Revisiting "Remember Me" Feature - Addressing Frequent Sign-Outs with Owncloud

mitchray / ample

A simple web browser client for Ampache

https://ample-player.vercel.app/

GNU Affero General Public License v3.0

63 stars 13 forks source link

Revisiting "Remember Me" Feature - Addressing Frequent Sign-Outs with Owncloud #55

Closed yigitkonur closed 7 months ago

yigitkonur commented 8 months ago

Hey @mitchray,

Following up on issue #44, @rstefko's suggestion to store credentials in local storage or via a configurable file (ample.json.dist) might be a promising solution to the repetitive sign-out problem.

Leveraging a long-lived API password as an opt-in feature could combine usability with security, without storing sensitive information in plaintext. This could alleviate the disruption users face with the current sign-out frequency and enhance overall user experience. (even storing as text on config file is an option for me)

Would it be possible to revisit this approach and consider integrating such a "Remember Me" functionality into Ample?

Thanks for your efforts on making Ampache user-friendly.

Best,

alexdx-ca commented 8 months ago

Hi @mitchray , First of all thank you very much for so cool web interface for Ampache.

It would be very useful to have a possibility to store Username and Password/API key in config file (like ampacheURL variable).

My Ampache server is accessible for public without login and have these in settings:

use_auth = "false"
default_auth_level = "guest"

Maybe a guest user has to be logged in automatically or it should not ask a login at all in this case.

mitchray commented 7 months ago

@yigitkonur @mediadev123 @rstefko

Can you test and report back on whether you remain signed in https://github.com/mitchray/ample/releases/tag/3.0.0-beta.1

rstefko commented 7 months ago

I have problems with this update. It fails to load after login, there is error on XHR call to /json.server.php?action=stats&type=song&filter=recent&limit=1&offset=0&version=6.3.0

{
    "error": {
        "errorCode": "4701",
        "errorAction": "stats",
        "errorType": "system",
        "errorMessage": "Invalid Login - session token missing"
    }
}

mitchray commented 7 months ago

I'm guessing Owncloud doesn't support Ampache Bearer token auth which Ample v3 now uses https://ampache.org/api/#http-header-authentication

My position at this time is that I'm only supporting the 'official' Ampache server and its API, so anyone using this with Owncloud should stick to Ample v2

paulijar commented 7 months ago

I opened the issue https://github.com/owncloud/music/issues/1140 about the bearer token authentication. I don't know yet, if it can be supported on ownCloud Music, but I shall investigate the matter. In the future, feel free to ping me if there are any ownCloud/Nextcloud Music related issues.

paulijar commented 7 months ago

Nextcloud Music v1.11.0 now supports the bearer token authentication. Also a few other problems were fixed to make it compatible with Ample v3.