AuthenticationFailure exception when accessing deluge-web (Deluge 1.2+ server type)

[Exagone313]

Hi,

I'm trying to configure an access to deluge-web 1.3.15, behind an nginx reverse proxy (with TLS and a valid x509 certificate). Although configuration seems correct, I get an AuthenticationFailure exception as shown in the error log (see below).

deluge-web and deluged are installed via the Debian Buster APT repository. The actual package version is 1.3.15-2 (dated as Mon, 31 Jul 2017 20:13:14 -0400 in Debian package changelog).

Transdroid is installed via F-droid, version 2.5.18 (238), built on 2020/06/07.

The Deluge server is configured as follow in Transdroid:

• Server type: Deluge 1.2+
• IP or hostname: domain.example (actually redacted, it's accessible via a private network)
• Deluge web password: deluge (the default password, unchanged)
• Advanced Settings:
  • Port number: 443
  • Disable authentication: checked
  • Folder: /deluge/
  • Use SSL: checked (the x509 certificate is valid)

deluge-web is proxied by nginx using configuration derived from upstream documentation.

Auto-connection is enabled with a default_daemon setting in web.conf and is tested working in a web browser.

The same settings and setup are used for accessing a Transmission server on the same host name (different "folder") without issue. This may leave out ideas regarding the reverse proxy setup.

The error log is as follow:

Transdroid 2.5.18 (238)
Deluge settings: https://domain.example:443/deluge/

Connection and error log:
6792 -- Wed Mar 03 13:21:24 GMT+01:00 2021 -- 3 -- Error: AuthenticationFailure exception: Password error? Server time difference? No (valid) cookie in response and JSON was: {"id": 1, "result": true, "error": null}

6793 -- Wed Mar 03 13:21:24 GMT+01:00 2021 -- 3 -- ConnectionError exception: AuthenticationFailure exception: Password error? Server time difference? No (valid) cookie in response and JSON was: {"id": 1, "result": true, "error": null}

I saw that there are a lot of issues regarding Deluge setup in Transdroid and I carefully checked those before posting this issue, but I'm unable to troubleshoot what is missing. Other issues I found were related to configuration mistakes in Transdroid, a request header issue that got fixed in Transdroid or a reverse proxy configuration mistake (such as SSL errors), but they don't seem to fit my actual issue.

I checked Transdroid source code for when the exception is thrown out, and it seems to check that the Cookie _session_id is sent by deluge-web when logging in. I checked in a web browser and it is sent in the response to the method: "auth.login" XHR request, which is exactly what Transdroid is doing (modulo the id count). Unfortunately, I don't have the time to attach a debugger and start digging more while running Transdroid.

Thanks for your support.

[erickok]

Thanks for the very complete issue. Troubleshooting connection issues remains tricky as Transdroid admittedly never has and still doesn't supply great feedback. In most cases like this - especially when using a reverse proxy - the problem is in setting the right port and path (folder setting). Note that Transdroid doesn't always connect to what you would point your browser too.

So it seems no (valid) cookie is found after sending out the auth call. Sometimes this is becasue of a time difference in the device versus the server. Please check that the time on your server is set correctly (of course there can be a time zoen offset, but they should be correct). Otherwise the returned auth cookie is directly invalid.

Transdroid always append '/json' to the given path, as that's where the Deluge web interface is normally serving its json rpc responses from. Could you connect to the web interface from a (desktop) browser and inspect (using F12 -> Network tab) to see if you have any calls to that /json endpoint? if so, does the url correspond to what you have set up in Transdroid?

[Exagone313]

@erickok I solved my issue by checking my reverse proxy's access log. It was accessing /deluge//json and I guess deluge-web isn't handling this properly. I changed the folder property from /deluge/ to /deluge and it is now working.

Since I got transmission configured with /transmission/, which induces a request to /transmission/rpc, I think there is an overlook in deluge code compared to transmission.

[Exagone313]

It does indeed.

https://github.com/erickok/transdroid/blob/ff790abdaed0e09506b1a5bb44823a4925461d4e/app/src/main/java/org/transdroid/daemon/adapters/transmission/TransmissionAdapter.java#L495-L497

I'm going to submit a pull request with the same handling, but maybe this could be shared code in the future.

[erickok]

Thanks @Exagone313 . And glad it works now.