Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for apache_authentication aka HTTP Authorization #73

Closed
onovy opened this issue Dec 4, 2021 · 30 comments
Closed

Add support for apache_authentication aka HTTP Authorization #73

onovy opened this issue Dec 4, 2021 · 30 comments
Assignees
Labels
bug Something isn't working

Comments

@onovy
Copy link

onovy commented Dec 4, 2021

It's not possible to use this app with apache_authentication=true aka HTTP Authorization.

Thanks for fixing.

@remi-martin
Copy link
Collaborator

Hi, thanks for the feedback.

I'm not sure if anything can be done for this issue, see flutter doc.

I have already enabled cleartextTraffic for android...

@onovy
Copy link
Author

onovy commented Dec 6, 2021

Hi remi,

But i'm not talking about HTTP / HTTPS. I'm using HTTPS, but with HTTP Authorization, see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization

It's apache_authentication option in Piwigo config.

@remi-martin
Copy link
Collaborator

Oh sorry, I'll check what I can do for that

@onovy
Copy link
Author

onovy commented Dec 6, 2021

I can imagine this:

  • after filling credentials, call backend
  • HTTP 200 OK = old behaviour
  • HTTP 401 Unauthorized = resend same request with Authorization header set, do same for all subsequent request in same session

With apache_authentication=true you should not call pwg.session.login (I guess?).

Thanks.

@remi-martin remi-martin self-assigned this Dec 15, 2021
@remi-martin remi-martin added the bug Something isn't working label Dec 15, 2021
@emja
Copy link

emja commented Jan 6, 2023

It's been over a year, any progress? 2-3yrs if we consider this one from the old codebase.

cheers!

@remi-martin
Copy link
Collaborator

I think that adding an "Advanced connection settings" on login would help for this issue.

@remi-martin remi-martin pinned this issue Jan 9, 2023
@johol
Copy link

johol commented Mar 7, 2023

Are there any news about this issue?

@remi-martin
Copy link
Collaborator

Hi, I need to find a way to catch this issue when we try to log in so that I can ask for the http password. For now, I don't know how to do it...

@onovy
Copy link
Author

onovy commented Mar 8, 2023

Hi, you need to catch HTTP status code 401 as I explained before

@remi-martin
Copy link
Collaborator

I need to be sure 401 cannot be thrown by other errors

@mijofa
Copy link

mijofa commented Mar 14, 2023

401 means "unauthorized", even if it is thrown by other errors, the client should be prompting for authentication details regardless, as that is what 401 means. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401

You might be getting it a bit mixed up with 403, which is "forbidden", and should not prompt for login details as that means authentication was successfull, the user just doesn't have permission to access that resource. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403

Here's a complete list of HTTP status codes in case others are relevant: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

@remi-martin
Copy link
Collaborator

Yes this works right if I add an "Advanced login settings" tab, but in this case I don't need to catch the error, the user can add its parameters before login.

I also got details from the website team: HTTP Authorization logins always corresponds to a Piwigo user. So Piwigo and server logins are the same. I can just add them to the header, but in this case, every Piwigo NG users will send their username/password in the header for every requests, even if they don't use HTTP Authorization...

@lairdm
Copy link

lairdm commented Jun 3, 2023

I'd love to +1 this feature as well. The old PiwigoClient app had an HTTP Basic Auth feature which was great for protecting an album behind some basic authentication. Now with PiwigoClient discontinued by the developer, sadly my wife and I can't migrated to Piwigo NG without this functionality.

As for you you're describing above, I think you're misunderstanding something from the web team. We're referring to HTTP basic auth at the web server level, usually in web servers like Apache this is a separate authentication layer not necassarily tied to the application being protected. For example a htpasswd file referred to in the vhost. As the link @onovy posted near the top, it's just the ability to configure adding a header with Authorization: Basic <credentials>

Thanks again for maintaining this new app!

@lairdm
Copy link

lairdm commented Jun 3, 2023

Related to this, here's a stackoverflow talking about how to add a Basic Auth header to requests in Flutter. Thanks!

https://stackoverflow.com/questions/50244416/how-to-pass-basic-auth-credentials-in-api-call-for-a-flutter-mobile-application

@remi-martin
Copy link
Collaborator

Hi, I plan to add an Advanced settings for the login. It will add :

  • Authorize SSL
  • HTTP Authorization
  • And maybe future login specs...

@remi-martin
Copy link
Collaborator

Advanced login settings comming in 2.1.0, soon on Play Store.

@johol
Copy link

johol commented Jul 2, 2023

Hello,
thank you for implementing basic authentication. Login is working, but the images are not shown.
Here some lines from the apache access log

192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "POST /ws.php?format=json&method=pwg.session.login HTTP/1.1" 200 27 "-" "Dart/3.0 (dart:io)"
192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=pwg.session.getStatus HTTP/1.1" 200 374 "-" "Dart/3.0 (dart:io)"
192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=reflection.getMethodList HTTP/1.1" 200 1933 "-" "Dart/3.0 (dart:io)"
192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=reflection.getMethodList HTTP/1.1" 200 1933 "-" "Dart/3.0 (dart:io)"
192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=pwg.categories.getList&cat_id=0&thumbnail_size=medium HTTP/1.1" 200 10147 "-" "Dart/3.0 (dart:io)"
192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/04/18/20230418174002-b27de704-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"
192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2022/08/22/20220822175343-5e8d4587-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"
192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/01/06/20230106212352-74dc05fe-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"
192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/03/30/20230330192756-46b566fd-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"
192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2022/08/21/20220821144929-47b892e5-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"

@mijofa
Copy link

mijofa commented Jul 3, 2023

I've also confirmed this, the API calls do http basic auth properly, but the images themselves are lacking the authentication headers. This applies to both rendering in the UI, and hitting the "download" button.

