moulinette icon indicating copy to clipboard operation
moulinette copied to clipboard

Published 20 hours ago verified publisher icon YunoHost

portal-api: Bypass CSRF protection for login route

Open selfhoster1312 opened this issue 10 months ago • 1 comments

Allowing login from simple HTML form Also allow to pass username/password as two params instead of a combined "credentials"

Demo using my_webapp:

<!DOCTYPE html>
<html>
  <head>
    <title>Yunohost SSO</title>
  </head>
  <body>
<?php
    if (array_key_exists("REMOTE_USER", $_SERVER) && $_SERVER["REMOTE_USER"] != "") {
        echo "Welcome, " . $_SERVER["REMOTE_USER"] . "!";
        echo "<br><a href='/yunohost/portalapi/logout?referer_redirect'>Log out<br>";
    } else {
?>
    <form method="POST" action="/yunohost/portalapi/login?referer_redirect">
        <input type="text" name="username" id="username">
        <br><input type="password" name="password" id="password">
        <br><input type="submit">
    </form>
<?php
    }
?>
  </body>
</html>

selfhoster1312 avatar Aug 14 '23 20:08 selfhoster1312