proxyAuth bug
-
Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.
@nebulon actually, the login does happen correctly. I think it's just a pure front-end bug: the message should be printed only when the 403 happens on the /login request, not on the URL to which the browser is redirected.
BTW, it also seems /logout does not work properly
-
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point. -
I can't quite see how this happens from a code perspective. The
Incorrect username or passwordmessage shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point.@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
-
@nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)
-
When the protected page returns a 403, the proxyAuth login page front-end thinks that it's the login itself which failed and incorrectly shows the
Incorrect username or passwordmessage. -
@girish I do not have something ready to test.
It happened to me while packaging Transmission when I messed up the hosts whitelist in the Transmission config
You could try by running my Transmission package (which is almost ready :D), but modify this line https://git.cloudron.io/mehdi/transmission-app/-/blob/master/transmission/non-modifiable.settings.json#L4 with
"rpc-whitelist": "127.0.0.1"instead.However, it may be easier to just slap together a basic node or PHP app that just responds a 403 with a test content
403 TESTon/.Buggy behaviour I encountered: showing a login page. When trying to login, staying on the login page then displaying the
Incorrect username or passwordmessage .Wanted behaviour: showing login page. When trying to login, redirecting to the
403 TESTpage
