Trying to get the FreshAPI plugin to work, but can't switch to local auth

@nebulon This is probably a meaningless response, but I have no ideas for this. I'll post back if I think of something, but it seems to me that there's very little I can do about this as an end user. Thanks anyway for looking into this.

@nebulon I'm no programmer, so I'm not 100 % sure I understand you correctly, but it seems like you managed to do what I referred to in this post? :Post #5 on this topic

If so, the way I understand it, is that the on first auth (the one that succeeds), the app pw verifies ok, but on the second auth, the post cannot find the link to the auth part of the plugin (which is referenced in the PATH_INFO part), and thus returns unauthorized. But I might be completely mistanken on this.

Thanks for looking into this. This plugin would be worth a lot, as it basically lets you manage your entire TTRSS installation with remote clients.

@nebulon said in Trying to get the FreshAPI plugin to work, but can't switch to local auth:

PATH_INFO

Thanks for following up. Does this help? Apache Core Features on apache.org - specifically under the headline "AcceptPathInfo Directive"?

Hello

This is a follow-up of the post in this topic: Trying to get FreshAPI plugin to work, but can't switch to local auth

The FreshAPI plugin looks like a really useful addon for TTRSS, and I hope it's possible to use this plugin on Cloudron. I post this request in case it was "forgotten" in the preivous topic. Apologies if this has been considered impossible or unviable to implement on Cloudron.

PATH_INFO is a requirement to have this plugin working. There's an instruction set posted here on how to implement: Non-Official Docker based Installs
Here's a link to the plugin repository: FreshAPI

Thank you very much.

@lucidfox Did you follow the procedure described in this post above? Post 102335 in this thread

Wallos needs these custom headers to fire its notifications (refer to Wallos github support issue 524 in that post).

@girish said in Notifications not working?:

I pushed a fix but didn't test it . Can you test?

Apologies for the delay - work stuff. I updated now and tested. Notifications fires perfectly when issuing (from cli) the following command:

/app/pkg/cron.sh sendnotifications

Output:

2025-02-26 17:36:25<br />
Next payment date: 2025-02-27<br />Current date: 2025-02-26<br />Difference: 1<br />Email Notifications sent<br />Ntfy Notifications sent<br /

Also, Cloudron logs now show (every 2 mins):

Feb 26 18:38:03 => Run cron job 'sendverificationemails'
Feb 26 18:38:10 - - - [26/Feb/2025:17:38:10 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla (CloudronHealth)"
Feb 26 18:38:20 - - - [26/Feb/2025:17:38:20 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla (CloudronHealth)"
Feb 26 18:38:30 - - - [26/Feb/2025:17:38:30 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla (CloudronHealth)"
Feb 26 18:38:39 => Run cron job 'sendresetpasswordemails'
F

I will post back if notifications fail to fire on subscriptions (when the service is running "by itself")

Another idea: Maybe these instructions could be added to the Cloudron docs. It wasn't easy to find out how to set custom headers when using a Cloudron hosted nfty-instance (ie with access restrictions and access tokens: https://forum.cloudron.io/post/102335

@joseph said in Notifications not working?:

/app/pkg/cron.sh sendnotifications

When I run this command in terminal, it gives the following output:

root@(redacted):/app/code# /app/pkg/cron.sh sendnotifications
=> Run cron job ''
Could not open input file: /app/code/endpoints/cronjobs/.php

Also, in my log files, I get these error messages every 2nd minute:

Feb 26 11:02:02 => Run cron job ''
Feb 26 11:02:02 Could not open input file: /app/code/endpoints/cronjobs/.php
Feb 26 11:02:10 - - - [26/Feb/2025:10:02:10 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla (CloudronHealth)"
Feb 26 11:02:14 => Run cron job ''
Feb 26 11:02:14 Could not open input file: /app/code/endpoints/cronjobs/.php

This behaviour is consistent on both my main app installation and my test app installation.

However, if I go to the Wallos app, to the (username)->admin menu, there is an option to run Cronjobs from the GUI of the Wallos app. When I click the "send notifications" button, it sends notifications - both via email and via the ntfy service.

