moulinette
moulinette copied to clipboard
portal-api: Bypass CSRF protection for login route
Allowing login from simple HTML form Also allow to pass username/password as two params instead of a combined "credentials"
Demo using my_webapp:
<!DOCTYPE html>
<html>
<head>
<title>Yunohost SSO</title>
</head>
<body>
<?php
if (array_key_exists("REMOTE_USER", $_SERVER) && $_SERVER["REMOTE_USER"] != "") {
echo "Welcome, " . $_SERVER["REMOTE_USER"] . "!";
echo "<br><a href='/yunohost/portalapi/logout?referer_redirect'>Log out<br>";
} else {
?>
<form method="POST" action="/yunohost/portalapi/login?referer_redirect">
<input type="text" name="username" id="username">
<br><input type="password" name="password" id="password">
<br><input type="submit">
</form>
<?php
}
?>
</body>
</html>