[Feature] Auto-login?

Question

[Feature] Auto-login?

michalrus opened this issue 6 years ago · comments

Michal Rus commented 6 years ago

Could we somehow provide the user credentials programmatically?

Other clients (Candy, Converse) allow that, but I can’t find such config option in Kaiwa.

Thank you!

vitalyster · Answer 1 · Thu Aug 02 2018 03:29:12 GMT+0800 (China Standard Time)

Isn't ANONYMOUS login module on your XMPP server fit your needs?

Michal Rus · Answer 2 · Thu Aug 02 2018 05:20:59 GMT+0800 (China Standard Time)

Not exactly, because I need to provide very particular JID and password to be able to login. They’re accessible to the user.

Converse.js’s credentials_url configuration param is what solves that need ideally:

To quote https://m.conversejs.org/docs/html/configuration.html#credentials-url :

The server behind `credentials_url` should return a JSON encoded object:
{
    "jid": "me@example.com/resource",
    "password": "Ilikecats!",
}

Then Converse.js uses that data to login.

But any way to omit Kaiwa’s login form and provide the creds when initializing the app would be amazing.

vitalyster · Answer 3 · Thu Aug 02 2018 06:15:40 GMT+0800 (China Standard Time)

Again, custom authentication is the server task and all popular servers provide modules for any kind of custom authentication including http one like this. It's counter productive to duplicate already implemented XMPP SASL authentication in client with non-XMPP one.

Sure, that is a common "I don't understand that XMPP noise, let's duplicate everything in HTTP!" issue.

You can just comment out next few lines to automatically login with predefined config (all config options are documented here)

Friedrich von Never · Answer 4 · Sat Aug 04 2018 12:42:32 GMT+0800 (China Standard Time)

As of master version, you could customize the SERVER_CONFIG variable by changing the config.js file (or generating it entirely on backend, for example). If we'd add a pre-set credential support into that file, you could achieve your initial task.

It could be done pretty easily.

About the "this is a server task" thing... Kaiwa is XMPP client, not server. It shouldn't expect that the server supports any non-obligatory XMPP feature. We could implement that feature on KAiwa side entirely and it's not too hard to implement, so why don't do that?

We should take security concerns seriously though. What if people will start entering their own credentials into Kaiwa config file and start sharing these files with everyone? It would be a disaster!

Michal Rus · Answer 5 · Wed Aug 08 2018 19:17:28 GMT+0800 (China Standard Time)

Thank you both for the input. =)

If we'd add a pre-set credential support into that file, you could achieve your initial task. […] We could implement that feature on KAiwa side entirely and it's not too hard to implement, so why don't do that?

That would be amazing. ✨

What if people will start entering their own credentials into Kaiwa config file and start sharing these files with everyone?

Arguably, they don’t do that w/ Converse.js, or rather with any other configuration files that have credentials inside. Sure, it happens, but… it’s not inherently an XMPP/Kaiwa concern, IMO.

Michal Rus · Answer 6 · Fri Aug 24 2018 00:11:29 GMT+0800 (China Standard Time)

Hmm, but this can be easily done by looking at login.html and login.js, removing them altogether and filling localStorage manually in a modified index.html.

#frankenstein ;d