search

lamarios / clipious

Invidious client for android
GNU Affero General Public License v3.0
965 stars 32 forks source link

Channel page doesn't load when HTTP Basic Auth is active #599

Open kkwpsi opened 1 month ago

kkwpsi commented 1 month ago

Describe the bug In the context of problem ID 598, I did some tests. I created a new user and disabled HTTP Basic Auth on Invidious server. I logged in via Clipious as a new user (cookie). There were no problems loading the channel pages. I loaded at least a few of them. Then I enabled HTTP Basic Auth on Invidious server and cleared the Clipious data and cache. In Clipious I added the same server with login details for HTTP Basic Auth. I logged in as the same user (cookie). In this case I couldn't open the channel pages (see logs below).

That user never logged via token or asking for token.

To Reproduce Steps to reproduce the behavior:

  1. Add new server with HTTP Basic Authetication
  2. Try to load channel page

Expected behavior The channel page should load as if you were connecting to the server without HTTP Basic Auth.

Screenshots none

Smartphone (please complete the following information):

Additional context [INFO] [Service] - 2024-09-21 21:14:39.632724 - calling https://xxxxxxxxxx/api/v1/trending?region=US [INFO] [Service] - 2024-09-21 21:14:39.681168 - Response from GET https://xxxxxxxxxx/api/v1/popular, status: 200 [INFO] [Service] - 2024-09-21 21:14:40.550929 - Response from GET https://xxxxxxxxxx/api/v1/trending?region=US, status: 200 [INFO] [Service] - 2024-09-21 21:15:10.352193 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions [INFO] [Service] - 2024-09-21 21:15:10.515448 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403 [SEVERE] [Service] - 2024-09-21 21:15:10.515827 - Error while calling service: Unexpected char 'B' at line 1, column 1

lamarios commented 1 month ago

I cannot reproduce this one the channel page loads fine on my server with basic auth. Care to share the invidious server version ?

kkwpsi commented 1 month ago

I edited my first post. I confirmed described tests a moment ago.

Clipious' logs without HTTP Auth Basic:

[INFO] [Service] - 2024-09-22 12:50:25.946300 - Response from GET https://xxxxxxxxxx/api/v1/stats, status: 200 [INFO] [Service] - 2024-09-22 12:50:37.477739 - Calling https://xxxxxxxxxx/api/v1/stats [INFO] [Service] - 2024-09-22 12:50:37.732852 - Response from GET https://xxxxxxxxxx/api/v1/stats, status: 200 [INFO] [Service] - 2024-09-22 12:50:37.733287 - calling https://xxxxxxxxxx/api/v1/videos/dQw4w9WgXcQ [INFO] [Service] - 2024-09-22 12:50:40.182016 - Response from GET https://xxxxxxxxxx/api/v1/videos/dQw4w9WgXcQ, status: 200 [INFO] [Service] - 2024-09-22 12:50:40.282060 - calling https://xxxxxxxxxx/api/v1/popular [INFO] [Service] - 2024-09-22 12:50:40.282649 - calling https://xxxxxxxxxx/api/v1/trending?region=US [INFO] [Service] - 2024-09-22 12:50:40.339873 - Response from GET https://xxxxxxxxxx/api/v1/popular, status: 200 [INFO] [Service] - 2024-09-22 12:50:41.012887 - Response from GET https://xxxxxxxxxx/api/v1/trending?region=US, status: 200 [INFO] [Service] - 2024-09-22 12:51:05.171250 - calling https://xxxxxxxxxx/api/v1/videos/1YHDGLqH1VM [INFO] [Service] - 2024-09-22 12:51:06.712490 - Response from GET https://xxxxxxxxxx/api/v1/videos/1YHDGLqH1VM, status: 200 [INFO] [Service] - 2024-09-22 12:51:06.738673 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions [INFO] [Service] - 2024-09-22 12:51:06.739280 - calling https://xxxxxxxxxx/api/v1/auth/playlists [INFO] [Service] - 2024-09-22 12:51:06.784266 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 200 [INFO] [Service] - 2024-09-22 12:51:06.879244 - Response from GET https://xxxxxxxxxx/api/v1/auth/playlists, status: 200

Apache's logs without HTTP Auth Basic:

