proxyAuth bug
-
Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.
-
Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.
@nebulon actually, the login does happen correctly. I think it's just a pure front-end bug: the message should be printed only when the 403 happens on the /login request, not on the URL to which the browser is redirected.
BTW, it also seems /logout does not work properly
-
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point. -
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point.@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
-
@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
This is great observation and indeed we do use
fetch()here. I've fixed it at https://git.cloudron.io/cloudron/dashboard/-/commit/0adcc2af4f83d369c238ecc515b00c62c291935d pending testing your case though. -
When the protected page returns a 403, the proxyAuth login page front-end thinks that it's the login itself which failed and incorrectly shows the
Incorrect username or passwordmessage. -
@girish I do not have something ready to test.
It happened to me while packaging Transmission when I messed up the hosts whitelist in the Transmission config
You could try by running my Transmission package (which is almost ready :D), but modify this line https://git.cloudron.io/mehdi/transmission-app/-/blob/master/transmission/non-modifiable.settings.json#L4 with
"rpc-whitelist": "127.0.0.1"instead.However, it may be easier to just slap together a basic node or PHP app that just responds a 403 with a test content
403 TESTon/.Buggy behaviour I encountered: showing a login page. When trying to login, staying on the login page then displaying the
Incorrect username or passwordmessage .Wanted behaviour: showing login page. When trying to login, redirecting to the
403 TESTpage