GitLab

Hello LemonLDAP team,

We are trying to implement auto-login when a user signs up. The solution is we use filled email and auto-generated password and call login endpoint to lemonldap. For example https://auth.example.com/?redirect_uri=https%3A%2F%2Fweb.qa.twake.app

From my understanding, to send login requests from an external side, we need to configure lemonldap. For now, we succeed to do auto login by turning off the Required token for forms config.

However, at the end of the day, we need to keep security and this is what I see from LemonLDAP documentation:

Required token for forms: To prevent CSRF attack, a token is built for each form. To disable it, set this parameter to ‘Off’ or set a special rule

There is an example for special rule: requireToken => $env->{REMOTE_ADDR} !~ /^127.0.[1-3].1$/

But I don't find an explanation for this syntax. Do you have any documents for this or could you please explain to me the syntax?

Thanks in advance!