Closed onovy closed 1 year ago
Hi, thanks for the feedback.
I'm not sure if anything can be done for this issue, see flutter doc.
I have already enabled cleartextTraffic for android...
Hi remi,
But i'm not talking about HTTP / HTTPS. I'm using HTTPS, but with HTTP Authorization, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
It's apache_authentication option in Piwigo config.
Oh sorry, I'll check what I can do for that
I can imagine this:
With apache_authentication=true you should not call pwg.session.login (I guess?).
Thanks.
It's been over a year, any progress? 2-3yrs if we consider this one from the old codebase.
cheers!
I think that adding an "Advanced connection settings" on login would help for this issue.
Are there any news about this issue?
Hi, I need to find a way to catch this issue when we try to log in so that I can ask for the http password. For now, I don't know how to do it...
Hi, you need to catch HTTP status code 401 as I explained before
I need to be sure 401 cannot be thrown by other errors
401 means "unauthorized", even if it is thrown by other errors, the client should be prompting for authentication details regardless, as that is what 401 means. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
You might be getting it a bit mixed up with 403, which is "forbidden", and should not prompt for login details as that means authentication was successfull, the user just doesn't have permission to access that resource. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403
Here's a complete list of HTTP status codes in case others are relevant: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
Yes this works right if I add an "Advanced login settings" tab, but in this case I don't need to catch the error, the user can add its parameters before login.
I also got details from the website team: HTTP Authorization logins always corresponds to a Piwigo user. So Piwigo and server logins are the same. I can just add them to the header, but in this case, every Piwigo NG users will send their username/password in the header for every requests, even if they don't use HTTP Authorization...
I'd love to +1 this feature as well. The old PiwigoClient app had an HTTP Basic Auth feature which was great for protecting an album behind some basic authentication. Now with PiwigoClient discontinued by the developer, sadly my wife and I can't migrated to Piwigo NG without this functionality.
As for you you're describing above, I think you're misunderstanding something from the web team. We're referring to HTTP basic auth at the web server level, usually in web servers like Apache this is a separate authentication layer not necassarily tied to the application being protected. For example a htpasswd file referred to in the vhost. As the link @onovy posted near the top, it's just the ability to configure adding a header with Authorization: Basic <credentials>
Thanks again for maintaining this new app!
Related to this, here's a stackoverflow talking about how to add a Basic Auth header to requests in Flutter. Thanks!
Hi, I plan to add an Advanced settings for the login. It will add :
Advanced login settings comming in 2.1.0, soon on Play Store.
Hello, thank you for implementing basic authentication. Login is working, but the images are not shown. Here some lines from the apache access log
192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "POST /ws.php?format=json&method=pwg.session.login HTTP/1.1" 200 27 "-" "Dart/3.0 (dart:io)" 192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=pwg.session.getStatus HTTP/1.1" 200 374 "-" "Dart/3.0 (dart:io)" 192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=reflection.getMethodList HTTP/1.1" 200 1933 "-" "Dart/3.0 (dart:io)" 192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=reflection.getMethodList HTTP/1.1" 200 1933 "-" "Dart/3.0 (dart:io)" 192.168.x.x - testuser [02/Jul/2023:15:54:07 +0200] "GET /ws.php?format=json&method=pwg.categories.getList&cat_id=0&thumbnail_size=medium HTTP/1.1" 200 10147 "-" "Dart/3.0 (dart:io)" 192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/04/18/20230418174002-b27de704-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)" 192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2022/08/22/20220822175343-5e8d4587-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)" 192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/01/06/20230106212352-74dc05fe-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)" 192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2023/03/30/20230330192756-46b566fd-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)" 192.168.x.x - - [02/Jul/2023:15:54:07 +0200] "GET /i.php?/upload/2022/08/21/20220821144929-47b892e5-me.jpg HTTP/1.1" 401 413 "-" "Dart/3.0 (dart:io)"
I've also confirmed this, the API calls do http basic auth properly, but the images themselves are lacking the authentication headers. This applies to both rendering in the UI, and hitting the "download" button.
