Closed BeyondCombustion closed 11 months ago
rystaf
commented
12 months ago Are those links with the extra slash causing you any trouble?
I made an account on lemmy.beyondcombustion.net and didn't have any difficulty logging in at https://old.beyondcombustion.net or https://mlmym.org/lemmy.beyondcombustion.net. But maybe I'm misunderstanding this issue?
BeyondCombustion
commented
12 months ago Hmmm.
I was still trying to determine the cause of the error 400 and understand the issue myself.
I have 2fa enabled for my user, the old.beyondcombustion.net doesn’t ever present a 2fa field. I am copy/pasting my username and password from my password manager into both so I am sure the password is correct.
Any idea what might prevent this awesome front end from being able to tell that my user on my server needs the 2fa to finish authentication?
On Fri, Jul 28, 2023 at 10:44 PM Ryan Stafford @.***> wrote:
Are those links with the extra slash causing you any trouble?
I made an account on lemmy.beyondcombustion.net and didn't have any difficulty logging in at https://old.beyondcombustion.net or https://mlmym.org/lemmy.beyondcombustion.net. But maybe I'm misunderstanding this issue?
— Reply to this email directly, view it on GitHub https://github.com/rystaf/mlmym/issues/58#issuecomment-1656527568, or unsubscribe https://github.com/notifications/unsubscribe-auth/AY6WRF67H5V63DCRJTOC3YDXSR2HFANCNFSM6AAAAAA24FUVBQ . You are receiving this because you authored the thread.Message ID: @.***>
rystaf
commented
12 months ago Ah ok, the 2FA login flow is kinda bad at the moment. If you have 2FA enabled on your account, the first login will fail with the message "400 Bad Request: missing_totp_token", but it will present you with a new login form that includes a "2fa code" field. You'll have to enter your username and password once more and include the 2fa code.
BeyondCombustion
commented
12 months ago I think I saw that in another issue someone previously submitted and closed. That’s a separate, 3rd field that is hidden/not displayed by default to all users. It only shows after initially attempting to login and getting the 400 right?
I’m not having that happen, the old.beyondcombustion.net login page doesn’t change except for showing the error in the upper left side. The login UX doesn’t change for me. (Not home to take a screenshot currently).
That was what made me think it’s an endpoint or some other black magic fuckery I don’t understand (and caused myself) getting in my way.
On Fri, Jul 28, 2023 at 10:59 PM Ryan Stafford @.***> wrote:
Ah ok, the 2FA login flow is kinda bad at the moment. If you have 2FA enabled on your account, the first login will fail with the message "400 Bad Request: missing_totp_token", but it will present you with a new login form that includes a "2fa code" field. You'll have to enter your username and password once more and include the 2fa code.
— Reply to this email directly, view it on GitHub https://github.com/rystaf/mlmym/issues/58#issuecomment-1656530730, or unsubscribe https://github.com/notifications/unsubscribe-auth/AY6WRF23EC6JWXNVXS5N6J3XSR4BBANCNFSM6AAAAAA24FUVBQ . You are receiving this because you authored the thread.Message ID: @.***>
BeyondCombustion
commented
12 months ago Nvm here are some screenshots I can’t get logs easily remote from my phone tho heh.
On Fri, Jul 28, 2023 at 11:04 PM Professional Hand Job < @.***> wrote:
I think I saw that in another issue someone previously submitted and closed. That’s a separate, 3rd field that is hidden/not displayed by default to all users. It only shows after initially attempting to login and getting the 400 right?
I’m not having that happen, the old.beyondcombustion.net login page doesn’t change except for showing the error in the upper left side. The login UX doesn’t change for me. (Not home to take a screenshot currently).
That was what made me think it’s an endpoint or some other black magic fuckery I don’t understand (and caused myself) getting in my way.
On Fri, Jul 28, 2023 at 10:59 PM Ryan Stafford @.***> wrote:
Ah ok, the 2FA login flow is kinda bad at the moment. If you have 2FA enabled on your account, the first login will fail with the message "400 Bad Request: missing_totp_token", but it will present you with a new login form that includes a "2fa code" field. You'll have to enter your username and password once more and include the 2fa code.
— Reply to this email directly, view it on GitHub https://github.com/rystaf/mlmym/issues/58#issuecomment-1656530730, or unsubscribe https://github.com/notifications/unsubscribe-auth/AY6WRF23EC6JWXNVXS5N6J3XSR4BBANCNFSM6AAAAAA24FUVBQ . You are receiving this because you authored the thread.Message ID: @.***>
BeyondCombustion
commented
12 months ago well those didn't come through... but now that i'm home. I looked and I don't currently have 2fa enabled. I must have turned it off troubleshooting when I started messing with this. I can add those screenshots tomorrow, too tired rn lol
BeyondCombustion
commented
11 months ago Not sure what fixed it... I didn't actually have 2fa on (I previously turned it off and forgot, but was still logged in).
So, I enabled it to see if that made a difference with testing and would get either 400 or 401 back when trying to login.
I immediately forgot what system/password manager/somewhere that wasn't syncing that I saved the 2fa and couldn't login all week (was too busy to fuck with the sql).
Got busy, lemmy 0.18.4 came out and a couple updates you've done. Got some free time today and had to remove some spam, found the 2fa code, logged in and removed it earlier. Just went and tried the "old" version of the site running mlmym and everything seems fixed now.
Currently on the following versions of each. I'm able to login, no more 400 or 401 errors with that (depending on if I had got the password correct or not even though the 2fa wasn't checked originally in the GUI when I opened this....)
TL;DR time passed, updates happened, I re-applied and removed 2fa. Now the double // issue is gone and I'm able to login from some combo of all that stuff.
lemmy: 0.18.4 mlmym: 0.0.24
Thanks for your quick response, sorry I left this open for a week.
When hovering over URLs on the old instance, I get urls like
https://old.beyondcombustion.net//c/vaporentswith an extra / between .net and c instead ofhttps://old.beyondcombustion.net/c/vaporentsAdditionally when logging in through the old/mlmym front end I recieve error 400 in mlmym, while on lemmy I get a message that the host name/domain name is not allowed which I think is from the same login action but I can't see anything else in that which shows where the request is coming from.
Not sure what all logs to submit and from what, but it would be cool to get this squared away. It could be an ngnix issue, or ports which aren't open that I wasn't aware needed to be after adding mlmym to the mix (on a separate, rootless docker ubuntu VM from lemmy)