Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 08 19:00

    Fulgan on Restructure

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 08 19:00

    Fulgan on master

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 02 21:00

    Fulgan on Restructure

    Updating TIdIMAP4's InternalSea… (compare)

  • Oct 02 21:00

    Fulgan on master

    Updating TIdIMAP4's InternalSea… (compare)

  • Sep 20 21:50

    Fulgan on master

    Embarcadero patch for race cond… (compare)

  • Sep 20 21:50

    Fulgan on Restructure

    Embarcadero patch for race cond… (compare)

  • Sep 10 18:50
    rlebeau closed #268
  • Sep 10 18:50
    rlebeau commented #268
  • Sep 10 18:50

    Fulgan on Restructure

    Fix for TIdResponseHeaderInfo.S… (compare)

  • Sep 10 18:50

    Fulgan on master

    Fix for TIdResponseHeaderInfo.S… (compare)

  • Sep 10 18:49
    rlebeau labeled #268
  • Sep 10 18:49
    rlebeau labeled #268
  • Sep 10 18:49
    rlebeau assigned #268
  • Sep 10 18:49
    rlebeau review_requested #268
  • Sep 09 13:15
    gjdoornink opened #268
  • Aug 28 21:00

    Fulgan on Restructure

    Setting TIdSSLIOHandlerSocketBa… (compare)

  • Aug 28 21:00

    Fulgan on master

    Setting TIdSSLIOHandlerSocketBa… (compare)

  • Aug 28 19:42
    rlebeau milestoned #183
  • Aug 28 19:42
    rlebeau demilestoned #183
  • Aug 28 19:42
    rlebeau assigned #183
Marcos Douglas B. Santos
@mdbs99
@rlebeau Ok, it can help me, thanks
Ah, and about the SSL dlls, we still need it?
Remy Lebeau
@rlebeau
@mdbs99 yes, they are still needed
Marcos Douglas B. Santos
@mdbs99
I've got the last file openssl-1.0.2p-x64_86-win64.zip- will it work with Indy 10?

@mdbs99 also see https://stackoverflow.com/questions/37265982/

Thanks, I will try this too

@mdbs99 yes, that file will work with Indy 10
Marcos Douglas B. Santos
@mdbs99
All right - thanks again - even it was in 2012, seems that they are using Indy 10
@rlebeau sorry bother you with questions that I can search on the Internet - it's because there are some issues among libs that works in Delphi and Lazarus and I'm trying to cut corners cause my deadline - thank you
Marcos Douglas B. Santos
@mdbs99
@rlebeau when I try to connect on GMail I receive this error:
[Debugger Exception Notification]

Project Postman raised exception class 'EIdReplyPOP3Error' with message:
Web login required: https://support.google.com/mail/answer/78754

 In file 'Protocols\IdReplyPOP3.pas' at line 337

[Ignore this exception type]

[Break] [Continue]
There is not 2-steps
Remy Lebeau
@rlebeau
@mdbs99 That is an error message from Gmail itself. It means that you are trying to login to Gmail's POP3 server using your normal password in an unsecure manner. Gmail needs to authorize your PC to access its POP3 server using that password. The error tells you to login to Gmail via HTTP first, so it can authorize your PC, and then you should be able to login to POP3 from the same PC. But this is not necessary if you enable 2-factor authentication in Gmail. In that case, you only need to generate an App-Specific password in your GMail settings, and then you can use that password with TIdPOP3 instead of your normal Gmail password, and that works fine. This is related to Gmail's security model, it is not specific to Indy (though the reason this affects Indy is because Indy does not yet implement OAuth authentication (see IndySockets/Indy#192), which Gmail prefers)
Kudzu
@czhower
Seems what you need to know is in your own post:
https://support.google.com/mail/answer/78754
Marcos Douglas B. Santos
@mdbs99
@czhower of course I've already read that - but my user/passwd is Ok (I can login using browser)
@rlebeau I did the login using "Chrome anonymous windows" - maybe this is not enough
Another thing is: I have a lot accounts. How can I know which account has or no 2-factor?
Remy Lebeau
@rlebeau
@mdbs99 Why anonymous? In any case, if that doesn't work, you have only 2 choices, both of which are stated in that URL Gmail mentions in the error message: 1) enable 2-factor authentication in your Gmail settings, and then use an App-Specific password with Indy; or 2) enable "Less Secure Apps" in your Gmail settings.
@mdbs99 you will have to login to each account via a Web browser and check their settings.
Marcos Douglas B. Santos
@mdbs99

Why anonymous?

