[SOLVED] Login to Mattermost from browser by skipping the login form


#1

Is there a way to login to mattermost from a browser without writing the credentials directly in the login form?
Something like http://192.168.1.1/login/user=myusername&password=mypassword ?
It can be great to allow some temporary users to join the chat without the need to remember the password.

REST API not helping here because after a login, I should set the cookie with a token manualy.

Thank you


Http request intercept before login page or login authentication without password
Autologin without user and password
#2

Acquire the token using the API and then set it directly to the user browser with your code, in PHP for example:

setcookie($key, $value, time()+60*60*24*30, '/', '.yourdomain.com', true, true);

And the cookie will remain for the period set on the config, I think 30 days by default.

Then you can simple redirect the user to your mattermost, for example, in PHP:

header("Location: https://chat.yourdomain.com/teamname/channels/town-square", true, 302);
exit;

All the above can be done programmatically, nothing needs to be done manually.


#3

Great idea, thank you @prixone.


#4

Let us know if that works for your needs so we can mark this as solved, thanks :wink:


#5

Please mark it as solved :slight_smile:


#6

hi @prixone
i have some question…

if i use API for authentication(login), can i use API without password?

and, I’m wondering that i want to decrypt user password if i access database

so, what is method of encryption for user password

if you mind, let me know that how to fix it


#7

You post:
setcookie($key, $value, time()+606024*30, ‘/’, ‘.yourdomain.com’, true, true);

I suppose the $value is the token created, but what do I have to write for $key?

Thanks