proxyAuth bug
-
Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.
@nebulon actually, the login does happen correctly. I think it's just a pure front-end bug: the message should be printed only when the 403 happens on the /login request, not on the URL to which the browser is redirected.
BTW, it also seems /logout does not work properly
-
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point. -
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point.@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
-
@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
-
When the protected page returns a 403, the proxyAuth login page front-end thinks that it's the login itself which failed and incorrectly shows the
Incorrect username or passwordmessage. -
@girish I do not have something ready to test.
It happened to me while packaging Transmission when I messed up the hosts whitelist in the Transmission config
You could try by running my Transmission package (which is almost ready :D), but modify this line https://git.cloudron.io/mehdi/transmission-app/-/blob/master/transmission/non-modifiable.settings.json#L4 with
"rpc-whitelist": "127.0.0.1"instead.However, it may be easier to just slap together a basic node or PHP app that just responds a 403 with a test content
403 TESTon/.Buggy behaviour I encountered: showing a login page. When trying to login, staying on the login page then displaying the
Incorrect username or passwordmessage .Wanted behaviour: showing login page. When trying to login, redirecting to the
403 TESTpage
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login