the UCR variables ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.login and ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.password and the corresponding secret file /etc/ox-secrets/rest-api-basic-auth.secret /etc/dovecot/conf.d/30-ox-push-notifications.conf has been introduced in univention-mail-dovecot-ox and configures push notifications for dovecot. The notifications are sent to http://{login}:{password}@localhost:8009/preliminary/http-notify/v1/notify The credentials are read from UCR variable ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.login and the file /etc/ox-secrets/rest-api-basic-auth.secret. REOPEN: ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.password that usually contains the value "@&@/etc/ox-secrets/rest-api-basic-auth.secret@&@". Therefore this is slightly inconsistent - do we have to fix this? I fixed the file permissions of the file /etc/dovecot/conf.d/30-ox-push-notifications.conf generated by a UCR template. Before the fix, the file was owned by root:root with 0o644 permissions. Now, the file is owned by root:dovecot with 0o640. [4.4] bc9db64 Bug #50077: fix file permissions of 30-ox-push-notifications.conf Package: univention-mail-dovecot-ox Version: 3.0.0-4A~4.4.0.201911192138 Branch: ucs_4.4-0 Scope: oxse4ucs REOPEN: but unfortunately after updating to the newest packages, there is no notification at all shown within /var/log/open-xchange/mobile-api-facade/* if an email is sent to a testuser.
OX Guard: [4.4] d72cbc1 Bug #50077: move preliminary resource and REST authentication to univention-ox [4.4] 4920de4 Bug #50077: advisory univention-ox-guard (5.0.2-3)
Thanks for writing the details down. (In reply to Sönke Schwardt-Krummrich from comment #4) > The meta package univention-ox-mobile-api-facade has been introduced and is > automatically installed together with univention-ox-meta-singleserver. > REOPEN: where does univention-ox-mobile-api-facade have to be installed in a > distributed installation? "To be able to use the native mail apps the Mobile API Facade needs to be installed in front of the OX App Suite middleware." → https://oxpedia.org/wiki/index.php?title=AppSuite:Mobile_API_Facade#Introduction If can run as a separate process on a dedicated machine and connect through <com.openexchange.mobile.api.facade.MiddlewareBaseUrl> to the OX middleware. In a cluster setup it should connect to the middleware load balancer. In the default UCS scenario it will simply be installed alongside the OX middelware and connect to $hostname. > univention-ox.postinst now also creates the UCR variables > ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.login and > ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.password > and the corresponding secret file /etc/ox-secrets/rest-api-basic-auth.secret > > /etc/dovecot/conf.d/30-ox-push-notifications.conf has been introduced in > univention-mail-dovecot-ox and configures push notifications for dovecot. > The notifications are sent to > http://{login}:{password}@localhost:8009/preliminary/http-notify/v1/notify > The credentials are read from UCR variable > ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.login and > the file /etc/ox-secrets/rest-api-basic-auth.secret. > > REOPEN: > ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.password > that usually contains the value > "@&@/etc/ox-secrets/rest-api-basic-auth.secret@&@". Therefore this is > slightly inconsistent - do we have to fix this? The problem is, that @&@/fi/le@&@ cannot be used in Python code. So I assumed that nobody will change ox/cfg/server.properties/com.openexchange.rest.services.basic-auth.password. the alternative is more complicated code to handle the case of a UCR value starting with "@&@" differently to the value being the password itself. A simple regex can do it. I could implement it in the template, I just wasn't sure that's really necessary.
