Closed mro closed 5 years ago
(sorry, misclick)
Please give the issue a proper name next time, this one isn't very eloquent :)
I don't know about Shaarlier.
How is you app working ? Where is it searching the API ? Do you know precisely what's not working ?
I don't know about Shaarlier.
that's the client software mentioned in #13
How is you app working ?
Login fails because it can't find the login form inside the html (and needs it for CSRF tokens).
Where is it searching the API ?
/shaarli
and is being redirected to /yunohost/sso/?r=...
Tomorrow I will ask my user who has the issue, if you may know the endpoint FQDN.
Do you know precisely what's not working ?
If both the https://github.com/mro/Shaarli-API-test/blob/master/tests/test-login-ok.sh and https://github.com/mro/Shaarli-API-test/blob/master/tests/test-post.sh complete successfully we're ok with the sunshine case.
Does that make sense?
Currently I'm redesigning the access and shall add a API facade that hides the shaarli peculiarities and exposes the pinboard/delicious API. https://github.com/mro/Shaarli-API-test/blob/develop/openapi.yaml – but this may take months to complete.
Essentially the yunohost SSO login seems to get in the way.
Is that shaarli instance public ? (accessible without the SSO)
No. This may be the issue, I ask the bugreporter to make shaarli public.
Well, I suppose it has to be public to use the API. Or you could implement the SSO login support. Or maybe just the API URL can be made accessible publicly - but I don't know what are the security issues. In particular, does it add a risk to compromise the password ? (as fail2ban is not activated right now for shaarli)
The app needs to be public. Otherwise you have to add the api link to public manually in /etc/ssowat/conf.json.persistent
by adding this line.
"skipped_urls": ["shaarli.domain.tld/api_link/"]
@lapineige Fail2Ban support is there. Have you tested it? Is it failing?
As replied in #40, sorry, my bad, indeed it's implemented. I did a basic test (trying wrong passwords using web interface), it works.
Thank you very much @lapineige and @anmol26s !
A user of my https://github.com/mro/ShaarliOS just has reported the same issue.
How's the situation with other clients like e.g. https://github.com/dimtion/Shaarlier ?