Login with API Key in parameter
Posted: 21 Apr 2018, 20:34
We want to login from an external application into MantisBT.
I looked at the SampleAuth plugin to accomplish that.
The plugins is working fine, except it poses a security risc. If you guess a username, one can login without problems with someone elses account.
I wonder what would be a feasible use case for this plugin, apart from some 'guessing game'
So my idea was to use an API per user to automaticly login.
Therefor I added following lines in the plugin:
Lines already in plugin
Added lines after above lines
In that case I have the same situation as before BUT wit API key checked against an user.
However this is not working and I can not get my head around how to solve this.
Any help appreciated.
Tom
MantisBT 2.12.0
I looked at the SampleAuth plugin to accomplish that.
The plugins is working fine, except it poses a security risc. If you guess a username, one can login without problems with someone elses account.
I wonder what would be a feasible use case for this plugin, apart from some 'guessing game'
So my idea was to use an API per user to automaticly login.
Therefor I added following lines in the plugin:
Lines already in plugin
Code: Select all
$t_username = $p_args['username'];
$t_user_id = $p_args['user_id'];
Code: Select all
$t_user_id = (int)api_token_get_user( $p_args['username'] );
$t_username = user_get_username( $t_user_id );
However this is not working and I can not get my head around how to solve this.
Any help appreciated.
Tom
MantisBT 2.12.0