Airsonic / Subsonic login issue

[jfdnet]

Can you support airsonic which is an open source solution forked from subsonic. Here is the info of airsonic-advanced while vanilla Airsonic is stopped developping. https://github.com/airsonic-advanced/airsonic-advanced

[BLeeEZ]

Hi, I can check for that. But airsonic is already working as well as navidrome. They support basic subsonic api so does Amperfy.

[BLeeEZ]

I get a 401 error message which tells me that there are issues with the login system. Amperfy can not authenticate at the subsonic api on the server / can not even reach the api. There should be an issue at airsonic-advanced side.

[flrnns]

Hello,

as you know I would like to use Amperfy with my owncloud/nextcloud music app server, which supports both Ampache and Subsonic.

I can get the connection working using Ampache, but here, the functionality is not given properly (playlists, artist images, etc.)

So I was using Subsonic which worked fine in 1.0.5 but since 1.0.7. I cannot authenticate ("Login failed - Not able to login, please check credentials!"). Using the same credentials, other subsonic clients (e.g. Substreamer) work.

But maybe this helps for this issue, too: They only work, if I select "legacy login system" instead of token-based authentication.

[BLeeEZ]

@jfdnet In this commit 138eee33eb48e5f903afe97d344427a8a3eae200 I removed the check for http status 401. Maybe now your airsonic-advanced connection can work. Could you check this with the Beta v1.0.7(1)?

@flrnns Did it work with Amperfy v1.0.6? In v1.0.7 are no changes regarding subsonic authentication.

[jfdnet]

I’ve just tried and here is the result with all api options I chosen.

URL , user name and password I checked again in safari and all are correct.

By the way It crashed on my first try

Sent from my iPhone

On Oct 14, 2021, at 8:12 PM, Maximilian Bauer @.***> wrote:

 @jfdnet In this commit 138eee3 I removed the check for http status 401. Maybe now your airsonic-advanced connection can work. Could you check this with the Beta v1.0.7(1)?

@flrnns Did it work with Amperfy v1.0.6? In v1.0.7 are no changes regarding subsonic authentication.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[flrnns]

@BLeeEZ never had downloaded 1.0.6, so it could be changes in this version, too

[BLeeEZ]

I did some reading for subsonic advanced: If you go to the Settings->Credentials and hover over the information icon in the "Airsonic Credentials" table you can see the following long text:

Airsonic credentials

Airsonic supports two primary means of its own authentication for clients. Clients can send either the password openly (p), or can send an md5-hash of the password along with the salt (t+s).By default, new passwords are stored in their hashed form, which is secure, cannot be decoded to the original password (non-decodable), and works for the p auth mechanism.For technical reasons, supporting t+smethod, however, requires storing the decodable non-hashed password itself, which may be less secure (especially if stored in an open non-encrypted form).Therefore, store Airsonic passwords in a decodable manner ONLY if your client requires t+s auth to work (store in encrypted manner, such as encrypt-style encoders).It is recommended to migrate all passwords to non-decodable formats (such as bcrypt), and later add a decodable format only if a client does not work.Airsonic credentials cannot be all deleted, otherwise the account will be locked out. You must retain at least one Airsonic credential. If all Airsonic credentials are selected to be deleted, the system will automatically retain the most recently created one.

Amperfy checks for the server API version and then decides what kind of authentication to use. The subsonic-advanced uses as an API which in principle supports (t+s). This is why Amperfy uses this method. I also check the server response to the auth request: So as you described It only works if legacy mode is activated on the client (e.g. Substreamer) or you change the password storage type on the server itself. With that said, if you want to use Amperfy as it is in the current version you need to change the password encryption method on your server. I am thinking in the meantime about a kind of legacy auth mode like in Substreamer.

[flrnns]

Yes, this explains it.

Would be awesome if you could include this, otherwise I will raise this topic with the owncloud/nextcloud music app team.

[jfdnet]

It works now after changed the password encryption method. Thanks!

From: Maximilian @.> Sent: 2021年10月21日 17:07 To: @.> Cc: @.>; @.> Subject: Re: [BLeeEZ/amperfy] Airsonic / Subsonic login issue (#69)

I did some reading for subsonic advanced: If you go to the Settings->Credentials and hover over the information icon in the "Airsonic Credentials" table you can see the following long text:

Airsonic credentials

Airsonic supports two primary means of its own authentication for clients. Clients can send either the password openly (p), or can send an md5-hash of the password along with the salt (t+s).By default, new passwords are stored in their hashed form, which is secure, cannot be decoded to the original password (non-decodable), and works for the p auth mechanism.For technical reasons, supporting t+smethod, however, requires storing the decodable non-hashed password itself, which may be less secure (especially if stored in an open non-encrypted form).Therefore, store Airsonic passwords in a decodable manner ONLY if your client requires t+s auth to work (store in encrypted manner, such as encrypt-style encoders).It is recommended to migrate all passwords to non-decodable formats (such as bcrypt), and later add a decodable format only if a client does not work.Airsonic credentials cannot be all deleted, otherwise the account will be locked out. You must retain at least one Airsonic credential. If all Airsonic credentials are selected to be deleted, the system will automatically retain the most recently created one.

Amperfy checks for the server API version and then decides what kind of authentication to use. The subsonic-advanced uses as an API which in principle supports (t+s). This is why Amperfy uses this method. I also check the server response to the auth request: So as you described It only works if legacy mode is activated on the client (e.g. Substreamer) or you change the password storage type on the server itself. With that said, if you want to use Amperfy as it is in the current version you need to change the password encryption method on your server. I am thinking in the meantime about a kind of legacy auth mode like in Substreamer.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBLeeEZ%2Famperfy%2Fissues%2F69%23issuecomment-948410834&data=04%7C01%7C%7C08fb00d07faf46af710808d994724082%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637704040694711415%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yek8g1fWqW3qHi1qA15cREaeTNzQajAhtpgaTuSuXus%3D&reserved=0, or unsubscribehttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAPF6HL475L5MUEA3AKKL3TUH7J6HANCNFSM5DM7T3YQ&data=04%7C01%7C%7C08fb00d07faf46af710808d994724082%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637704040694721369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zzaX%2FKRMSubChu5DvHqYO%2BgIn2OrizJFD6yL%2FNVf%2B6E%3D&reserved=0.

[BLeeEZ]

Amperfy supports direct subsonic legacy login with this commit: 55e1f5a60a67ea2e2d039f7d0315b1f00a272832 With that subsonic legacy login can be directly choosen in the API menu on the login screen.

@flrnns During this implementation I found the reason for your login issues since 1.0.5. Due to a bug the correct API version detection failed silently. The default API auth system was always used, which is auth with token. This bug is fixed in this commit too. You should now be able to login in with both API options Subsonic and Subsonic legacy.

[flrnns]

Wow, this is great! Can't wait for it to become available

[BLeeEZ]

The new beta is now available (v1.0.7(2)). With that the issues should be fixed. Can you confirm that?

[flrnns]

You are worth your weight in gold! Works like a charm and blazing fast