Secure Outlook add-in is now available for testing in free-as-in-beer version

alfred · October 12, 2017, 9:35am

Did you resolve the problem with connecting to servers offering only TLS 1.2? I still can’t connect to such a server with this plugin. This is basically the only thing holding me back from going 1.2 only, I hope it can be fixed soon.

usselite · October 12, 2017, 2:30pm

@alfred TLS 1.2 is enforced for a while now since it was reported, did you download version 1.4 of the add-in?
https://nextcloud.lucpasmans.nl/index.php/s/j4U7EkVCuLHajsY

hokaido · October 12, 2017, 8:15pm

I enabled debugging. But where can the log be found?
What I found out: Selecting more than one file in the file picker menu and uploading these files => fail, only one or max two files where really uploaded even if the add in show uploaded all files. Selecting one file after each other and at each time only one file in the file picker, adding all step by step, and afterwards uploading all file => works

usselite · October 13, 2017, 1:18pm

@hokaido the log can be found in the current users their my documents folder as yyyyMMdd_nextcloud_outlook.
That does sound like a really strange bug. So if I understand correctly selecting multiple files doesn’t work, however when you use the file picker and select files one-by-one (open close etc) and you upload then it does work? Or you need to upload all those files individually by upload files, pick file, upload, repeat? I am curious with the log results.

hokaido · October 13, 2017, 9:12pm

"So if I understand correctly selecting multiple files doesn’t work, however when you use the file picker and select files one-by-one (open close etc) and you upload then it does work? "

Yes

Log will follow

JimmyKater · December 8, 2017, 9:13am

@usselite

i just checked the official download-link for your great tool https://download.nextcloud.com/outlook/ and found a “new” version “20171024”, maybe.
i have installed version 1.4.0.0 on oct, 6th. is the one you are providing under the link above a newer one than 1.4.0.0 or was it just officially “released” a bit later than i installed it?

what do you think of the idea of providing the version within the filename… like Setup_free_x64_v_1.4.0.0.msi , e.g.?

plus: do i need to de-install the old version first before installing the new one?

HTGuru · December 12, 2017, 12:24am

Despite reading this whole thread I can not connect.
I have uninstalled, and reinstalled the one at https://download.nextcloud.com/outlook/20171024 since the link for 1.4 at https://nextcloud.lucpasmans.nl/index.php/s/j4U7EkVCuLHajsY is now dead. When installing that version it says Version 2.1. Is this correct and has it replaced the now dead link to 1.4?

I second the motion that all builds should contain a version number in the file name as suggested by @JimmyKater

I have never been able to connect and I still can not connect. There are no issues with the plugin not loading in Outlook. I enabled Debug from the Registry because it would not enable from Advanced in the Plug-In.

Long story short, the debug log says this is why I can’t connect:
The request was aborted: Could not create SSL/TLS secure channel.

Please Advise.

Config:
Outlook 2010 32-bit connected to Exchange 2010 on Win7x64, with 32-bit Plugin Installed is my PC setup.
Folder key in HKCU /Software is NextcloudOutlookFE though sometimes in the thread you imply it should be NextcloudOutlook
Local language is en-US. If I edit SetLanguage in Registry to anything else like en-EN it just reverts back to en.
NC Server is 12.02 using the prebuilt techandme nextcloud-vm virtual machine with LetsEncrypt signed cert.

