search

janeczku / calibre-web

:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GNU General Public License v3.0
12.91k stars 1.38k forks source link

"Unauthorized" when trying to open/download a book with LDAP login and opds #1435

Closed mmguero closed 3 years ago

mmguero commented 4 years ago

Description

To be upfront, I think this is much more likely an issue with either my configuration or Moon+ Reader Pro than calibre-web itself, but I'm hoping that perhaps you or someone here who has had a similar issue could help me resolve it.

I'm using a Docker container of my own creation based on linuxserver/docker-calibre-web. I am using LDAP Login.

I was running into https://github.com/janeczku/calibre-web/issues/1403 up until a few days ago, but your fix has resolved that (for most categories; for some I am still getting the OPDS content error, but that's not the focus of this issue).

Steps to Reproduce

Here's what I'm doing:

  1. In Moon+ Reader Pro, go to Net Library
  2. Add new catalog, click Calibre IP and enter the Calibre server connection information
  3. Supply username and password (in my case, I'm using LDAP Login; I'm able to successfully log in)
  4. The contents of my library are displayed; click any category (e.g., Recently added Books)
  5. Books are listed, click on any book
  6. An "Unauthorized" screen is shown without any other information

I don't see any useful information from my Docker logs. I don't see any useful information via the Calibre-Web GUI display of the calibre-logs, either. I could try to figure out how to increase log verbosity perhaps (?).

Screenshots

Screenshot_20200526-092025 Screenshot_20200526-092043 Screenshot_20200526-092104 Screenshot_20200526-092122 Screenshot_20200526-092126 Screenshot_20200526-092130 Screenshot_20200526-092134

Environment (please complete the following information):

Additional context Access via LDAP Login.

mmguero commented 4 years ago

I turned on DEBUG level logs and access log.

When, in moon reader, I

  1. Open Net Library
  2. Click on Calibre-Web
  3. Click on recently added
  4. Click on a book title and see "Unauthorized"

I see this in access.log

172.16.0.3 - - [2020-05-26 10:56:43] "GET /opds HTTP/1.1" 401 191 0.003845
172.16.0.3 - - [2020-05-26 10:56:43] "GET /opds HTTP/1.1" 401 191 0.007705
172.16.0.3 - - [2020-05-26 10:56:44] "GET /opds HTTP/1.1" 200 4595 0.727163
172.16.0.3 - - [2020-05-26 10:56:44] "GET /opds/osd HTTP/1.1" 401 191 0.005018
172.16.0.3 - - [2020-05-26 10:56:45] "GET /opds/new HTTP/1.1" 401 191 0.008437
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/new HTTP/1.1" 200 76653 0.706223
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/osd HTTP/1.1" 401 191 0.008229
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/cover/2749 HTTP/1.1" 401 191 0.007398
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/cover/2748 HTTP/1.1" 401 191 0.004216
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/cover/2747 HTTP/1.1" 401 191 0.005268
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/cover/2746 HTTP/1.1" 401 191 0.004729
172.16.0.3 - - [2020-05-26 10:56:46] "GET /opds/cover/2745 HTTP/1.1" 401 191 0.003880
172.16.0.3 - - [2020-05-26 10:56:47] "GET /opds/cover/2749 HTTP/1.1" 401 191 0.009908

I see several of these in the debug log for the same time frame:

[2020-05-26 10:56:43,380] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:43,434] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:44,231] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:45,595] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,524] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,560] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,573] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,588] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,599] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:46,610] DEBUG {cps:369} Got a request without auth data
[2020-05-26 10:56:47,960] DEBUG {cps:369} Got a request without auth data
OzzieIsaacs commented 4 years ago

I have to take a look at it. There are two possibilities, moon reader forgets to send the credentials (some of the opds reader tend to do this, especially for cover downloads), or Calibre-Web isn't handling the credentials properly (the message you see could point to this) The message isn't created by calibre-web itself, but from some of the underlying imports.

OzzieIsaacs commented 4 years ago

Thanks for all the information. I think they give me a good starting point for what to look after.

mmguero commented 4 years ago

Hey, I thought of one more thing: I tried disabling LDAP login in favor of using the standard login mechanism. I get the same results, however, instead of "Unauthorized" the error message is "Could not verify your access level for that URL. You have to login with proper credentials"

I hope that is helpful.

mmguero commented 4 years ago

Also, FWIW I did just try it with fbreader instead and everything worked fine. So it may be there's not much you can do.