Uploading photos also failed, at first I suspected it might be simply testing it's own upload unable to download that image, but I noticed these 2 lines in the access.log:
redacted:80 192.168.x.x - mike [03/Jul/2023:11:45:41 +1000] "GET /ws.php?format=json&method=pwg.categories.getImages&cat_id=221&order=&per_page=100&page=0 HTTP/1.1" 200 12115 "-" "Dart/3.0 (dart:io)"
redacted:80 192.168.x.x - - [03/Jul/2023:11:45:40 +1000] "POST /ws.php?format=json&method=pwg.images.uploadAsync HTTP/1.1" 401 5590 "-" "-"
Note the POST line does not include the 'mike' username.
I'm not familiar with dart at all, so I might be looking in the completely wrong place, but I think since you are creating a new Dio() object here: https://github.com/Piwigo/piwigo-flutter-app/blob/master/lib/api/upload.dart#L199 That new object doesn't have the the ApiIntercepter being added like the ApiClient one does here: https://github.com/Piwigo/piwigo-flutter-app/blob/master/lib/api/api_client.dart#L14
I think this only helps with the uploads though, I couldn't find the relevant code for rendering the image files.
Right, I see.
Images, upload and maybe download are not using the same service for making requests to the Piwigo server and it's API. The APIInterceptor is used to add informations to the request data like headers and query parameters. I need to add this interceptor to the upload and auto-upload services. Concerning images, I need to mention the headers in the image display component... I might create a new one that will be used everywhere to avoid repetition and confusion.
Expect a fix for the next update. Thanks for your contribution !
This should be fixed now:
If you still encounter issues with Basic HTTP Authorization servers and Piwigo NG, please open a new issue.
Not resolved with version 2.2.0, still seeing the exact same symptoms as last time. API calls do HTTP basic authentication properly, but the images themselves are not rendering.
Not entirely sure how uploading failed last time, but it's failing now after the progress bar progresses to 100% slow enough that I expect it's doing something. I would expect this issue to fail immediately rather than taking a few moments to progress first.
I tested the current version (2.2.0) and seeing no improvement over the previous version; images are not displaying.
Hi, please look at this issue then : no image show on android piwigo_ng app or piwigo
I believe that it is a server configuration issue not related with Piwigo. If it is related with the configuration of your hosting provider, you adopt the hosting provider solution provided here: https://github.com/Piwigo/Piwigo/issues/681
Please, can you provide some server logs of the communication to see which error is given by the server. Also, if you could give me the url of your server it would help a lot.
Hi, please look at this issue then : no image show on android piwigo_ng app or piwigo
I believe that it is a server configuration issue not related with Piwigo. If it is related with the configuration of your hosting provider, you adopt the hosting provider solution provided here: Piwigo/Piwigo#681
Ah, ok, yes, confirmed. When I configure Piwigo NG to go directly to the Piwigo instance (only works on the local private network) instead of via the web hosting proxy, all works as it should.
So either a bug in my reverse proxy config, or in Piwigo itself, either way not this Android app. Will dig deeper into my configs and sort it out there. Thanks for the help and pointing me towards that one, wasn't at all clear from the reverse proxy's log that something was amiss, so I didn't even consider that.
No problem, I'm glad it works !
My images showed with version 2.2.0 but no longer using 2.2.1.
My server prompts for basic auth via nginx. It does this depending on the srcIP address. If I'm on VPN or local Wifi, it skips the basicAuth prompt. This setup worked fine with basicAuth creds set in the app using 2.2.0.
Hi, I added a function to parse and clean images urls in 2.2.1 to prevent modified urls by proxys. I'll revert this in 2.2.2 next week.
Thanks, no hurry. I went back to 2.2.0 :)
I think you'll not be the only one to have this issue...
It's not possible to use this app with apache_authentication=true aka HTTP Authorization.
Thanks for fixing.