search

mdouchement / standardfile

Yet Another Standardfile (standardnotes server) Implementation written in Golang
MIT License
80 stars 9 forks source link

invalid login credentials (on registration) #64

Closed cyberb closed 3 years ago

cyberb commented 3 years ago

I am trying to test notes web v3.8.18 against latest sf and I am getting invalid login credentials as soon as I register (I do not even have a chance to enter login/password). Request:

{
 "password":"***",
 "email":"***",
 "ephemeral":false,
 "identifier":"***",
 "pw_nonce":"***",
 "version":"004",
 "origination":
 "registration",
 "created":"1631372134116",
 "api":"20200115"}

Server says:

[401] POST /api/v1/users (326) 7.372964ms
mdouchement commented 3 years ago

Since few months, the Standard Notes team is changing the API and the response format while moving to there new infrastructure. I'm currently working on a branch that tries to implement these daily changes.

cyberb commented 3 years ago

Great, what is the last compatible version I should use for now?

mdouchement commented 3 years ago

api version 20190520 should work

mdouchement commented 3 years ago

Latest release 0.6.8 works. You have to enable registration in configuration file: no_registration: false. This option is used to avoid unwanted users using your server.

cyberb commented 3 years ago

I had this option already disabled, let me test 0.6.8

cyberb commented 3 years ago

same error on 0.6.8 + 3.8.21 no_registration: false notes.server[1625]: [401] POST /api/v1/users (322) 124.23µs

mdouchement commented 3 years ago

It works on macOS with StandardNotes Desktop 3.8.21 and server on 0.6.8. It also works with https://app.standardnotes.org/

   ____    __
  / __/___/ /  ___
 / _// __/ _ \/ _ \
/___/\__/_//_/\___/ v4.5.0
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
                                    O\
⇨ http server started on 127.0.0.1:5000
[200] POST /v1/users (304) 117.132324ms
[200] POST /v1/items (67) 1.013378ms
[200] POST /v1/items (3521) 36.052648ms

I only get this error when registration is disabled:

   ____    __
  / __/___/ /  ___
 / _// __/ _ \/ _ \
/___/\__/_//_/\___/ v4.5.0
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
                                    O\
⇨ http server started on 127.0.0.1:5000
[401] POST /v1/users (304) 141.786µs

which should return a 404 Not Found and not a 401 Unauthorized. I'll fix that later.

Could this issue is due to serving through a socket domain? As Echo is not made for that.

cyberb commented 3 years ago

oh, I have nginx in front of sf and it seems I am not taking /api prefix out:

[401] POST /api/v1/users (326) 7.372964ms

but in that case why is it not 404 already, let me fix that

cyberb commented 3 years ago

removing the /api prefix fixed it!