:443 - - [22/Sep/2024:12:50:38 +0200] "GET /api/v1/stats HTTP/1.1" 200 3672 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:38 +0200] "GET /api/v1/videos/dQw4w9WgXcQ HTTP/1.1" 200 10435 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /api/v1/popular HTTP/1.1" 200 2149 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /api/v1/trending?region=US HTTP/1.1" 200 24994 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /vi/s8H4Eh_C1xo/maxres.jpg HTTP/1.1" 200 74406 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /vi/ibkAdhJxOD4/maxres.jpg HTTP/1.1" 200 80785 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /vi/o9AxTxHDW3U/maxres.jpg HTTP/1.1" 200 101517 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:40 +0200] "GET /vi/4sfN9Jy-obA/maxres.jpg HTTP/1.1" 200 132284 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:41 +0200] "GET /vi/x2Sq6aA5AVU/maxres.jpg HTTP/1.1" 200 183156 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:41 +0200] "GET /vi/pTdpUbrsKDg/maxres.jpg HTTP/1.1" 200 254998 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:41 +0200] "GET /vi/x287j7Vby0U/maxres.jpg HTTP/1.1" 200 144367 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:50:54 +0200] "POST /login?type=invidious HTTP/1.1" 302 3767 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/yEQVQvNq8Sc/maxres.jpg HTTP/1.1" 200 85757 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/jr42N2cGe4Q/maxres.jpg HTTP/1.1" 200 168858 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/ih8xfkayoUI/maxres.jpg HTTP/1.1" 200 89950 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/1YHDGLqH1VM/maxres.jpg HTTP/1.1" 200 51306 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/VtSlZy-vC3o/maxres.jpg HTTP/1.1" 200 182942 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/EN42A4x0CjU/maxres.jpg HTTP/1.1" 200 75979 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/qyP8arCDJk8/maxres.jpg HTTP/1.1" 200 124183 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/RvDsX1fz9EQ/maxres.jpg HTTP/1.1" 200 138448 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/6arK6cCaPGU/maxres.jpg HTTP/1.1" 200 38948 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:01 +0200] "GET /vi/rWjky-ibZIM/maxres.jpg HTTP/1.1" 200 167795 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:02 +0200] "GET /vi/7VPZy_JSKwE/maxres.jpg HTTP/1.1" 200 204494 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:02 +0200] "GET /vi/-jYfC4YYXIw/maxres.jpg HTTP/1.1" 200 59287 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:05 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12964 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:07 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 200 1044 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:07 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 200 3598 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:11 +0200] "GET /vi/Xtgppn5p5Hc/maxres.jpg HTTP/1.1" 200 168508 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:11 +0200] "GET /vi/On1mm8vWJ50/maxres.jpg HTTP/1.1" 200 111243 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:12 +0200] "GET /vi/go2IUgLg-c4/maxres.jpg HTTP/1.1" 200 81667 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:16 +0200] "GET /vi/C8H-k1z9Z7A/maxres.jpg HTTP/1.1" 200 113216 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:17 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 200 3599 "-" "Dart/3.5 (dart:io)" :443 - - [22/Sep/2024:12:51:17 +0200] "GET /api/v1/channels/UCmBA_wu8xGg1OfOkfW13Q0Q HTTP/1.1" 200 6635 "-" "Dart/3.5 (dart:io)"

Clipious' logs with HTTP Auth Basic:

[INFO] [Service] - 2024-09-22 12:57:00.983832 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions [INFO] [Service] - 2024-09-22 12:57:01.120045 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403 [SEVERE] [Service] - 2024-09-22 12:57:01.120327 - Error while calling service: Unexpected char 'B' at line 1, column 1 [INFO] [Service] - 2024-09-22 12:57:11.129668 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions [INFO] [Service] - 2024-09-22 12:57:11.276477 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403 [SEVERE] [Service] - 2024-09-22 12:57:11.276806 - Error while calling service: Unexpected char 'B' at line 1, column 1

Apache's logs with HTTP Auth Basic:

:443 - [22/Sep/2024:12:55:36 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:55:51 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:07 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12961 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:07 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:07 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3226 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:06 +0200] "GET /vi/-jYfC4YYXIw/maxres.jpg HTTP/1.1" 200 61832 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:06 +0200] "GET /vi/Xtgppn5p5Hc/maxres.jpg HTTP/1.1" 200 168443 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:10 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 670 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:22 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12960 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 670 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:58 +0200] "GET /vi/On1mm8vWJ50/maxres.jpg HTTP/1.1" 200 111264 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:57:01 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3224 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:56:59 +0200] "GET /vi/go2IUgLg-c4/maxres.jpg HTTP/1.1" 200 81669 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:57:08 +0200] "GET /vi/C8H-k1z9Z7A/maxres.jpg HTTP/1.1" 200 115771 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:57:09 +0200] "GET /vi/pNE8qgRO_2k/maxres.jpg HTTP/1.1" 200 120821 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:57:09 +0200] "GET /vi/45YegdgOsX0/maxres.jpg HTTP/1.1" 200 143418 "-" "Dart/3.5 (dart:io)" :443 - [22/Sep/2024:12:57:11 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)"
lamarios commented 1 month ago

How did you get this version of invidious ? I pulled images this morning and I am still on 2024.08.26-4782a67

kkwpsi commented 1 month ago

I did 'git pull' && 'make' yesterday. I did this because I wanted to make sure I was testing on the current version of Invidious. But I am sure that this kind of bug also existed on the current official release of Invidious (v2.20240825.2).

lamarios commented 1 month ago

I see. I'm not sure how to reproduce this. Do you use the following parameters on your server ? 

signature_server: inv_sig_helper:12999
visitor_data: CHANGE_ME
po_token: CHANGE_ME

I realized I don't use those.

kkwpsi commented 1 month ago

I don't use these parameters either. I've attached my Invidious configuration. config.txt