romainguinot/checkgmail.patched.2factor_support.description.txt

## checkgmail.patched.2factor_support.description.txt
This referenced files below pertain to a modified checkgmail version, that includes the following features.
Original project is at : http://checkgmail.sourceforge.net/.
It is based on the latest available sourceforge revision (r47).

- two factor support (config, UI, integration).
    (see http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744).

  * If two factor auth is used, one needs to initially provide (and optionally store) :
     - an application-specific password to authenticate against the atom feed,
             see http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833.

    - the main google account password, to authenticate against the Gmail web UI (if using cookies).
    - a validation PIN code, obtained for example with the Google Authenticator application.
    - Each of these items can be persisted either in the prefs, or in KWallet.
      For the PIN code, it is not the pin code itself that is persisted, but the "trust" cookie returned
      after a successful verification, therefore not requiring  to enter a PIN code at every login.

  * It is highly recommended to use an app, such as the Google Authenticator,
    rather than relying on the sms/text messsage service to get the verification PIN code,
    which can be unreliable and isn't available in every country.

  * Even if you do not want to use a phone app, you can use a desktop client such as
    http://blog.jcuff.net/2011/02/cli-java-based-google-authenticator.html
    to obtain the same PIN codes, based on your secret key obtained
    in the google account 2-step security page.

- refactored kwallet integration, based on the existing patch available at :
    http://sourceforge.net/tracker/?func=detail&aid=3175987&group_id=137480&atid=738663.

- fixed full text display when clicking on individual e-mails.
- refactored the login code.
- additional refactoring/bugfixing / code de-duplication.


- full, pre-patched file :
  * https://gist.github.com/romainguinot/10866374

- patch that applies against the latest available sourceforge revision (r47) :
  * https://gist.github.com/romainguinot/10866682

Apr 16th,2014 : updated with CSRF support for initial 2nd factor / PIN Entry.
	This referenced files below pertain to a modified checkgmail version, that includes the following features.
	Original project is at : http://checkgmail.sourceforge.net/.
	It is based on the latest available sourceforge revision (r47).

	- two factor support (config, UI, integration).
	(see http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744).

	* If two factor auth is used, one needs to initially provide (and optionally store) :
	- an application-specific password to authenticate against the atom feed,
	see http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833.

	- the main google account password, to authenticate against the Gmail web UI (if using cookies).
	- a validation PIN code, obtained for example with the Google Authenticator application.
	- Each of these items can be persisted either in the prefs, or in KWallet.
	For the PIN code, it is not the pin code itself that is persisted, but the "trust" cookie returned
	after a successful verification, therefore not requiring to enter a PIN code at every login.

	* It is highly recommended to use an app, such as the Google Authenticator,
	rather than relying on the sms/text messsage service to get the verification PIN code,
	which can be unreliable and isn't available in every country.

	* Even if you do not want to use a phone app, you can use a desktop client such as
	http://blog.jcuff.net/2011/02/cli-java-based-google-authenticator.html
	to obtain the same PIN codes, based on your secret key obtained
	in the google account 2-step security page.

	- refactored kwallet integration, based on the existing patch available at :
	http://sourceforge.net/tracker/?func=detail&aid=3175987&group_id=137480&atid=738663.

	- fixed full text display when clicking on individual e-mails.
	- refactored the login code.
	- additional refactoring/bugfixing / code de-duplication.




	- full, pre-patched file :
	* https://gist.github.com/romainguinot/10866374

	- patch that applies against the latest available sourceforge revision (r47) :
	* https://gist.github.com/romainguinot/10866682

	Apr 16th,2014 : updated with CSRF support for initial 2nd factor / PIN Entry.