I can’t see any login page example in the documentation or in the Superhero module, what is the recomended way to let users, not administrators, log in?
What is the endpoint?
/admin/rest/auth/login?
Hi Ksawery!
Good question - with XP we have decided to have as few standard endpoint as possible. So the way to create your own end-points is through something we call services… simply place a javascript in the services folder i.e. services/login/controller.js
This endpoint will the be available at mysite.com/_/service/<moduleid>/login? - This will not break any other paths etc.
Next thing you will have to authenticate to the back-end. With 6.0 (ETA this summer) you will do this by adding a standard java lib to your project. For 5.x I think you have to make this component yourselves? Maybe someone else can elaborate on this one…
PS! We are also working on an openID Connect filter so you can easily hook up XP with an SSO server such as Keycloak. ETA late summer
There is a code fragment in:
com.enonic.xp.admin.impl.rest.resource.auth.AuthResource.login(LoginJson)
@POST
@Path("login")
public LoginResultJson login( final LoginJson login )
{
final AuthHelper helper = new AuthHelper( this.securityService );
final AuthenticationInfo authInfo = helper.login( login.getUser(), login.getPassword(), login.isRememberMe() );
if ( authInfo.isAuthenticated() && !authInfo.hasRole( RoleKeys.ADMIN_LOGIN ) )
{
helper.logout();
return new LoginResultJson( AuthenticationInfo.unAuthenticated(), "Access Denied" );
}
That defines that only users with Admin role can log in.
I understand that the only option is to implement the same AuthHelper code in my own service?
Hi
To be able to log in a user that does not have the Admin role, in 5.2 , you can try by using Basic HTTP authentication and an Ajax request from the browser.
Use the endpoint “/admin/rest/auth/authenticated”, it is NOT a public supported API but might solve your problem in the short term.
Below there is an example using JQuery.
var user = 'my_user';
var pwd = 'my_pwd';
$.ajax({
type: "GET",
url: "/admin/rest/auth/authenticated",
headers: {
"Authorization": "Basic " + btoa(user + ":" + pwd)
},
success: function (res) {
if (res.authenticated) {
alert('Logged in');
} else {
alert('Wrong password');
}
},
error: function () {
alert('Error!');
}
});
As Thomas said we will have a better solution when 6.0 is released.
Thanks for the answer, I have already implemented a service that lets the user log in, utilizing the SecurityService.
Does this method offer a redirect if a non ajax approach is desired?
Could you please point me at the “better solution” in 6.0?
Thanks, I bet docs will be there soon as well? 
Ah… nicely noticed. We’re on it 
So this auth lib works in 6.0 as well? The 6.1 documentation is much better for the Auth library http://xp.readthedocs.org/en/latest/reference/libraries/auth/api/login.html
Ups… Turns out there has been som eager committing of documentation here - lib auth and lib-mail are only part of 6.1 release (eta 2 weeks)
We’re building examples in Superhero now. They are more or less done, check master.
2 Likes