🐛 Bug Report: Cannot set TOTP Security when LDAP is enabled

[zionio]

👟 Reproduction steps

1) download docker-compose.yml 2) enable LDAP (it works) 3) GOTO My Account -> Security -> TOTP, insert current password and press Start

👍 Expected behavior

It should proceed the same way as when ldap is disabled

👎 Actual Behavior

After Start is pressed it always return Error invalid password

📜 Logs

My actual docker-compose.yml (behind reverse proxy)

services:
  pingvin-share:
    image: stonith404/pingvin-share:latest
    restart: unless-stopped
    ports:
      - 8086:3000
    environment:
      - TRUST_PROXY=true
      - BACKEND_PORT=8080
      - API_URL=http://localhost:8080
    volumes:
      - "./data:/opt/app/backend/data"
      - "./images:/opt/app/frontend/public/img"

Logs

The only log found is /var/log/caddy/access.log, piped to jq and pasted here for "readability" ;)

{
  "level": "error",
  "ts": 1732140436.861703,
  "logger": "http.log.access.log0",
  "msg": "handled request",
  "request": {
    "remote_ip": "192.168.160.1",
    "remote_port": "42892",
    "client_ip": "192.168.160.1",
    "proto": "HTTP/1.1",
    "method": "POST",
    "host": "[REDACTED]",
    "uri": "/api/auth/totp/enable",
    "headers": {
      "Sec-Fetch-Site": [
        "same-origin"
      ],
      "Sec-Fetch-Mode": [
        "cors"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br, zstd"
      ],
      "Accept-Language": [
        "it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6,la;q=0.5"
      ],
      "X-Forwarded-Scheme": [
        "https"
      ],
      "Connection": [
        "close"
      ],
      "Content-Length": [
        "30"
      ],
      "Origin": [
        "[REDACTED]"
      ],
      "Priority": [
        "u=1, i"
      ],
      "Referer": [
        "[REDACTED]"
      ],
      "X-Forwarded-For": [
        "192.168.1.88"
      ],
      "X-Real-Ip": [
        "192.168.1.88"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
      ],
      "Sec-Ch-Ua": [
        "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""
      ],
      "Content-Type": [
        "application/json"
      ],
      "X-Forwarded-Proto": [
        "https"
      ],
      "Sec-Ch-Ua-Platform": [
        "\"macOS\""
      ],
      "Accept": [
        "application/json, text/plain, */*"
      ],
      "Sec-Ch-Ua-Mobile": [
        "?0"
      ],
      "Sec-Fetch-Dest": [
        "empty"
      ],
      "Cookie": []
    }
  },
  "bytes_read": 30,
  "user_id": "",
  "duration": 0.264276753,
  "size": 67,
  "status": 403,
  "resp_headers": {
    "X-Powered-By": [
      "Express"
    ],
    "X-Ratelimit-Limit": [
      "100"
    ],
    "Date": [
      "Wed, 20 Nov 2024 22:07:16 GMT"
    ],
    "Content-Type": [
      "application/json; charset=utf-8"
    ],
    "Content-Length": [
      "67"
    ],
    "Server": [
      "Caddy"
    ],
    "X-Ratelimit-Remaining": [
      "99"
    ],
    "X-Ratelimit-Reset": [
      "1"
    ],
    "Etag": [
      "W/\"43-u9cdiVEIQXtoqGdAGUqIUDsSuQA\""
    ]
  }
}

Note

1) Disabling LDAP makes TOTP configuration works fine. 2) inside docker compose logs pingvin-share there are no relevant logs about this error.

Hope this can help, and thank you for pingvin-share :D

[stonith404]

Thanks for reporting. I made a potential fix but I can't test it as I'm not using LDAP. Would you mind to test the stonith404/pingvin-share:development image and let me know if it works now?

[zionio]

Great, it works like a charm now 💪 with stonith404/pingvin-share:development

I have tested enabling and disabling it several times and it works perfectly.

I'll be waiting anxiously this fix for the latest tag :D

Many thanks and great work!!