- PHP 68.5%
- JavaScript 19.7%
- CSS 11.8%
| localization | ||
| skins/elastic | ||
| .gitignore | ||
| account.js | ||
| albient_account.php | ||
| CHANGELOG.md | ||
| composer.json | ||
| LICENSE | ||
| README.md | ||
roundcube-albient-account-settings
Self-service account settings for Albient Mail, as a Roundcube Settings plugin:
- Accounts Settings section (placed above Server Settings) — create, list and revoke app passwords for mail apps (IMAP/SMTP) that don't use SSO. New passwords are shown once.
- Server-side encryption block (added next to the existing Encryption / Mailvelope panel) — upload/paste/import your PGP public key and toggle encryption at rest, so Albient stores your incoming mail encrypted to your key.
Everything is performed through the provisioning API's per-user self-service
endpoints (/api/v1/me/...), authenticated with the user's own OIDC access
token (stashed in the session by the albient_sso plugin). There is no standing
privileged credential on the webmail node, and the API scopes every change to the
caller's own mailbox.
PGP key guardrail
When you add a public key, the provisioning API checks it carries a User ID for one of your own addresses — otherwise you'd encrypt your mail to a key you can't decrypt with and lock yourself out. A mismatch is rejected with an explicit "use it anyway" override for advanced cases.
Installation
Drop into plugins/albient_account/, enable it, and set the API base:
$config['plugins'][] = 'albient_account';
$config['albient_account_api_base'] = 'http://127.0.0.1:8090/api/v1';
Requires the albient_sso plugin (for the stashed OIDC token) and the
albient-provisioning-api ≥ 0.2.1 (for the /me endpoints).
Deployment
In the Albient stack this plugin is deployed by the albient.mailstack.roundcube
Ansible role via a pinned-tag git checkout.
License
Copyright © Albient. All rights reserved. See LICENSE.