@joseph said in Notifications not working?:

@odie see https://github.com/ellite/Wallos/issues/524 and https://github.com/ellite/Wallos/issues/560 . Maybe something to do with how you have provide the tokens, I am not sure. I haven't read those issues in detail

Thanks for the link. The following header now sends test notifications from Wallos to ntfy ok (issue 524 as you linked above):

{
  "Authorization": "Bearer tk_(removed)",
  "Title": "Subscription Notice",
  "Tags": "repeat"
}

However, Wallos still doesn't send subscription end notifications via email, and probably not via ntfy either (I assume, since the email test worked and my wallos doesn't send email notifications).

@joseph said in Notifications not working?:

@odie said in Notifications not working?:

but I don't receive notifications on my phone.

Wanted to test this but are you referring to some mobile app here? I can't seem to find a mobile app for Wallos .

No, the Phone app I'm referring to is the ntfy app. My ntfy server works ok and sends notifications to my ntfy app on my phone, but Wallos can't seem to send notifications to my ntfy server (and consequently, I don't receive Wallos notifications sent through my nfty server to my phone's ntfy app)

Hello

I set up Wallos to track my subscriptions. For most of my subscriptions, I've clicked "enable notifications for this subscription", and in my settings (username->settings->notifications), I have enabled Email notifications (and when I click "test settings", I get a "success" popup, and I receive an email with "Wallos Notification test" ok).

I've also enabled Ntfy notifications, and even set up ntfy on my Cloudron. When I click "test", I get the same "Success" popup, but I don't receive notifications on my phone.

Maybe I'm doing this wrong? Has anyone else had any success with enabling these notifications? For me, this is a big advantage of Wallos - there are several annual subscriptions I'd love to get notified about. I'd prefer Wallos to work quietly in the background and just notifify me when I need to take action.

Note: I set up a test Wallos installation, and behaviour is the same on that test version. So most likely this is an end user (me) error of some sorts (?).

Any help would be appreciated.

@joseph said in Cannot administer APP Passwords after moving to OIDC integration:

I tried this on a new install and I can't reproduce this. @odie can you please check if you see the same issue on a new install? I think that's one step to understand if we are testing this wrong OR this is some update related issue

I tested several times, and I can't reproduce it either. It just works. On package 5.1.1. No need to install a clean install either.

I have no way to explain this. It just stopped behaving this way. I can even delet the same old APP Password that I previously got a "failed" message on.

You can probably mark this as solved...??

@girish said in Nextcloud fails to provision my users after upgrade to v30.05:

@odie this should be fixed now. Update to 5.1.1 and it should work.

Thanks! Updating now, will report back if there are any issues (updates take some time due to large backups). Edit: Updated to 5.1.1, the fixes are working. Thanks.

@girish said in Cannot administer APP Passwords after moving to OIDC integration:

Is the app password issue in 5.1.0 or 5.0.4 or both ? And to double check the app passwords are inside nextcloud correct ? (because cloudron also has an app password feature)

Yes, the app password issue is in both 5.1.0 and 5.0.4 (Go to Nextcloud -> Profile settings -> Personal settings -> Security and look under "Devices & sessions"). It's impossible to delete old tokens (pre OIDC migration) and impossible to add new (get http error 503 in the logs, like above).

Nextcloud APP passwords are required for clients (mobile and app), plus some external services.

There have been several issues moving to OIDC with Nextcloud, primarily discussed here: https://forum.cloudron.io/topic/13285/nextcloud-fails-to-provision-my-users-after-upgrade-to-v30.05/15

I am currently on package v5.0.4, since the v5.1.0 version seemed to re-introduce the "failed to provision user" error upon login.

In addition to the issues discussed in the above post (which don't seem to be solved in package v5.1.0), Nextcloud cannot make use of APP Passwords after migrating to OIDC. Exisiting App passwords are invalid, and when attempting to set new, I only get HTTP 503 errors in my log:

Feb 17 23:17:27 [IP] - - [17/Feb/2025:22:17:27 +0000] "POST /settings/personal/authtokens HTTP/1.1" 503 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0"
Feb 17 23:17:30 [IP] - - [17/Feb/2025:22:17:30 +0000] "POST /settings/personal/authtokens HTTP/1.1" 503 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0"

This is related to the OIDC integration. If I log in as admin (the built-in admin account), I can set APP Passwords perfectly.

@girish said in Nextcloud fails to provision my users after upgrade to v30.05:

Sorry hit the weekend, so couldn't spend time on debugging it. But https://git.cloudron.io/packages/nextcloud-app/-/merge_requests/14 should hopefully fix the problem.

