Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • lemonldap-ng lemonldap-ng
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 331
    • Issues 331
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 11
    • Merge requests 11
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #2504

Closed
Open
Created Apr 06, 2021 by Tuan LE CONG@tuanlc

[HELP REQUEST] Set special rule for "Required token for forms"

Hello LemonLDAP team,

We are trying to implement auto-login when a user signs up. The solution is we use filled email and auto-generated password and call login endpoint to lemonldap. For example https://auth.example.com/?redirect_uri=https%3A%2F%2Fweb.qa.twake.app

From my understanding, to send login requests from an external side, we need to configure lemonldap. For now, we succeed to do auto login by turning off the Required token for forms config.

However, at the end of the day, we need to keep security and this is what I see from LemonLDAP documentation:

Required token for forms: To prevent CSRF attack, a token is built for each form. To disable it, set this parameter to ‘Off’ or set a special rule image

There is an example for special rule: requireToken => $env->{REMOTE_ADDR} !~ /^127.0.[1-3].1$/

But I don't find an explanation for this syntax. Do you have any documents for this or could you please explain to me the syntax?

Thanks in advance!

Edited Apr 06, 2021 by Tuan LE CONG
Assignee
Assign to
Time tracking