Because it's not my account, but only a test - I won't have access for the real accounts - this will be a system that will use those accounts

Remy Lebeau
@rlebeau
@mdbs99 well, then you only have 1 choice - let the user provide your app with the necessaary userid/password, and then require the user to pre-configure Gmail accordingly.
Marcos Douglas B. Santos
@mdbs99

enable "Less Secure Apps" in your Gmail settings.

I have tried that one - using anonymous... - and didn't work

Remy Lebeau
@rlebeau
@mdbs99 you can't use an anonymous login with "Less Secure Apps" (well, you can't use an anonymous login, period. This is not FTP, afterall), you still need a real userid/password for that
Marcos Douglas B. Santos
@mdbs99
No no... I meant Chrome anonymous browser... but with real user/passwd, of course
Kudzu
@czhower
@mdbs99 That link provides far more than "check your user name and password". It contains explicit info why even that may fail.
Remy Lebeau
@rlebeau
@mdbs99 FYI, in the case where you need to login via HTTP to authorize the PC when 2-factor auth is not enabled, are you using https://accounts.google.com/DisplayUnlockCaptcha, as mentioned in the error's URL (as well as this doc - https://support.google.com/accounts/answer/6009563 )?
Marcos Douglas B. Santos
@mdbs99
@czhower Ok, however I have a LOT of accounts - it's not my personal account
Kudzu
@czhower
gmail with pop3 and SMTP is a royal PITA, even often with mail clients such as Thunderbird etc.
Remy Lebeau
@rlebeau
@czhower these issues would affect IMAP, too
Marcos Douglas B. Santos
@mdbs99

FYI, in the case where you need to login via HTTP to authorize the PC when 2-factor auth is not enabled, are you using

@rlebeau ok but I need "a system" to solve, not only try and solve this test account - do you understand? Because I have a lot of accounts so, I cannot do this steps in each one

Maybe the 2-step could be the best way - still thinking
Kudzu
@czhower
yes, any non web access.
google is doing this for security reasons, but basically also wants people to use the web interface. Its very biased towards that.
Marcos Douglas B. Santos
@mdbs99
Yeah, I agree
Remy Lebeau
@rlebeau
@mdbs99 I already told you what you need to do on your end - just take a userid/password as input from the user of an account. It is the user's responsibility, not yours, to make sure what they enter actually works. That is outside your app's scope. Whether they use the real password with "Less Secure Apps" enabled, or use a App-Specific Password with 2-factor enabled, that is on their end, not yours
Marcos Douglas B. Santos
@mdbs99
But App-Specific Password with 2-factor needs something outside the system, as I understand - a random number, for example, that the user should type... right?
My problem is that system do not have UI - it's like a batch process: I will connect in each account, download the mails, do a lot of process and parsers, etc
Think in that accounts as tickets or issues - users complain send emails for those accounts and this system will parse all those emails... running in a server, not user computer
Marcos Douglas B. Santos
@mdbs99
So @rlebeau I guess "App-Specific Password with 2-factor " doesn't fit on that case, right?
Remy Lebeau
@rlebeau
@mdbs99 the account owner logs in to their Gmail account, enables 2-factor, and has Gmail generate a password, then your app can use that password instead of the real password. That is it, nothing else changes in your system. You still need a valid userid/password to login to a Gmail account, the only question is WHICH password you use. Without using OAuth, this is the next best option for security, and it works fine with Indy, I use it all the time with my own Gmail account.
Marcos Douglas B. Santos
@mdbs99
I have a 2-factor to use Github - I need to type a random number using another app... I thought that it was like that but you're saying that will be just a "new password"
OK, I will take a look in that 2-factor now to see how it works.
Remy Lebeau
@rlebeau
@mdbs99 you are thinking of 2-step verification codes issued during each individual login, which are one-time-use codes typically sent to you via email or SMS, or generated via a code generator app on your mobile device. Using an App-Specific password is completely different from that.
Marcos Douglas B. Santos
@mdbs99
@rlebeau yes, you were completely right - a 16bit password - it worked... THANKS
olegskok
@olegskok
Hi to everyone! is anybody have a sample, how to do DIGEST-MD5(XMPP) using Indy 10.6 (TIdEncoderMIME, TIdHashMessageDigest5)?
Remy Lebeau
@rlebeau
@olegskok DIGEST-MD5 is a SASL (and an obsolete one at that). Indy has a TIdSASLDigest component for handling DIGEST-MD5 in SASL-enabled components (TIdPOP3, TIdSMTP, TIdIMAP4, and TIdDICT). TIdSASLDigest doesn't handle the base64 portion, as that is part of the transmission protocol, not the SASL itself, so you will still need to use TId(Encoder|Decoder)MIME yourself. But, you can receive the XMPP server's <challenge>, base64 decode it with TIdDecoderMIME.DecodeString() and pass the data to TIdSASLDigest.StartAuthenticate() to get an answer, then base64 encode with TIdEncoderMIME.EncodeString() and send it in a <response>. For each subsequent <challenge> from the server, base64 decode and pass its data to TIdSASLDigest.ContinueAuthenticate(), and base64 encode and send a <response>, until the server returns a final <response> on failue or <success> on success. See https://wiki.xmpp.org/web/SASLandDIGEST-MD5 for more details.
code4tips
@code4tips

