Establish full foreman user session from my single page web app

Development
1

HI All,

I was wondering how I can establish a full foreman user session from my
single page web app. I can use basic authentication but that means I have
to send the credentials for every request (and on page reload I would lose
the information). I was playing around and tried to make post requests to
/users/login via javascript - without success. I got something working by
adding to my own login page a hidden iframe pointing to /users/login. When
user hits login I put the user credentials into hidden iframe
foreman-login-page and submit it. This is obviously not a really nice
solution - but works :slight_smile:

Another solution would be to serve the static content directly via foreman
(no idea how to do that), but how would I force the browser to go to my app
instead of foreman?

Do you have any other solution in mind?
Is it planned to provide a v2 api for login anytime? With a API I could for
example receive a session id and write the needed cookie myself.

Side nodes:

  • static app will be server from same server -no crossdomain or trust
    issues (just extended https conf)

thank you,
Daniel

2

> HI All,
>
> I was wondering how I can establish a full foreman user session from my
> single page web app. I can use basic authentication but that means I have
> to send the credentials for every request (and on page reload I would lose
> the information). I was playing around and tried to make post requests to
> /users/login via javascript - without success. I got something working by
> adding to my own login page a hidden iframe pointing to /users/login. When
> user hits login I put the user credentials into hidden iframe
> foreman-login-page and submit it. This is obviously not a really nice
> solution - but works :slight_smile:

I believe you should be able to get a session for basic authentication -
then keep on requesting things using that session. The Ansible inventory
does that:

> Another solution would be to serve the static content directly via foreman
> (no idea how to do that), but how would I force the browser to go to my app
> instead of foreman?
>
> Do you have any other solution in mind?
> Is it planned to provide a v2 api for login anytime? With a API I could for
> example receive a session id and write the needed cookie myself.

I don't think anything is planned

··· On 02/08, Daniel Kuffner wrote:

Side nodes:

  • static app will be server from same server -no crossdomain or trust
    issues (just extended https conf)

thank you,
Daniel


You received this message because you are subscribed to the Google Groups “foreman-dev” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato Garcia

@dLobatog

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: elobato (Daniel Lobato Garcia) | Keybase

3

Unfortunately that does not work for me.
The web browser receives a cookie with a session for the first call with
basic auth:

$.ajax({
type: "GET",
url: "/api/hosts",
beforeSend: function(xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(
"admin:password"));
},
success: function(data, textStatus, request) {
console.log("succ", arguments);
},
error: function() {
console.log("err", arguments);
}
});

but the second call without basic auth which should just use the session
from the cookie will fail with a 401:

$.ajax({
type: "GET",
url: "/api/hosts",
success: function(data, textStatus, request) {
console.log("succ", arguments);
},
error: function() {
console.log("err", arguments);
}
});