Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

proxyAuth bug

Scheduled Pinned Locked Moved Solved App Packaging & Development
9 Posts 3 Posters 314 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    wrote on last edited by
    #1

    When the protected page returns a 403, the proxyAuth login page front-end thinks that it's the login itself which failed and incorrectly shows the Incorrect username or password message.

    girishG 1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    Hm we use the auth_request feature of nginx here, not sure if this can be fixed easily.

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to nebulon on last edited by
    #3

    @nebulon actually, the login does happen correctly. I think it's just a pure front-end bug: the message should be printed only when the 403 happens on the /login request, not on the URL to which the browser is redirected.

    BTW, it also seems /logout does not work properly

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #4

    I can't quite see how this happens from a code perspective. The Incorrect username or password message shown in the login form is only done in one place as a response to the POST request to validate the values. I don't see how the app is even involved at that point.

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to nebulon on last edited by mehdi
    #5

    @nebulon The /login responds with a redirect. So the fetch from front end follows it because fetch defaults to following redirects (cf https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch ). You should specify the option to not follow automatically. (that's if you guys do use fetch)

    nebulonN 1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    replied to mehdi on last edited by
    #6

    This is great observation and indeed we do use fetch() here. I've fixed it at https://git.cloudron.io/cloudron/dashboard/-/commit/0adcc2af4f83d369c238ecc515b00c62c291935d pending testing your case though.

    1 Reply Last reply
    2
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to mehdi on last edited by
    #7

    @mehdi Do you have repo or test case I can test with?

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to girish on last edited by
    #8

    @girish I do not have something ready to test.

    It happened to me while packaging Transmission when I messed up the hosts whitelist in the Transmission config 😅

    You could try by running my Transmission package (which is almost ready :D), but modify this line https://git.cloudron.io/mehdi/transmission-app/-/blob/master/transmission/non-modifiable.settings.json#L4 with "rpc-whitelist": "127.0.0.1" instead.

    However, it may be easier to just slap together a basic node or PHP app that just responds a 403 with a test content 403 TEST on /.

    Buggy behaviour I encountered: showing a login page. When trying to login, staying on the login page then displaying the Incorrect username or password message .

    Wanted behaviour: showing login page. When trying to login, redirecting to the 403 TEST page

    1 Reply Last reply
    1
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #9

    I've put a test app and tested this and it works now as expected with the applied fix.

    1 Reply Last reply
    3

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.