In Dovercot the METADATA extension had to be enabled and the sending of the suername instead of the email address. OX Appsuite Repo: [4.4] 6b382f8 Bug #50077: send username instead of mailPrimaryAddress [4.4] 43f8199 Bug #50077: activate dovecot METADATA extension [4.4] e161eb3 Bug #50077: advisory update univention-mail-dovecot-ox (3.0.0-6)
$ ~/git/jenkins/ucsschool-errata-announce/copy_app_binaries -a oxseforucs \ --manufacturer Open-Xchange -r 4.4 -v "7.10.2-ucs3" -u univention-ox.yaml [INFO]: Done [WARNING]: No targetdir specified: using temporary directory '/tmp/app_binaries.LVfZzi' [INFO]: Checking config... [INFO]: Copying files to '/tmp/app_binaries.LVfZzi' ... [INFO]: Found binary package: univention-ox [INFO]: Found binary package: univention-ox-meta-singleserver [INFO]: Found binary package: univention-ox-mobile-api-facade [INFO]: Found binary package: univention-ox6transition Downloaded packages: univention-ox_11.0.0-32A~4.4.0.201911191756_all.deb univention-ox-meta-singleserver_11.0.0-32A~4.4.0.201911191756_all.deb univention-ox6transition_11.0.0-32A~4.4.0.201911191756_all.deb univention-ox-mobile-api-facade_11.0.0-32A~4.4.0.201911191756_all.deb Upload the files listed above to test app center (4.4/oxseforucs=7.10.2-ucs3)? Then enter the following string in reverse order: 196449 > 944691 [INFO]: executing ['univention-appcenter-control', 'upload', '4.4/oxseforucs=7.10.2-ucs3', '/tmp/app_binaries.LVfZzi/univention-ox_11.0.0-32A~4.4.0.201911191756_all.deb', '/tmp/app_binaries.LVfZzi/univention-ox-meta-singleserver_11.0.0-32A~4.4.0.201911191756_all.deb', '/tmp/app_binaries.LVfZzi/univention-ox6transition_11.0.0-32A~4.4.0.201911191756_all.deb', '/tmp/app_binaries.LVfZzi/univention-ox-mobile-api-facade_11.0.0-32A~4.4.0.201911191756_all.deb'] Curling https://provider-portal.software-univention.de/univention/auth Curling https://provider-portal.software-univention.de/univention/command/appcenter-selfservice/api Curling https://provider-portal.software-univention.de/univention/command/appcenter-selfservice/query Uploading /tmp/app_binaries.LVfZzi/univention-ox_11.0.0-32A~4.4.0.201911191756_all.deb Uploading /tmp/app_binaries.LVfZzi/univention-ox-meta-singleserver_11.0.0-32A~4.4.0.201911191756_all.deb Uploading /tmp/app_binaries.LVfZzi/univention-ox6transition_11.0.0-32A~4.4.0.201911191756_all.deb Uploading /tmp/app_binaries.LVfZzi/univention-ox-mobile-api-facade_11.0.0-32A~4.4.0.201911191756_all.deb Curling https://provider-portal.software-univention.de/univention/upload/appcenter-selfservice/upload Finished uploading. [INFO]: Removing temporary directory '/tmp/app_binaries.LVfZzi' [INFO]: Done $ Please note: if the package open-xchange-mobile-api-facade-push-certificates containing the push certificates is not installed, the following message appears in /var/log/open-xchange/open-xchange.log.0: 2019-11-24T15:58:51,675+0100 INFO [PushNotificationServiceImpl-0000004] com.openexchange.pns.impl.PushNotificationServiceImpl.getHitsPerTransport(PushNotificationServiceImpl.java:531) No transport 'gcm' for client 'open-xchange-mobile-api-facade' available, skipping notificaton. But push does not work: univention-install open-xchange-mobile-api-facade-push-certificates → sent mail → no push, no log message service open-xchange-mobile-api-facade restart → sent mail → no push, no log message service open-xchange restart → sent mail → no push, no log message service open-xchange-mobile-api-facade restart → sent mail → no push, no log message service dovecot restart → sent mail → no push, no log message
The updated packages have been uploaded to the test app center. Dovecot does push now notifications to OX. [4.4] f1d68e5 Bug #50077: fix typo [4.4] 019582b Bug #50077: advisory update https://doc.dovecot.org/configuration_manual/imap_metadata/ https://doc.dovecot.org/configuration_manual/push_notification/ https://documentation.open-xchange.com/7.10.2/middleware/mail/dovecot/dovecot_push.html
(In reply to Daniel Tröder from comment #9) > The updated packages have been uploaded to the test app center. > Dovecot does push now notifications to OX. I can confirm this for iOS and Android devices. > * created a new app version (7.10.2-ucs2) Another release has been published in the meantime → support for OX Mail app has been implemented in version 7.10.2-ucs3 OK: code change OK: installation OK: update OK: changelog entry OK: functional change OK: package built and installable
Released in App 7.10.2-ucs3 on 2020-01-09.