Option for Web Login rather than popup #330
Comments
I was actually just about to submit a feature request for this. A login page similar to Sonarr or PlexPy would be fantastic. |
NZBGet uses HTTP authentication which is a part of HTTP standard. Every modern browser can save and fill in the username and password. Web-sites have publicly accesssible login pages because they need to advertise they sevices for new users and because they need to provide a password reset feature. None of these is applicable to NZBGet. I don't see reasons to change current authentication mechanism. |
@hugbug we're not asking to change the whole authentication system, rather have a login screen prompted through HTML/PHP instead of a popup. All other media services(Sonarr, PlexPy, SABnzb) include this kind of feature and are not applicable to what you stated above... |
That's indeed the consequence. A great amount of work is needed for this. And the output in my opinion is so small that it is hardly worth it (all browsers already can save login data). I would rather work on more useful things. We can keep this issue open to collect opinions. If many users need this I'll give it higher priority. |
@hugbug ahhhh I see. Sounds good, thanks for explaining it and being open. |
I also would like to know what problem should the web login page solve? I understand there is an issue with LastPass. Isn't letting the browser to save the login data a solution? It's also possible to put username and password directly into URL which can be a solution for mobile phones since they are usually generally protected with passwords already and putting password into url isn't a big security risk. |
The problem presented on my end is that I dont auto save my passwords within the browser as an overall security practice. I use lastpass with very long randomly generated passwords. The plugins for lastpass on both Chrome for Windows and Android cannot populate the fields in the popup window. There is no option at all in windows, and in android it doesnt detect it as a field that would need to be populate by them. In all of the apps, like Sonarr/CP, they are, or offer, a log-in via the webpage itself, which LastPass can populate. Otherwise you have to open the app/vault copy the password, then flip back and paste it. Im not sure if this is strictly limited lastpass, or all password safes. If it is strictly a lastpass problem I can address the situation with them instead, but the issue has crossed operating systems (Windows/Android). I dont use any other password safes, so maybe someone using a different web-based one can test? |
That suppprt page suggests a workaround: use LastPass with Firefox to save the password. After that the auto filling of password should work in Chrome too. I guess this does not apply to Android but may work on Windows at least. |
+1 I'd also appreciate authentication via web form instead of HTTP authentication. I have the same use case: I want unique complex passwords, and I want to avoid manually typing and/or copy+paste password, but my password manager doesn't play nice with HTTP auth. As a workaround, I've been appending the username and password to the URL, which I've added to my browser bookmarks. e.g. |
+1 |
Just tested with 1Password and I have the same problem as well that @Edru mentioned. |
Is there any reason other than "some 3rd party password tools dont support HTTP standards". If not then surely this is a bug report for those tools and not nzbget. For what it is worth changing away from HTTP auth would break my setup. |
Pretty much lol More accurately, "some 3rd party web browsers don't expose an interface for plugins to autofill HTTP auth, which makes it inconvenient to use some 3rd party password tools with nzbget." But I can see what you're getting at. It's definitely not a bug in nzbget... perhaps this thread should be labelled as a feature request instead of an issue. 😉
Not necessarily. You can already bypass HTTP auth by appending the username and password to the request URI — see my post above. Or make it a config option — eg nzbdrone/Sonarr lets you choose between several auth methods (basic/forms/none). |
This is already labeled as "Feature", not as "Bug". If implemented there will be an option to choose between HTTP-Auth and Form-Auth. Backward compatibility is a high priority. Generally Form-Auth is less secure because the built-in web-server must serve files required for web-form to non-(yet)-authorized users, which means unrestricted access to webui-folder. I recognize there is an issue with certain browsers and tools. Users having issues with HTTP-Auth please comment in this topic or use reactions ("+1"-smilies) on the first post. |
+1 please add this feature. I've seen you give this same response dating back several years, and it seems like there are many people who would like the option to sign in via web form. I understand it may not be the way you prefer to login, but if this many people want the option is it not worthwhile implementing? |
Implemented the feature but it may not work as you expect. Who wants to test? Please send me a message to nzbget@gmail.com with the info which OS you run nzbget on. If you can compile on your own use branch 330-form-auth. |
Did you find a tester? I'm running this on my Synology DSM v.6 |
@PeterDTown: can you install nzbget from universal linux installer (like the one provided on nzbget download page)? I would send you the package from current develop branch. What CPU has your NAS? Send me a message to nzbget@gmail.com as I need your email address. |
Has this been tested? I have my Ubuntu installation up and running that i could copy over. I was busy all last week and out of town this past weekend, but could help this week. Thanks for taking the time to add this feature. It is much appreciated! |
@Edru: v19.0-testing is out. Please test and write back. |
@hugbug by chance is there a git command I could issue to pull that specific build? Or is that part of the pushes that will auto update? |
Just go to download page and take it from there or update from nzbget web-interface if you use official nzbget package. |
@hugbug tried to do it remotely from my phone, but something must have gone wrong as nothing on my machine will load anymore. Ill be home in roughly 4 hours and update you then unless something else pops up in between then. |
@hugbug - tested, working, LastPass will see and populate. Thanks SO much! |
Just a followup as I only tested windows - this also works correctly in Android too. |
Thanks for testing. |
@hugbug Sorry for the huge kick but I was wondering if this has already made it in the production release? |
Applications/plug-ins like lastpass are unable to populate the popup request for username and password. An in-page login would allow this.
The text was updated successfully, but these errors were encountered: