Add support for apache_authentication aka HTTP Authorization #73
Comments
|
Hi, thanks for the feedback. I'm not sure if anything can be done for this issue, see flutter doc. I have already enabled cleartextTraffic for android... |
|
Hi remi, But i'm not talking about HTTP / HTTPS. I'm using HTTPS, but with HTTP Authorization, see: It's apache_authentication option in Piwigo config. |
|
Oh sorry, I'll check what I can do for that |
|
I can imagine this:
With apache_authentication=true you should not call pwg.session.login (I guess?). Thanks. |
|
It's been over a year, any progress? 2-3yrs if we consider this one from the old codebase. cheers! |
|
I think that adding an "Advanced connection settings" on login would help for this issue. |
|
Are there any news about this issue? |
|
Hi, I need to find a way to catch this issue when we try to log in so that I can ask for the http password. For now, I don't know how to do it... |
|
Hi, you need to catch HTTP status code 401 as I explained before |
|
I need to be sure 401 cannot be thrown by other errors |
|
401 means "unauthorized", even if it is thrown by other errors, the client should be prompting for authentication details regardless, as that is what 401 means. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401 You might be getting it a bit mixed up with 403, which is "forbidden", and should not prompt for login details as that means authentication was successfull, the user just doesn't have permission to access that resource. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403 Here's a complete list of HTTP status codes in case others are relevant: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status |
|
Yes this works right if I add an "Advanced login settings" tab, but in this case I don't need to catch the error, the user can add its parameters before login. I also got details from the website team: HTTP Authorization logins always corresponds to a Piwigo user. So Piwigo and server logins are the same. I can just add them to the header, but in this case, every Piwigo NG users will send their username/password in the header for every requests, even if they don't use HTTP Authorization... |
|
I'd love to +1 this feature as well. The old PiwigoClient app had an HTTP Basic Auth feature which was great for protecting an album behind some basic authentication. Now with PiwigoClient discontinued by the developer, sadly my wife and I can't migrated to Piwigo NG without this functionality. As for you you're describing above, I think you're misunderstanding something from the web team. We're referring to HTTP basic auth at the web server level, usually in web servers like Apache this is a separate authentication layer not necassarily tied to the application being protected. For example a htpasswd file referred to in the vhost. As the link @onovy posted near the top, it's just the ability to configure adding a header with Thanks again for maintaining this new app! |
|
Related to this, here's a stackoverflow talking about how to add a Basic Auth header to requests in Flutter. Thanks! |
|
Hi, I plan to add an Advanced settings for the login. It will add :
|
|
Advanced login settings comming in 2.1.0, soon on Play Store. |
|
Hello, 192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "POST /ws.php?format=json&method=pwg.session.login HTTP/1.1" 200 27 "-" "Dart/3.0 (dart:io)" |
|
I've also confirmed this, the API calls do http basic auth properly, but the images themselves are lacking the authentication headers. This applies to both rendering in the UI, and hitting the "download" button. Uploading photos also failed, at first I suspected it might be simply testing it's own upload unable to download that image, but I noticed these 2 lines in the access.log: Note the POST line does not include the 'mike' username. I'm not familiar with dart at all, so I might be looking in the completely wrong place, but I think since you are creating a new Dio() object here: https://github.com/Piwigo/piwigo-flutter-app/blob/master/lib/api/upload.dart#L199 I think this only helps with the uploads though, I couldn't find the relevant code for rendering the image files. |
|
Right, I see. Images, upload and maybe download are not using the same service for making requests to the Piwigo server and it's API. The APIInterceptor is used to add informations to the request data like headers and query parameters. I need to add this interceptor to the upload and auto-upload services. Concerning images, I need to mention the headers in the image display component... I might create a new one that will be used everywhere to avoid repetition and confusion. Expect a fix for the next update. |
|
This should be fixed now:
If you still encounter issues with Basic HTTP Authorization servers and Piwigo NG, please open a new issue. |
|
Not resolved with version 2.2.0, still seeing the exact same symptoms as last time. Not entirely sure how uploading failed last time, but it's failing now after the progress bar progresses to 100% slow enough that I expect it's doing something. |
|
I tested the current version (2.2.0) and seeing no improvement over the previous version; images are not displaying. |
|
Hi, please look at this issue then : no image show on android piwigo_ng app or piwigo
|
|
Please, can you provide some server logs of the communication to see which error is given by the server. Also, if you could give me the url of your server it would help a lot. |
Ah, ok, yes, confirmed. So either a bug in my reverse proxy config, or in Piwigo itself, either way not this Android app. Will dig deeper into my configs and sort it out there. |
|
No problem, I'm glad it works ! |
|
My images showed with version 2.2.0 but no longer using 2.2.1. My server prompts for basic auth via nginx. It does this depending on the srcIP address. If I'm on VPN or local Wifi, it skips the basicAuth prompt. This setup worked fine with basicAuth creds set in the app using 2.2.0. |
|
Hi, I added a function to parse and clean images urls in 2.2.1 to prevent modified urls by proxys. I'll revert this in 2.2.2 next week. |
|
Thanks, no hurry. I went back to 2.2.0 :) |
|
I think you'll not be the only one to have this issue... |
It's not possible to use this app with apache_authentication=true aka HTTP Authorization.
Thanks for fixing.
The text was updated successfully, but these errors were encountered: