Navidrome Public Authentiation do not work

[Ju-2006]

Hi,

Thank you for this wonderful app and the work you done on it to integrate it with yunohost :+1:

On a Yunohost server installed on a VPS, runing other Apps smoothly, I test Navidrome, working well via Yunohost portal or diret url, remove Navidrome to test other apps (Funkwhale and Airsonic-NG) and finally reinstall Navidrome, every thing is working but authentication from client or via public url

Yunohost 11.1.18 (stable) Navidrome 0.49.3~ynh2 My laptop running Fedora 37 Firefox 112.01 Subsonic on Android 13

Navidrome

• Installation done and working
• Discovering of Music done

It work if:

• I access through Yunohost portail through https://mydomain/yunohost/sso/ with user1/password and click on Navidrome tile, everything is ok, I can see and play music

It don't work if:

• I try to access to https://mydomain/navidrome, it display the login page but when I authenticate with user1/password getting: "error unauthorized" pop up in red
• Using DSub on smartphone, with user1/password I get error "Connection failure. Wrong username or password"

Tested with other users, result with the same errors

Group "Visitors" have permission "Navidrome", try to remove / set again the permission do not change nothing

Remove Navidrome and reinstall do not solve the issue

Hop you can help me Regards :-) Julien

[win8linux]

Can confirm that this issue still persists as of June 2023.

[ericgaspar]

I think this PR changed authentication to use SSO. If you remove those two lines your should be able to use public auth.

[selfhoster1312]

It was working for me and still is, but i haven't updated in a while. I just updated right now and it's broken. I'll investigate. Sorry about this!

EDIT: It was in fact still "working" as explained in the next comment. I just changed my Yunohost user password which did not change the Navidrome database password :)

[selfhoster1312]

OK this was indeed a limitation in the PR i proposed upstream.

For context:

• Navidrome uses its own password database which needs to be populated when accounts are created from LDAP or SSO ; so when accessing from SSO the password is populated randomly
• There is currently no support for extracting the plaintext password from HTTP header, as is currently provided by SSOWat for Yunohost users
• There is currently no support for authentication from SSO then LDAP if SSO is not populated

What you can do right now:

• if your account was created from LDAP, you can use your LDAP password to access Navidrome (EDIT: Navidrome does not support LDAP)
• if your account was created from navidrome admin, it should just work
• if your account was created from SSO, you can change your account password using anything (including nothing) as "current" password in the password change form

I'll try to see if i can think of something better, but it may require much better auth support from Navidrome. EDIT: Upstream navidrome still does not support LDAP so that's not going to be easy/fast :)

[Ju-2006]

OK this was indeed a limitation in the PR i proposed upstream.

For context:

* Navidrome uses its own password database which needs to be populated when accounts are created from LDAP or SSO ; so when accessing from SSO the password is populated randomly

* There is currently no support for extracting the plaintext password from HTTP header, as is currently provided by SSOWat for Yunohost users

* There is currently no support for authentication from SSO _then_ LDAP if SSO is not populated

What you can do right now:

* if your account was created from LDAP, you can use your LDAP password to access Navidrome

* if your account was created from SSO, you can change your account password using anything (including nothing) as "current" password in the password change form

I'll try to see if i can think of something better, but it may require much better auth support from Navidrome. EDIT: Upstream navidrome still does not support LDAP so that's not going to be easy/fast :)

Hi @selfhoster1312

Thank you for the reply, I was in the LDAP configuration, I changed my password and it just work like that \o/ It's very nice :-)

Have a great day :+1:

[selfhoster1312]

Hey, great everything is good for you !

I was in the LDAP configuration, I changed my password and it just work like that \o/

Sorry i'm not sure i get it. Changing your LDAP password should not affect Navidrome. Did you mean you changed the navidrome password from the webUI after logging in via Yunohost SSO?

[Ju-2006]

Yes that's it, I changed the navidrome password from the webUI (sorry for the missinginformations)

[dramborleg]

It might be convenient if this were mentioned somewhere on the app's configuration page in the yunohost management tool. Right now there's a section explaining where the media files are expected to be stored as well as how to change it, so that might be a good place to make note of this so it's more clear to future users.

Would be happy to make a PR myself at some point if it's something that the maintainers wouldn't be opposed to merging.

[ericgaspar]

If relevant, PR are welcome

[Chevrah]

I just reinstalled navidrome, with a clean database.

Logged in with SSO, how do I make this user an admin that can add more public authentication users?

[Chevrah]

NVM figured I need to go on first install to /navidrome/app/#/login was not clear in the documentation.