Wrong credentials / no login pop-up

[what-ri]

Hi,

If a user writes wrong credentials, he is re-directed to access forbidden page. If he tries to retry to open the recording, user never gets a login box again - he has to clear his cookies in order for it to appear again.

Is there any way to prompt the script to use the login popup after failed login?

[ichdasich]

I can not reproduce that here (login popup reappears when i enter the wrong credentials, please test): https://bbb.home.aperture-labs.org/playback/presentation/2.0/playback.html?meetingId=0f78a81048ba3453f3fea134924ec4bfdd01eb42-1590186065110

Will take a look later tonight. For that, please let me know which browser you are using.

[what-ri]

Thanks for prompt replies!

It works fine on your instance! I am using Chrome on Win.

[ichdasich]

Ok, than this seems to be a configuration issue on your side. I can reproduce it on your instance. Can you share your nginx configuration?

[what-ri]

edited: nginx config - was not necessary for issue

[ichdasich]

And maybe one of the statements where you enabled auth in /etc/bigbluebutton/nginx/ ?

[what-ri]

This is the podcast config:

    location /podcast {
            root    /var/bigbluebutton/published;
            index  index.html index.htm;
            ### Uncomment the next three lines if you want to use password
            ### authentication (see dedicated files. Create /var/www/htpasswd
            ### as an empty file with 'touch /var/www/htpasswd'.
            # satisfy any;
            # auth_basic "Restricted";
            # auth_basic_user_file "/var/www/htpasswd";
            auth_request /auth;
            error_page 403 /index.html;
    }

SOLVED - create blank htpasswd & uncomment the lines

[ichdasich]

Can you disable these two configs and see if that helps: <------>include /etc/nginx/bots.d/ddos.conf;. <----->include /etc/nginx/bots.d/blockbots.conf;

?

[what-ri]

I commented them out, still getting the same result. However, if i click on Cancel for auth, it will provide 401 nginx page & i will get asked again for credentials, but if i type in the wrong user/pass i will not.

I will try to disable custom error pages & see what happens.

[ichdasich]

Uhm, only saw just now...

            satisfy any;
            auth_basic "Restricted";
            auth_basic_user_file "/var/www/htpasswd";

This must be present, and /var/www/htpasswd must exist (as an empty file). It ensures BBB collects the AUTH_BASIC credentials and puts them into the request headers for the request to auth.

[what-ri]

That was it! Thank you very much!

Drop me your PayPal so i can buy you a coffee! :)

[ichdasich]

I am already being paid for my work to the public. Public servant at a university n stuff. ;-)

If you want to do buy someone a coffee, i suggest one of these institutions (even 2.99 help): https://voedselbankennederland.nl/
https://www.tafel.de/
http://arbeiterkind.de/
https://www.seenotretter.de/wer-wir-sind/

[what-ri]

Consider it done!