Here is the rest of the log (url changed for privacy and spaces added because links are limited in first post):
12/11/2017 6:55:30 PM: Validated url: https:/ /nextcloud.xxxxxxxxxx.com
12/11/2017 6:55:30 PM: URL REQUEST: https:/ /nextcloud.xxxxxxxxxx.com/ocs/v2.php/cloud/capabilities - METHOD: GET - CONTENT: NULL
12/11/2017 6:55:30 PM: The request was aborted: Could not create SSL/TLS secure channel.
12/11/2017 6:55:30 PM: Url: https:/ /nextcloud.xxxxxxxxxx.com
12/11/2017 6:55:30 PM: Username: HTG
12/11/2017 6:55:30 PM: Password:
12/11/2017 6:55:30 PM: WebDav: webdav
12/11/2017 6:55:30 PM: SetLanguage: en
12/11/2017 6:55:30 PM: DefaultEnforcePassword: True
12/11/2017 6:55:30 PM: EnforceCommonPassword: True
12/11/2017 6:55:30 PM: EnforceUpperLowerCasePassword: True
12/11/2017 6:55:30 PM: EnforceNumeric: True
12/11/2017 6:55:30 PM: EnforceSpecialCharacters: True
12/11/2017 6:55:30 PM: DefaultPasswordLength: 6
12/11/2017 6:55:30 PM: DefaultAlwaysPublic: False
12/11/2017 6:55:30 PM: AutoInsertPublic: True
12/11/2017 6:55:30 PM: DefaultDaysPublic: 7
12/11/2017 6:55:30 PM: DefaultAlways: False
12/11/2017 6:55:30 PM: AutoInsert: True
12/11/2017 6:55:30 PM: DefaultDays: 7
12/11/2017 6:55:30 PM: SetupState: 1
12/11/2017 6:55:30 PM: OverridePP: False
12/11/2017 6:55:30 PM: DebugMode: True
12/11/2017 6:55:30 PM: AttachmentEnable: False
12/11/2017 6:55:30 PM: AttachmentEnforce: False
12/11/2017 6:55:30 PM: AttachmentSize: 10
12/11/2017 6:55:30 PM: Reading settings…

Ghizmo_MTP · December 14, 2017, 11:59am

Same for me…

usselite · December 15, 2017, 2:32pm

Sorry for the late reply! Busy part of the year!

@JimmyKater The one provided through my link is a newer build. In the future I will definitely do such thing as it is very much confusing. Yes. You do need to remove the old version before installing the new one.

@HTGuru The 1.0 build was not available for free use; as off 2.0 it is. Internally though I started over with the version numbering as 1.0. As I changed from how the dialogs are displayed and other major changes.

Regarding to your issue; Does your server support TLS 1.2 (enforce), any (external) firewall involved? You may send me a PM if you want to share more information regarding to your setup, ill happily look with you into it there. Same goes from @Ghizmo_MTP. Unfortunately I don’t know the default configuration for the nextcloud-vm.

Usually though these kind of errors are related to the certificate, a good indicator to check if your Nextcloud installation works as expected is to use Internet Explorer (especially in the case of a self-signed certificate) and try a service as https://www.ssllabs.com/ to check out your https connection.

To clarify throughout the forum topic:
The language bug was fixed. Also for the free edition in HKCU/Software/NextcloudOutlookFE keys are made, for the enterprise its HKCU/Software/NextcloudOutlook. Hopefully this clarifies things.

Andrea_Ricci · December 15, 2017, 2:33pm

Dear devs,
I have this error when I try to load the AddIN

Sequence contains no matching element


************** Exception Text **************
System.InvalidOperationException: Sequence contains no matching element
   at System.Linq.Enumerable.First[TSource](IEnumerable`1 source, Func`2 predicate)
   at Nextcloud.Forms.SettingsAdvanced..ctor()
   at Nextcloud.Forms.Wrapper.Init(NextObject no)
   at Nextcloud.ThisAddIn.ThisAddIn_Startup(Object sender, EventArgs e)
   at Microsoft.Office.Tools.AddInImpl.OnStartup()
   at Microsoft.Office.Tools.AddInImpl.AddInExtensionImpl.Microsoft.Office.Tools.EntryPoint.OnStartup()
   at Microsoft.Office.Tools.AddInBase.OnStartup()
   at Nextcloud.ThisAddIn.FinishInitialization()
   at Microsoft.Office.Tools.AddInBase.Microsoft.Office.Tools.EntryPoint.FinishInitialization()
   at Microsoft.VisualStudio.Tools.Office.Runtime.DomainCreator.ExecuteCustomization.ExecutePhase(ExecutionPhases executionPhases)
   at Microsoft.VisualStudio.Tools.Office.Runtime.DomainCreator.ExecuteCustomization.Microsoft.VisualStudio.Tools.Office.Runtime.Interop.IExecuteCustomization2.ExecuteEntryPoints()