Uploading photos also failed, at first I suspected it might be simply testing it's own upload unable to download that image, but I noticed these 2 lines in the access.log:

redacted:80 192.168.x.x - mike [03/Jul/2023:11:45:41 +1000] "GET /ws.php?format=json&method=pwg.categories.getImages&cat_id=221&order=&per_page=100&page=0 HTTP/1.1" 200 12115 "-" "Dart/3.0 (dart:io)"
redacted:80 192.168.x.x - - [03/Jul/2023:11:45:40 +1000] "POST /ws.php?format=json&method=pwg.images.uploadAsync HTTP/1.1" 401 5590 "-" "-"

Note the POST line does not include the 'mike' username.

I'm not familiar with dart at all, so I might be looking in the completely wrong place, but I think since you are creating a new Dio() object here: https://github.com/Piwigo/piwigo-flutter-app/blob/master/lib/api/upload.dart#L199
That new object doesn't have the the ApiIntercepter being added like the ApiClient one does here: https://github.com/Piwigo/piwigo-flutter-app/blob/master/lib/api/api_client.dart#L14

I think this only helps with the uploads though, I couldn't find the relevant code for rendering the image files.

@remi-martin
Copy link
Collaborator

Right, I see.

Images, upload and maybe download are not using the same service for making requests to the Piwigo server and it's API. The APIInterceptor is used to add informations to the request data like headers and query parameters. I need to add this interceptor to the upload and auto-upload services. Concerning images, I need to mention the headers in the image display component... I might create a new one that will be used everywhere to avoid repetition and confusion.

Expect a fix for the next update.
Thanks for your contribution !

@remi-martin
Copy link
Collaborator

This should be fixed now:

  • Make sure you have Piwigo NG 2.1.0 and above.
  • From login screen, go to Authentication settings.
  • Activate Enable HTTP Basic, and fill the fields.

If you still encounter issues with Basic HTTP Authorization servers and Piwigo NG, please open a new issue.

@mijofa
Copy link

mijofa commented Aug 13, 2023

Not resolved with version 2.2.0, still seeing the exact same symptoms as last time.
API calls do HTTP basic authentication properly, but the images themselves are not rendering.

Not entirely sure how uploading failed last time, but it's failing now after the progress bar progresses to 100% slow enough that I expect it's doing something.
I would expect this issue to fail immediately rather than taking a few moments to progress first.

@emja
Copy link

emja commented Aug 14, 2023

I tested the current version (2.2.0) and seeing no improvement over the previous version; images are not displaying.

@remi-martin
Copy link
Collaborator

Hi, please look at this issue then : no image show on android piwigo_ng app or piwigo

I believe that it is a server configuration issue not related with Piwigo. If it is related with the configuration of your hosting provider, you adopt the hosting provider solution provided here: Piwigo/Piwigo#681

@remi-martin
Copy link
Collaborator

Please, can you provide some server logs of the communication to see which error is given by the server. Also, if you could give me the url of your server it would help a lot.

@mijofa
Copy link

mijofa commented Aug 14, 2023

Hi, please look at this issue then : no image show on android piwigo_ng app or piwigo

I believe that it is a server configuration issue not related with Piwigo. If it is related with the configuration of your hosting provider, you adopt the hosting provider solution provided here: Piwigo/Piwigo#681

Ah, ok, yes, confirmed.
When I configure Piwigo NG to go directly to the Piwigo instance (only works on the local private network) instead of via the web hosting proxy, all works as it should.

So either a bug in my reverse proxy config, or in Piwigo itself, either way not this Android app. Will dig deeper into my configs and sort it out there.
Thanks for the help and pointing me towards that one, wasn't at all clear from the reverse proxy's log that something was amiss, so I didn't even consider that.

@remi-martin
Copy link
Collaborator

No problem, I'm glad it works !

@Catfriend1
Copy link

My images showed with version 2.2.0 but no longer using 2.2.1.

My server prompts for basic auth via nginx. It does this depending on the srcIP address. If I'm on VPN or local Wifi, it skips the basicAuth prompt. This setup worked fine with basicAuth creds set in the app using 2.2.0.

@remi-martin
Copy link
Collaborator

Hi, I added a function to parse and clean images urls in 2.2.1 to prevent modified urls by proxys. I'll revert this in 2.2.2 next week.

@Catfriend1
Copy link

Thanks, no hurry. I went back to 2.2.0 :)

@remi-martin
Copy link
Collaborator

I think you'll not be the only one to have this issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

7 participants