Login via post parameters not working

Mithran_Daniel · June 19, 2019, 12:22pm

I am trying to login into nextcloud via an external website,

curl -d “user=un&password=pw” -X POST “http://example.com/login”

fails in csrf check Request lib/private/AppFramework/Http/Request.php->passesCSRFCheck()

How would i be able to login via a post?

https://github.com/nextcloud/loginviapost does not work on nextcloud 16.

Any leads here will be helpful

Just to add a little more info to the post,

I followed Direct login from other website and added the requesttoken to the post as a parameter, but it fails in csrfTokenManager->isTokenValid($token).

Request token taken from curl (GET) of login page.
curl “http://example.com/login” | grep requesttoken

JimmyKater · June 19, 2019, 3:38pm

try this app , maybe it’ll help you.

Mithran_Daniel · June 20, 2019, 1:58pm

Thanks for the suggestion, I have already configured user SQL to read the users from a different db.

I am wondering how to get past the next cloud login page via a link on an external site.

My understanding is that the login page can be posted to. But I am not able to figure out what parameters or extra headers to pass apart from user and password. When I pass the requesttoken got from a login page get. It falls in csrf check in trylogin()

Martin_Pineiro · June 21, 2020, 12:47am

Hi, Finally you could solve this ?
Thanks