Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PUI] Use sessions backend for login #6399

Closed
wants to merge 14 commits into from
Closed

[PUI] Use sessions backend for login #6399

wants to merge 14 commits into from

Conversation

matmair
Copy link
Member

@matmair matmair commented Feb 3, 2024
edited
Loading

Removes the usage of API tokens for PUI - switches to CSRF and session token.

Fixes #6391
Ref #5697

@matmair matmair added refactor User Interface Related to the frontend / User Interface labels Feb 3, 2024
@matmair matmair self-assigned this Feb 3, 2024
@netlify Netlify
Copy link

netlify bot commented Feb 3, 2024
edited
Loading

Deploy Preview for inventree-web-pui-preview ready!

Name Link
🔨 Latest commit 2b5867a
🔍 Latest deploy log https://app.netlify.com/sites/inventree-web-pui-preview/deploys/660c4e119dc61a00085f0941
😎 Deploy Preview https://deploy-preview-6399--inventree-web-pui-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 100 (no change from production)
Accessibility: 86 (no change from production)
Best Practices: 100 (no change from production)
SEO: 70 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

@SchrodingersGat
Copy link
Member

netlify preview does not seem to want to login currently - is that expected?

@matmair
Copy link
Member Author

matmair commented Feb 4, 2024

Seems like the CRSF stuff only works on the same domain, have to look deeper into it

@matmair matmair added this to the 1.0.0 milestone Feb 4, 2024
@matmair matmair modified the milestones: 1.0.0, 0.15.0 Feb 27, 2024
@SchrodingersGat SchrodingersGat mentioned this pull request Mar 7, 2024
Closed
@SchrodingersGat
Copy link
Member

Seems like the CRSF stuff only works on the same domain, have to look deeper into it

Have you set the INVENTREE_TRUSTED_ORIGINS setting? - https://docs.inventree.org/en/latest/start/config/#server-access

What errors / feedback are you getting here?

@matmair
Copy link
Member Author

matmair commented Mar 20, 2024

Seems to fix #5697 put I would like to see this confirmed after the demo server runs this version before closing that

@SchrodingersGat
Copy link
Member

@matmair does not seem to work locally for me. I have pulled down the code, and running in a private browser session. Stuck at the "login" screen:

image

image

The "token" request is being made correctly, and returns:

  • api token
  • CSRF token
  • session token

image

But none of these tokens get sent in the next request to /api/user/me/:

image

And so the server rejects it of course:

image

@SchrodingersGat
Copy link
Member

@matmair it seems that this approach does not let the user upload files?

@matmair
Copy link
Member Author

matmair commented Apr 2, 2024

It seems to work localy but we would need to change CSRF to lax - not sure if it is worth it

@SchrodingersGat
Copy link
Member

It seems to work localy but we would need to change CSRF to lax - not sure if it is worth it

Can you expand on this? What adjustments would we need to make to CSRF?

@SchrodingersGat SchrodingersGat mentioned this pull request Apr 7, 2024
Merged
@matmair
Copy link
Member Author

matmair commented Apr 8, 2024

Replaced by #6970

@matmair matmair closed this Apr 8, 2024
@matmair matmair deleted the matmair/issue6391 branch April 8, 2024 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SchrodingersGat SchrodingersGat SchrodingersGat left review comments

Assignees

@matmair matmair

Labels
refactor User Interface Related to the frontend / User Interface
Projects
User Interface Redesign
Status: Done
Milestone
0.15.0
Development

Successfully merging this pull request may close these issues.

[PUI] Use sessions backend for login
2 participants
@matmair @SchrodingersGat