Thank you, @girish for debugging and fixing today. Everything was working great.

... until it wasn't. Upon installing tonight's update (version 5.1.0), I get the same error message (Access forbidden: Failed to provision the user) when I try to add new clients. This happens on web and via Nextcloud sync clients. On clients where I managed to log in (after the update you fixed earlier today, but before v5.1.0 (could it be Package v5.0.4, perhaps), your fixes worked. But they seem to have been re-introduced in package v5.1.0.

The behaviour is strange. After updating to v5.1.0, I can still log in and work with files etc. on clients that were logged in before updating to 5.1.0. But after the update, any new client that attempts to connect, get the "Failed to provision the user" error message.

I restored the v5.0.4 backup, and with this version, I can log in with Cloudron. But once I install v5.1.0, the same errors trigger again.

@odie said in Nextcloud fails to provision my users after upgrade to v30.05:

@girish said in Nextcloud fails to provision my users after upgrade to v30.05:

@odie The app won't update automatically since this is pushed a major package release.

Are you able to clone your app and provide us access to the test app instance? Understand that it's probably very technical. We can debug the issue further. Can you write to support@cloudron.io , please?

Apologies for the delay. Things exploded at work. I've cloned the app and sent an e-mail to support.

Hello again

I haven't heard back from support, but I noticed I sent it from the wrong email address (an address unassociated with my Cloudron setup). Should I resend from my Clodron associated email?

Apologies, Friday suddenly became an insane day at work (good stuff, but urgent stuff).

On a side note - on the cloned app instance. I tried the update, and that too fails in the same way (same error message: Failed to provision the user). I know that Cloudron accepts the login, as I get a "new login" email. So it's something happening after the login is accepted by Cloudron.

@girish said in Nextcloud fails to provision my users after upgrade to v30.05:

@odie The app won't update automatically since this is pushed a major package release.

Are you able to clone your app and provide us access to the test app instance? Understand that it's probably very technical. We can debug the issue further. Can you write to support@cloudron.io , please?

Apologies for the delay. Things exploded at work. I've cloned the app and sent an e-mail to support.

@joseph said in Nextcloud fails to provision my users after upgrade to v30.05:

@odie is there anything in the nextcloud logs ?

https://github.com/nextcloud/user_oidc/issues/903 is a similar upstream bug.

I got login failures from the different clients trying to access (mobile and desktop clients, plus failed web login attempts). I only checked Nextcloud’s log viewer, I haven’t managed to find Cloudron’s Nextcloud log files.

I had to roll back to my old backup to get access again. I also had to stop automatic app updates, to make sure I don’t lose access. So if log files aren’t persistent, I probably won’t be able to find them.

The issue you link to looks like the same issue I have. Unfortunately, the solution offered in that link is beyond me technically.

Hi

My Nextcloud install was updated to v30.05 yesterday. I got no error messages.

However, today I noticed I couldn't log in. Not via web, not via mobile apps, and not via sync apps. I noticed on the login screen that I now have a "login with cloudron" button. Here's what's happening when I try to login:

via old u/p (Cloudron account, like I always used): Error message:

Wrong login or password.

via "login with Cloudron" button:

Access denied

Failed to provision the user

I didn't find any help (at least as I could understand) in this topic: Nextcloud OIDC Integration.

Fortunately I have the old admin user. When I log in to that account, I notice under
settings/admin/user_oidc that Cloudron is configured. When I go to the users admin view (settings/users), I see two accounts (that are not Cloudron users) in the "All accounts" pane. When I click the "Recently active" pane, I see that there are 6 accounts, the 2 active accounts, and four accounts that correspond to Cloudron users. However, the logo for these accounts don't load, and next to the name, I get the message "You do not have permissions to see the details of this ...", and no option to edit or delete the account (the way I can with the internal accounts).

I use this Nextcloud daily, so I have no choice but to roll back to v29. Any help getting all my users and settings migrated to the new app? It's really bad if I have to start over and delete all my users and all different apps and services that use this Nextcloud instance.

Thanks!

@necrevistonnezr @girish Any chance of having this looked at? It would be an incredible addon to TTRSS. Not only would this offer a robust and maintained API, the API has a lot of useful functionality. You can basically maintain all feeds and folders via the API, allowing you to use TTRSS' powerful filtering system as a pure backend and use whatever client you prefer to maintain feeds and folders.

Sorry again for the trouble