View Issue Details

Jump to NotesJump to History
This bug affects 2 person(s).
 266
IDProjectCategoryView StatusDate SubmittedLast Update
15664Feature requestsSecuritypublic2019-12-17 12:502022-05-20 11:42
ReporterIndispirit Assigned To 
PrioritynoneSeverityfeature 
Status newResolutionopen 
Summary15664: [feature request] OAuth implementation
Description

Implement OAuth for LS email settings

Email providers are shifting to OAuth to allow app access so requesting that LS support OAuth in email settings.

Example: LS currently accesses Gsuite from Google by taking the login details of a Gsuite account in LS global email settings. Gsuite classifies applications that do this as 'LSAs' - Less Secure Applications and to allow LS to access Gsuite this way currently, you have to provide an extra permission.

Google plans to turn off access for LSAs and only permit access via OAuth: "

Access to LSAs will be turned off in two stages:

1. June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
2. February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts."
TagsNo tags attached.
Bug heat266

Users monitoring this issue

User List DenisChenu, Leithy

Activities

DenisChenu

DenisChenu

2019-12-18 16:01

developer   ~55069

It's one of the reason to rewrite mail system in 4 and extend clearly PHPMailer.
https://github.com/LimeSurvey/LimeSurvey/blob/3ca1be07878d3e3953a7aa38bf7fb5f85345ccb8/application/core/LimeMailer.php#L495
Sample plugin : https://github.com/LimeSurvey/LimeSurvey/tree/develop/application/core/plugins/mailSenderToFrom (more easy this one)
Leithy

Leithy

2022-05-18 14:51

reporter   ~69782

According to this http://www.pmail.com/newsflash.htm Google will require Oauth2 by the end of May 2022 - this month. Would it be worth having this issue bumped up the priority list?
DenisChenu

DenisChenu

2022-05-18 14:56

developer   ~69784

The cost of the assessment typically varies between $10,000 -$75,000 (or more) depending on the size and complexity of the application; smaller applications may see costs at a lower threshold of $4,500.

leave google …
DenisChenu

DenisChenu

2022-05-18 14:56

developer   ~69785

And again : it can be done in plugin
Leithy

Leithy

2022-05-19 13:09

reporter   ~69846

"...leave Google"

Lol...

"...can be done in plugin": Most certainly but many of the existing features could be plugins, including all the SMTP settings. I think a more nuanced rule is used in practice ;)

image.png (9,169 bytes)   
image.png (9,169 bytes)   
DenisChenu

DenisChenu

2022-05-19 14:15

developer   ~69852

Did you really read the link

"Every app that requests access to restricted scope Google user´s data … may see costs at a lower threshold of $4,500."

I confirm : leave google.
Leithy

Leithy

2022-05-19 14:20

reporter   ~69853

Irrelevant to this issue (relates to Android app publishing)?

LimeSurvey doesn't seem to be leaving Google - see image for three Google specific settings in Global Configuration.

NB Oauth2 isn't even just for Google, it's a standard (rammed through by Google) for what that's worth
c_schmitz

c_schmitz

2022-05-20 09:15

administrator   ~69897

So according the schedule Google has deactivated LSA a long time ago.
I did not hear from our user base so far that sending invitations using Gmail would not work.
So, it is not possible to use Google Mail with LimeSurvey now?
Leithy

Leithy

2022-05-20 11:25

reporter   ~69906

I think they planned to do it 2020 but delayed it due to the pandemic.

Seems that it the switchover date for mandatory Oauth2 is now 30 May 2022:

https://support.google.com/mail/thread/153515128/which-email-client-will-work-with-gmail-after-30th-may-2022?hl=en
https://github.com/k9mail/k-9/issues/5956
https://www.ghacks.net/2022/04/06/thunderbird-91-8-0-makes-important-changes-to-google-mail-accounts/
Leithy

Leithy

2022-05-20 11:42

reporter   ~69907

Found the actual announcement on LSAs:

https://support.google.com/accounts/answer/6010255

Issue History

Date Modified Username Field Change
2019-12-17 12:50 Indispirit New Issue
2019-12-18 16:00 DenisChenu Issue Monitored: DenisChenu
2019-12-18 16:01 DenisChenu Note Added: 55069
2022-05-18 14:51 Leithy Note Added: 69782
2022-05-18 14:51 Leithy Bug heat 254 => 256
2022-05-18 14:52 Leithy Issue Monitored: Leithy
2022-05-18 14:52 Leithy Bug heat 256 => 264
2022-05-18 14:56 DenisChenu Note Added: 69784
2022-05-18 14:56 DenisChenu Note Added: 69785
2022-05-19 13:09 Leithy Note Added: 69846
2022-05-19 13:09 Leithy File Added: image.png
2022-05-19 14:15 DenisChenu Note Added: 69852
2022-05-19 14:20 Leithy Note Added: 69853
2022-05-20 09:15 c_schmitz Note Added: 69897
2022-05-20 09:15 c_schmitz Bug heat 264 => 266
2022-05-20 11:25 Leithy Note Added: 69906
2022-05-20 11:42 Leithy Note Added: 69907