I am creating an app that has a login. I want that login to match the username and password but I cannot make it happen because I cannot send the "_token" field, and I cant because I cannot generate the same token that the application will wait for.
This is my current form:
<View id="loginView" layout="vertical">
<TextField id="inputUsername" />
<TextField id="inputPassword" passwordMask="true" />
<Button id="buttonLogin" onClick="performLogin" />
<ActivityIndicator id="activityIndicator" />
</View>
This is my current login request on Appcelerator.
loginReq.open("POST","http://192.168.100.29/miapp/mobile/auth/login");
var params = {
username: $.inputUsername.value,
password: $.inputPassword.value
};
loginReq.send(params);
And it should be something like:
loginReq.open("POST","http://192.168.100.29/miapp/mobile/auth/login");
var params = {
username: $.inputUsername.value,
password: $.inputPassword.value,
_token: $.inputTokenOrSomething.value
};
loginReq.send(params);
Also I created a route in the routes.php file in Laravel, as follows:
Route::get("mobile/auth/login", function(){
echo ("Debug"); exit;
});
Does anyone has an idea? Thank you.
Normally you want to send a CSRF Token via a Request Header. This is how it's done with Appcelerator when sending a token to Drupal:
loginReq.open("POST","URL");
loginReq.setRequestHeader('X-CSRF-Token',TOKENHERE);
loginReq.send(params);
Note, your Request Header goes AFTER open, but BEFORE send.
Edit:
Forgot to add - Normally you send a log in without a token, then capture the token from the servers response after a successful log in (usually sent as XML, JSON, etc... depending on the set up). This token is stored and sent in the request headers anytime you need to authenticate yourself to perform an action (like posting, deleting content). Again, this all depends on the set up.