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime.Internal
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime.Internal/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Microsoft.Office.Tools
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.Office.Tools/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
Microsoft.Office.Tools.Outlook.Implementation
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.Office.Tools.Outlook.Implementation/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Outlook.Implementation.dll
----------------------------------------
Microsoft.Office.Tools.Common.Implementation
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.Office.Tools.Common.Implementation/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Common.Implementation.dll
----------------------------------------
Microsoft.Office.Tools.Common
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.Office.Tools.Common/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Common.dll
----------------------------------------
Nextcloud
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Program%20Files%20(x86)/Nextcloud%20Outlook/Nextcloud.DLL
----------------------------------------
Microsoft.Office.Tools.Outlook.v4.0.Utilities
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.30319.1
    CodeBase: file:///C:/Program%20Files%20(x86)/Nextcloud%20Outlook/Microsoft.Office.Tools.Outlook.v4.0.Utilities.DLL
----------------------------------------
Microsoft.Office.Tools.Common.v4.0.Utilities
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.30319.1
    CodeBase: file:///C:/Program%20Files%20(x86)/Nextcloud%20Outlook/Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
----------------------------------------
Microsoft.Office.Tools.Outlook
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.40820.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.Office.Tools.Outlook/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Outlook.dll
----------------------------------------
Microsoft.Office.Interop.Outlook
    Assembly Version: 15.0.0.0
    Win32 Version: 15.0.4569.1506
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.Office.Interop.Outlook/15.0.0.0__71e9bce111e9429c/Microsoft.Office.Interop.Outlook.dll
----------------------------------------
PresentationFramework
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.dll
----------------------------------------
WindowsBase
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/WindowsBase/v4.0_4.0.0.0__31bf3856ad364e35/WindowsBase.dll
----------------------------------------
PresentationCore
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_32/PresentationCore/v4.0_4.0.0.0__31bf3856ad364e35/PresentationCore.dll
----------------------------------------
System.Xaml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xaml/v4.0_4.0.0.0__b77a5c561934e089/System.Xaml.dll
----------------------------------------
Microsoft.CSharp
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.CSharp/v4.0_4.0.0.0__b03f5f7f11d50a3a/Microsoft.CSharp.dll
----------------------------------------
System.Dynamic
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Dynamic/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Dynamic.dll
----------------------------------------
Anonymously Hosted DynamicMethods Assembly
    Assembly Version: 0.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_32/mscorlib/v4.0_4.0.0.0__b77a5c561934e089/mscorlib.dll
----------------------------------------
Newtonsoft.Json
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.2.20802
    CodeBase: file:///C:/Program%20Files%20(x86)/Nextcloud%20Outlook/Newtonsoft.Json.DLL
----------------------------------------
System.Numerics
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
----------------------------------------
System.Runtime.Serialization
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
----------------------------------------
System.Data
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_32/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
PresentationFramework.Aero
    Assembly Version: 4.0.0.0
    Win32 Version: 4.7.2053.0 built by: NET47REL1
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/PresentationFramework.Aero/v4.0_4.0.0.0__31bf3856ad364e35/PresentationFramework.Aero.dll
----------------------------------------

Enviroment is:
Windows 7 64 bit
Office 2013 32 bit
Lang: it
Release downloaded from 20171024 folder (x86)

Any hint?
Best regards

Andrea_Ricci · December 15, 2017, 2:43pm

Solved by adding it.json with code

"Code":"it-IT",
"Description":"Italiano",

English Language as FallBack can be a solution for next releases.
Regards

HTGuru · December 15, 2017, 8:42pm

@usselite Thanks for the reply! A few more questions:

So I am still not clear which is the current best download for your free edition. Is it https://download.nextcloud.com/outlook/20171024 or https://nextcloud.lucpasmans.nl/index.php/s/j4U7EkVCuLHajsY

If it is the latter, presumably on your site, the link says “Unspecified share exception” when clicked so how can I get the release?.

My server’s SSL cert. is a trusted LetsEncrypt cert, not self signed. It gets an A+ from https://www.ssllabs.com/ and it shows TLS 1.2 is available. It works fine in IE with https.
Can you be more specific about what firewall? Both client and server are behind two different UTM firewalls. As with most UTM routers, both in and out need to be explicitly allowed so what besides 443 might be necessary?

I have checked firewall logs and even web filter but nothing shows as blocked.

If the problem had something to do with the VM, I could try posting over at techandme.se if I only knew what I was looking to ask.

usselite · December 16, 2017, 4:03pm

@Andrea_Ricci I’ll look into the default language again, it should fall back to English.

@HTGuru I removed my own share a few weeks ago.The one available from NC should be OK to use. The add-in uses port 443.