OzzieIsaacs commented 4 years ago

My wiki states that moon reader had problems with covers: https://github.com/janeczku/calibre-web/wiki/FAQ#which-opds-readers-work-with-calibre-web One question: Which version of moon reader are you using? (the newest one, 5.2.9?)

mmguero commented 4 years ago

Yes, I am using v5.2.9. Updated last week, I think.

mmguero commented 4 years ago

Ah, I see the note about anonymous browsing. With my current setup I'm not inclined to enable anonymous browsing. However, a workaround for me could be to use FBReader to download books and have Moon+ Reader automatically import books from FBReader's download folder (as I prefer Moon+ Reader for the actual reading, but I don't really care if I have to use fbreader as just a catalog/download utility). That's not a huge burden.

cbartondock commented 4 years ago

This is still an issue with Moon Reader + and it looks to also be an issue with fbReader also in the newest versions. I get a 401 response when trying to view covers and either a 401 or a 403 when trying to download books (the 403 looks to be coming from calibre-web, and yes my user is authorized to download books).

Capture

cbartondock commented 4 years ago

I have also confirmed that this probably is an issue with Calibre Web rather than the app on the other side, since using the OPDS feed from Calibre Server works fine in any of the aforementioned apps.

tmechen commented 3 years ago

i think this might not only be a problem with moonreader.
im encountering the same problem with kyreader3 on ios.
adding opds library works like a charm, i can browse the books and see all covers.
but once i try to download a book (with a user with download rights) i am seeing 403 forbidden

both in the app
image

and in the access logs: image

whats even more strange:
trying to reproduce this with my browser, i can download the epub without problems (login with the same user, following the opds link)

image

ima look into the packages and update further

edit
first finding:

edit2
uhm... im pretty sure my problem is basic_auth through the nginx reverse proxy in front of the calibre-web server...

edit3 https://github.com/janeczku/calibre-web/issues/1661#issuecomment-707901376

OzzieIsaacs commented 3 years ago

Sorry for the late reply, I can now reproduce it in combination with ldap login, without ldap login everything works fine

OzzieIsaacs commented 3 years ago

Okay, I think I could fix it: 3 prerequisites had to be fullfilled:

cbartondock commented 3 years ago

Are you saying this is fixed? I would love to not be running CalibreServer at the same time as CalibreWeb, which was my solution to this issue.

OzzieIsaacs commented 3 years ago

Yes it‘s fixed and getting tested for staying fixed

cbartondock commented 3 years ago

Woohoo! Thanks for all your hard work man.

Daniel15 commented 3 years ago

My wiki states that moon reader had problems with covers: janeczku/calibre-web/wiki/FAQ#which-opds-readers-work-with-calibre-web

@OzzieIsaacs Sorry for bumping an old thread, but this issue is still one of the top results in Google for "Calibre-web Moon+ Reader cover not loading"

Like @mmguero, I didn't want to enable anonymous browsing. I worked around this issue with Moon+ Reader by getting my Nginx reverse proxy to send a hard-coded Authorization header for URLs under /opds/cover/, so that Calibre-Web thinks a username and password was entered, essentially only allowing anonmous access to covers, not to all of Calibre-Web. I added a new user in Calibre-Web with all permissions disabled, then added a block in my Nginx config for /odps/cover/ with a line like this:

proxy_set_header Authorization "Basic YW5vbmNvdmVyczpoZWxsb3dvcmxk==";

where YW5vbmNvdmVyczpoZWxsb3dvcmxk is username:password encoded as Base64 (username anoncovers, password helloworld in this example)

For example, for LinuxServer.io's calibre-web.subfolder Nginx config, I added this block at the end:

location ^~ /calibre-web/opds/cover/ {
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app calibre-web;
    set $upstream_port 8083;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    proxy_set_header X-Scheme $scheme; 
    proxy_set_header X-Script-Name /calibre-web;
    proxy_set_header Authorization "Basic YW5vbmNvdmVyczpoZWxsb3dvcmxk==";
}

(with the correct username and password of course).

Is it OK if I document this in the FAQ?