AllToolKits.com Posted November 18, 2013 Report Share Posted November 18, 2013 I was trying to login to blesta with curl post, butcan't get it working. Anybody did it earlier. Is it possible to do. I am doing this for a bridge for blesta. Quote Link to comment Share on other sites More sharing options...
Michael Posted November 18, 2013 Report Share Posted November 18, 2013 I was trying to login to blesta with curl post, butcan't get it working. Anybody did it earlier. Is it possible to do. I am doing this for a bridge for blesta. Not sure what a Curl Post is but is it like this: http://www.blesta.com/forums/index.php?/topic/510-login-form-outside-blesta/ Quote Link to comment Share on other sites More sharing options...
Paul Posted November 18, 2013 Report Share Posted November 18, 2013 If you are trying to login to do a loginshare or something, you might want to check out events - http://docs.blesta.com/display/dev/Event+Handlers Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 19, 2013 Author Report Share Posted November 19, 2013 What i am trying to do is, there is must be a way to login to belsta from another webapplication. We can login to whmcs from joomla using curl. So that user can browse whmcs pages without leaving joomla. We are trying to do same for blesta. But csrf token is preventing me from doing that. Quote Link to comment Share on other sites More sharing options...
Michael Posted November 19, 2013 Report Share Posted November 19, 2013 What i am trying to do is, there is must be a way to login to belsta from another webapplication. We can login to whmcs from joomla using curl. So that user can browse whmcs pages without leaving joomla. We are trying to do same for blesta. But csrf token is preventing me from doing that. check post #2. Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 20, 2013 Author Report Share Posted November 20, 2013 @CubicWebs Thanks, but i don't want to add or modify any code in blesta. Without touching any code in blesta, i must be able to login using curl or submitting a form. csrf token must be on too. Is it possible? Quote Link to comment Share on other sites More sharing options...
Paul Posted November 20, 2013 Report Share Posted November 20, 2013 @CubicWebs Thanks, but i don't want to add or modify any code in blesta. Without touching any code in blesta, i must be able to login using curl or submitting a form. csrf token must be on too. Is it possible? Disabling CSRF tokens on the login page is just a configuration file change, and will eliminate CSRF as an obstacle to logging in in a non-standard way. Michael 1 Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 21, 2013 Author Report Share Posted November 21, 2013 Do you think asking customer to disable the CSRF token is good? Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 21, 2013 Author Report Share Posted November 21, 2013 one funny thing is that whmcs too have this token, but curl works even if you provide any value for it. Quote Link to comment Share on other sites More sharing options...
Michael Posted November 21, 2013 Report Share Posted November 21, 2013 one funny thing is that whmcs too have this token, but curl works even if you provide any value for it. It's generated by blesta and changes every time you refresh. Therefore its hard to implement it outside blesta and blesta is secured enough so there's no need to worry. Quote Link to comment Share on other sites More sharing options...
Cody Posted November 21, 2013 Report Share Posted November 21, 2013 one funny thing is that whmcs too have this token, but curl works even if you provide any value for it. WHMCS does not validate CSRF tokens on login. Michael 1 Quote Link to comment Share on other sites More sharing options...
Cody Posted November 21, 2013 Report Share Posted November 21, 2013 Do you think asking customer to disable the CSRF token is good? Paul is referring to disabling CSRF token validation for the client login page only. Disabling CSRF token validation on a login form does not introduce any security vulnerabilities. At best an attacker that knows a particular user's login credentials could trick that (or another) user into logging into that system. Of course, if your login credentials are known to an attacker you have bigger problems to worry about. Michael 1 Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 22, 2013 Author Report Share Posted November 22, 2013 So for developing joomla bridge for blesta, you all agree asking the blesta user to disable csrf token for client login page? As i want to login to blesta from joomla, how about proceeding like that? Quote Link to comment Share on other sites More sharing options...
Cody Posted November 22, 2013 Report Share Posted November 22, 2013 There are a number of ways shared login could be handled using a plugin. I mentioned one of them in another thread. Using a plugin would be the most preferable way as it would not require any changes in Blesta. But for those who don't want to or can't create a plugin, disabling CSRF check on client login is the best solution. Another simple way of implementing shared login through a plugin would be to have the plugin generate a unique, time-restricted token for a given user, then redirect the user to the plugin with the token (which could then forward the user to a separate page), or perform an AJAX request on the plugin URL. Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 23, 2013 Author Report Share Posted November 23, 2013 Hi thanks for the reply. So i have two options 1)Disable the CSRF check on client login is the best solution. 2)Create a plugin to generate token for a user. Use API from joomla to get the token. in this way we can implement login with token too. Am i right? Quote Link to comment Share on other sites More sharing options...
Cody Posted November 23, 2013 Report Share Posted November 23, 2013 Plugin coming on Monday. See this thread. Michael 1 Quote Link to comment Share on other sites More sharing options...
AllToolKits.com Posted November 25, 2013 Author Report Share Posted November 25, 2013 Great news That will save my time. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.