I doubt their default configuration would cause an issue as stated here: https://www.techandme.se/machine-setup-nextcloud/

HTGuru · December 30, 2017, 3:55am

I think most would agree that sending the password in the same email is far less secure.

I agree with @alfred. I think his suggestion is the easiest solution for sending the password by other means. Having the option of a box pop up to copy the password and then send it out through other means would be the best idea. I’m not a coder but it does not sound too difficult as compared to the other proposed ideas. @usselite thoughts on making this happen?

Also, I have found another solution in the interim. I have noticed that you can go into the snippet and select the password and then choose cut from the right click context menu and it disappears to the clipboard so you could then paste it in other software like WhatsApp or an SMS gateway in an Internet browser or email to the recipient’s email to SMS address (i.e. 1234567890@text.att.net).

@usselite perhaps these two concepts could be combined and the pop-up could contain the option to create a second email to the recipient’s telephone number SMS email address containing just the password. The pop-up could contain a box for the phone number and a drop-down list of carriers to propagate the second email addresse.

A list of these SMS addresses are freely available:
http://www.emailtextmessages.com/

or for $3 you can get a csv and json here:
https://email2sms.info/

I guess the only problem is that the user would have to know which network the recipient is on. Of course there’s an easy way to find out, ask.

Ladies and Gentlemen, do you think that sending a second password only email from the same FROM address thru the same email client to a different email address such as an SMS email address is sufficiently secure? Or if someone is intercepting outgoing mail would they end up seeing both the link email and the password email even though they were sent to two different TO addresses?

cbeerse · January 2, 2018, 9:29pm

@HTGuru : About sending passwords over various routes: I’d say to NOT make it to complicated. Others have invented this wheel over and over again, better re-use theirs. My persional opinion:

Never send the password with all other account details.
If a password needs to be sent, it must be a fresh-generated, one-time, limited-time password. When using this password, the first and only possible action should be to change the password.
Do NOT send the password-change-link with the password.
To avoid capture of both the password-message and a new-account-message, sent them at a different time (about an hour appart or with a user-action in between)

If you expect others will still capture this one-time password, convert the password to a bitmap.

With the above:

It is expected that the validated user has triggered the sending of the password. She/he is waiting for it.
It is a one-time password. If it is captured an ab-used, it is noted because the password does not work as expected. Re-start the change password procedure at-once.

The usage of other ways to send/receive secured information should be used for 2-way authentication, using stuff set by the user.

Sorry, I could not resist to reply.

usselite · January 9, 2018, 8:06am

Using a sms service will cost money of course. I could look into integrating this solution https://textbelt.com/ people may either host their own service or use their public one. Shouldn’t be to much work.

@HTGuru the list email2sms.info list you provided could work, but that would mean I have to figure out with which carrier the number provided belongs to. Also their implementation may differ.

Also sending a follow up e-mail could be done.

alfred · January 10, 2018, 3:55pm

It would be better to simply let the user decide which channel they would like to send the password over. SMS providers come and go, they cost money, and relying on a fixed external service seems to be a very bad idea if they decide to close down and vanish.

aus · February 15, 2018, 12:09pm

Hi!

Where does the default language come from? If I install Outlook extension I get “et” language, my Office is in English, my Windows is in English, my NC install is in English…
If I change this from regedit to “en” I get NC plugin to work, otherwise no use.
Shouldn’t the plugin fallback to EN if specified language was not found?

oskarma · February 16, 2018, 12:31pm

Hi,

I’ve translated the json file to Spanish (it’s attached below)

But there are texts I cannot find and continue in English. For example:

To make it easy for you to upload large files to me in a secure way, I have given you access to our secure file exchange server. You can simply drag and drop your files there and I will receive them. The details on how and where to upload your file(s) can be found below:

Where can I find these texts to translate them?

Thanks.

Spanish translation

JimmyKater · February 26, 2018, 8:13am

@usselite

hey master of this add-in

i seem to discover a strange error. after updating to nc 13 recently i discovered a problem to login with your addin. like i entered all credentials correctly and copy&pasted the token password… so no errors possible. though the connection won’t establish - telling me: check url, user and password. - i de-installed everything, closed outlook (2010) down, installed version 2.1. (but it IS 1.5 if i’d refer to installed software) and restarted outlook - with exactly the same error (plus: de-installing didn’t apparently delete the setup from before)

so what to do about this one?

cheerio
jimmy