Community discussions

MikroTik App
 
Superdust
Member Candidate
Member Candidate
Topic Author
Posts: 182
Joined: Mon Jun 11, 2007 3:24 pm

Webfig, auto login, show only some data...

Tue Dec 10, 2013 2:42 pm

Hi

I need to have some none "technical" staff have access to certain parts of webfig.
Made a quick webpage as a "control panel" for several RBs, with link to webfig for each.
Like this: http://username:password@10.1.60.2/webf ... ver.Leases

But still i just get the login page for webfig.
Any way to make this autologin work?
And any way to only show certain parts, like DHCP server leases, without showing the entire menu?

Regards
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Webfig, auto login, show only some data...

Tue Dec 10, 2013 3:24 pm

At the moment admin without password login automatically to webfig.
Configure appropriate skin for admin user (and do not forget to grant it read permissions).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3372
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Webfig, auto login, show only some data...

Mon Oct 07, 2019 11:52 pm

Similar problem. Related question, I have a limited user without any password, can I create some URL that specifies the user name it to login in instead?
E.g. http://RouterOS.example.com/webfig/#Too ... n=testonly

Basically I’d like to have a URL link to a webfig pages that doesn’t redirect to login. Tried using a web server in between to do some login, but even that didn’t work. Since the login uses a webpage, we couldn’t figure out a clean way to fetch a webfig page from a web server to workaround this. I understand basic auth doesn’t work. And I take it X.509 client don’t work to access webfig as that solve my problem too?

Any ideas?
 
foraster
newbie
Posts: 29
Joined: Tue Oct 01, 2019 5:31 pm

Re: Webfig, auto login, show only some data...

Thu Jun 08, 2023 8:11 pm

Did someone find a way to auto-login or to pass user+pass to open webfig?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3372
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Webfig, auto login, show only some data...

Thu Jun 08, 2023 11:32 pm

I'm not sure there is one without using a container with a HTTP proxy and custom code to mimic the webfig login.

The 2013 suggestion to use "admin" with no password (and in the read group) understandably no longer works.
 
optio
Long time Member
Long time Member
Posts: 672
Joined: Mon Dec 26, 2022 2:57 pm

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 12:15 am

I'm not sure there is one without using a container with a HTTP proxy and custom code to mimic the webfig login.

The 2013 suggestion to use "admin" with no password (and in the read group) understandably no longer works.
I guess some headless browser can be used to proxify requests which can properly process login page with its js that encrypts password for payload in POST /jsporxy. Webfig doesn't accept basic auth so credentials can't be used in URL.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11986
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 12:28 am

if I'm not mistaken:
1) open the webfig login page
2) routeros sets a cookie with a hash inside the browser
3) when you send your username and password the data is encoded using the "Curve25519" algorithm and the hash on coockie,
to encrypt the data before sending it...
 
optio
Long time Member
Long time Member
Posts: 672
Joined: Mon Dec 26, 2022 2:57 pm

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 12:40 am

if I'm not mistaken:
1) open the webfig login page
2) routeros sets a cookie with a hash inside the browser
3) when you send your username and password the data is encoded using the "Curve25519" algorithm and the hash on coockie,
to encrypt the data before sending it...
When inspecting in browser I see only username set in cookie and other site storages are empty (cache, local storage, session storage...):
Screenshot 2023-06-08 at 23.34.33.png
I guess then password is sent on first post POST and receives session key which encrypts other payload, but I did not examine JS to be sure.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11986
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 12:50 am

I didn't go into detail, but the point is that the data is encrypted,
is not possible to log in with a simple click on a link, whether or not it contains a username and password...
 
optio
Long time Member
Long time Member
Posts: 672
Joined: Mon Dec 26, 2022 2:57 pm

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 12:56 am

I didn't go into detail, but the point is that the data is encrypted,
is not possible to log in with a simple click on a link, whether or not it contains a username and password...
Yes, I wrote that previously, basic auth is not accepted (URL schema auth), but proxifing trough some headless browser maybe it will be possible to achieve that. Also it is obvious that session is not persisted in browser storage because when you open new tab or window it always asks for password.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3372
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 5:23 pm

The underlying issue is that webfig is essentially a JS that generates html dynamically that uses window.sessionStore to store/retrieve the user/password in the browser's session. And why auth is cleared in a new tab, as @optio suggests. And is not some simple "one click" as already @rextended states. And it's more complex than a simple proxy than I originally suggest — stuff need to happen with in the web browser to set auth (e.g. I thought it used cookie that be manageable in proxy, so such luck).

But there is some code in webfig to deal with it, but the sessionStore has to be set first:
function autoLogin() {
  const user = window.sessionStorage.getItem("name");
  if (user) {
    doAuth(user, window.sessionStorage.getItem("password"));
    window.sessionStorage.clear();
  } else if (window.name) {
    const [method, loginData] = window.name.split(/=(.*)/s);
    window.name = "";
    if (["login", "autologin"].includes(method) && loginData) {
      const [user, pwd] = loginData.split(/\|(.*)/s);
      doAuth(user, pwd);
    }
  } else logout();
} 

I ended up just using REST and my own status page to avoid needing this. But being able to re-use webfig's "status page" (and Dude map too) without need the browser auth would be a nice-to-have.
Last edited by Amm0 on Sat Jun 10, 2023 4:41 am, edited 2 times in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11986
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 5:31 pm

And is not some simple "one click" as @rextended states
??? Where?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3372
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 5:33 pm

And is not some simple "one click" as @rextended states
??? Where?
"is not possible to log in with a simple click on a link, whether or not it contains a username and password..."

Everyone's point is it ain't easy.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11986
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 5:38 pm

Ok, written like this, it seemed that I was convinced that is just a simple click...

Better:
And is not some simple "one click" as already @rextended states
 
optio
Long time Member
Long time Member
Posts: 672
Joined: Mon Dec 26, 2022 2:57 pm

Re: Webfig, auto login, show only some data...

Fri Jun 09, 2023 6:55 pm

There are some frameworks which can be used, like Puppeteer for NodeJS, but requires custom HTTP service development that wraps requests for Webfig and interceps login, there is no generic solution for this afaik

Who is online

Users browsing this forum: patterno, rcarreira88, sas2k and 48 guests