mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-05 00:29:48 +03:00
Feature request: Ability to generate and login via a URL and link to a specific page #986
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @abulgatz on GitHub (Jan 12, 2019).
Describe the feature you'd like
It would be great to be able to generate a URL for a user that will sign them in automatically.
Describe the benefits this feature would bring to BookStack users
A user would be able to view semi-secure documentation without having to remember their password just by bookmarking or being emailed a URL.
Additional context
I believe this should be possible to implement via signed URLs
@ssddanbrown commented on GitHub (Jan 13, 2019):
Thanks for the suggestion @abulgatz.
Not too sure on the use of this myself. Seems like it's just a shortcut to logging in. It increases the risk of easily providing access to external users. We'd likely have to build in extra control in addition to the UI needed to support this. We'd also need to build in the functionality since we're using Laravel 5.5 here.
The fundamental benefit above is a little weak for the implementation cost.
This is somewhat similar to #288, but less focused on sharing.
I'll think I'll probably close this due to the above but I'll leave this open for a while incase there's other strong opinions or I've misunderstood.
@abulgatz commented on GitHub (Jan 13, 2019):
Hi Dan,
Thanks for the response.
From a security perspective, I don't see how having an (expiring) auto-login link sent via email is any less secure than sending a password reset link via email.
Here's my use case:
I'm using Bookstack as a documentation tool for clients, and I hide individual client documentation behind a login. Nothing that needs to be too secure, but generally segmented by client.
Bookstack might not be meant for this, but it's flexible enough that it works and its my favorite documentation tool. Each user gets their own security group and I apply custom permissions on a book for that group. I might make other feature requests related to user management, but what's there mostly works.
My number one problem is passwords. I want to send a client a link to view a specific page of their documentation, and they have to login.
Probably half the time they've forgotten their password.
Being able to send an auto-login link would be fantastic.
From a more general perspective, having this functionality also allows user-login with just an email address. This is what medium.com does. You enter your email address at the login screen and they send you a login email.
Or the functionality could just be used for password reset emails.
Some of this functionality would require auto-expiration of links, but I'm trying to generalize.
There's a prebuildt drop-in module for Laravel 5.5 with most of the required functionality called watson/autologin. It's archived because of the Laravel 5.6 signed-URL functionality, but it might be possible to implement that now and switch once Bookstack transitions to 5.6.
@abulgatz commented on GitHub (Jan 19, 2019):
@ssddanbrown
I have had this implemented and would love to share back to the community if it is wanted.
I am not sure if it was developed on the wrong branch or if and how you would like a pull request.
Please let me know what you think. Code here: https://github.com/abulgatz/BookStack-Oleg/tree/release
I can also get you a login to a working demo site.
@ssddanbrown commented on GitHub (Nov 8, 2022):
Thanks for offering this @abulgatz, but I'm going to close this off since there's been little demand for such a feature since the original request.
I've since added the logical theme system. Depending on level of UI/functionality needed, it might be possible to add on such a feature using that system.