Hi, i am looking for suggestions in reducing the code inside IdTCPServer.Execute event. It works great, but as you can see how busy it is in the below pseudo-code with just a few of the functions I am executing within it. What is the recommended way to farm out some of the processing into other functions without violating the threading model?

pCode begin
ServerExecute(AContext: TIDContext)
if Authenticated (persist as multiple files can be sent for the same authenticated session)
If Command is SENDINGFILE then
Get Attributes (FileName and expected bytes, dates)
Post file attributes to DB - set download start time to NOW
Create the FileStream in the download folder
Get the File
Track number of bytes received for verification (Implement CRC?)
Decompress File
If decompression successful then send number of bytes received - this is confirmation (client to track bytes sent = byte received)
if decompression fails send 0 bytes as bytes received - cleanup
Send File received - 200 message - (do not send a 500 as we want to continue with the next file)
end SENDINGFILE
end
else
If Process Login Credentials is successful Send Greeting - 200 Welcome xxx
else If Authentication Failed
Log the event - record IP, time, and UserName
Send Login Failed - 400 Login Failed
Disconnect the connection (Force?)
end Authentication Failed
end ProcessLogin
end Authenticated

pCode end

Thank you

Remy Lebeau
@rlebeau
@code4tips is authentication always the first command? If so, you could perform authentication in the OnConnect event instead, and then cache the results in the TIdContext for OnExecute to use. Also, if your protocol consists of textual commands, then depending on the particular formatting, you might have a look at TIdCmdTCPServer and its CommandHandlers collection. Then you can define separate OnCommandevent handlers for each of your individual commands. You might also consider decompressing the file while you are downloading it, to save time and disk space. If the compression is using deflate or gzip, Indy has streaming classes for that.
code4tips
@code4tips
@rlebeau 1 - Authentication will always be first - Can a connection be rejected if the auth fails? I will look at TidCmdTCPServer . I am avoiding streaming classes as some of the expected files are huge , more than 4 gb. I tried streams (outside of Indy) and ran into issues with different file sizes. The client is expected to compress using ComponentACE ECLCompressHugeFile routine, so I will check if there is compatibility with gzip or deflate. The fallback (in case performance is degraded) is to fire off a separate thread to do the decompression and let the main thread continue to download the next file from the client queue. At some point system would need to communicate back the result of the decompression so I will be having fun trying persist data across socket sessions. Thinking along the lines of a manifest, until the client receives a manifest of all the files transferred it should not disconnect so the context is maintained. Client will review the manifest and resend files as needed.
Remy Lebeau
@rlebeau
@code4tips yes, you can reject the connection if auth fails. Just close the connection, or raise an exception. I would defintely recommend using streams, ESPECIALLY if you are dealing with such large files. You don't want to download a 4GB file and then have to decompress it separately, that will take way too much time and waste way too much disk space. You can decompress the data in chunks as the file is being downloaded, writing only the uncompressed bytes to disk. That will also allow the client to get a reply immediately after finishin the transfer and not have to wait to get it at some unknown future time. If you were having problems with streaming then you likely just weren't doing it correctly.