webssh2
webssh2 copied to clipboard
billchurch
rfe: modal method to collect user credentials
collect credentials via browser modal box as an alternative to basic auth.
Soliciting for ideas as to how this would be used. Potentially asking for username / password or ssh-rsa key (risky).
Can't speak for other uses... but I'm wanting to create a classic bbs door host... over a custom SSH, then overload the username and issue an TOTP for each request...
user: escape(username)@escape(bbscode)/escape(gamecode)
pass: TOTP_CODE
Where I can deduce from the user, their username, origin bbs, and the door name they want to connect to... then I can associate this with a TOTP code that was issued and only valid for 30s to connect (with +/- 30s drift support).
This way, known systems can send users straight into a game... Initially, I'd like to only support web users from my main site, but eventually expand/adapt to support more use cases.
It's been a while, but I seem to remember having trouble getting browsers to support passing the username + password as part of the url string for basic auth. With a popover modal / iframe, I could then pass in the values, then have those values somehow returned via a return_url to the webssh2 and from there send it to the associated ssh host.
Hopefully I've explained this desire well enough... although, I'd be more than fine using HTTP_POST values from a hidden form in order to pass them discretely from the user.
This makes more sense as a separate RFE, even though it might be related to modal...
I opened #290 to talk about this and track it, but it feels like it would be fairly straight forward.
@tracker1 Check out #290 and main to give this a test. It seems like this is all that's needed for the initial functionality. I'll work on adding the rest of the GET vars to the POST options.
Please verify this works for your use (in #290) and then I will port the rest.