wallabagger icon indicating copy to clipboard operation
wallabagger copied to clipboard

Published 20 hours ago verified publisher icon wallabag

Username and Password shouldn't be required

Open Strubbl opened this issue 6 years ago • 6 comments

wallabagger should not require username/password to login, only client id and secret.

This is a known problem with wallabag itself and the following issue needs to be resolved before wallabagger can be adopted to login without user/pw: https://github.com/wallabag/wallabag/issues/2800

Strubbl avatar Jul 08 '18 12:07 Strubbl

To be noted that Username and password are stored clear text in storage.js which is a critical security issue to me, corresponding issue : #151.

TheCapsLock avatar Nov 22 '18 09:11 TheCapsLock

The sources of extension can be obtained freely, so any ways of credentian obfuscation are quite useless. Without resolvind the serverside issue #2800 there is nothing to do.

Rurik19 avatar Nov 22 '18 11:11 Rurik19

Linked to https://github.com/wallabag/wallabagger/issues/151#issuecomment-440984976

Simounet avatar Nov 22 '18 11:11 Simounet

I was coming here to ask about this as well.

The API client should be able to do whatever it needs, the user login information should really be for the user.

Ryonez avatar Apr 23 '19 11:04 Ryonez

Same here it(s being a long time I'm wondering, if API KEY / SECRET are created in the web app and then copy/pasted in FF addons and Android App, Why but why I also have to enter my login and password.

setop avatar Mar 19 '22 18:03 setop

Works for me by only providing a correct username and garbage password, in addition to the Client ID + Secret.

It still stores more information than should be required but at least not the password.

jopasserat avatar Jan 26 '24 12:01 jopasserat