search

victorbalssa / abacus

🟠 Abacus: Firefly III mobile application.
https://apps.apple.com/us/app/1627093491
GNU General Public License v3.0
525 stars 38 forks source link

Bug: Login redirection loop on 404 error #270

Closed csmith1210 closed 3 months ago

csmith1210 commented 4 months ago

Describe the bug I just installed a fresh F3 docker instance and am trying to connect the iOS app to it. Initially, my set up uses Traefik, Authentik with Referrer setup, and Cloudflare tunnel. I was able to get the app to log in with PAT after disabling CF rocket loader and email obfuscation (not sure if this was needed), and adding the api as an unauthenticated path in Authentik. However, the app bugs out and goes into a constant redirection loop to load the home page. I was unable to find any stand out traces in the logs of either traefik, Authentik, or F3. So I then tried to access the server locally without any middle man and I get the same result: constant redirection using PAT or OAuth. I am unable to reproduce this using the F3 demo site.

To Reproduce Steps to reproduce the behavior:

  1. Add new connection to brand new firefly instance
  2. Click log in
  3. ??? Redirects

Expected behavior Log in and display homepage of app

Smartphone (please complete the following information):

Additional context Here’s the urls that the app tried to access. I noticed a previous bug reported for the Android app where the currency was incorrect, but that don’t seem to be the case here.

192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=USD HTTP/1.1" 200 940 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1806 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/currencies/USD/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4043 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1388 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 0 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/about HTTP/1.1" 200 0 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.50.159 - - [29/Apr/2024:02:59:11 -0400] "GET /api/v1/currencies HTTP/1.1" 200 0 "-" "Abacus/0.13.2 CFNetwork/1494.0.7 Darwin/23.4.0"
victorbalssa commented 4 months ago

Hey @csmith1210,

Can you try to connect to https://demo.firefly-iii.org/profile with a PAT?

If you can't, can you send my a screenshot of the error returned by Abacus when clicking Login?

If you can connect to https://demo.firefly-iii.org/profile, it must be something with the your setup, try to disable thing step by step to isolate the issue. (I suspect a missing bypass).

csmith1210 commented 4 months ago

Yeah so I don't have any issue on the demo site with a PAT token. Though I don't know what could be wrong because even setting up the app with the url as the local-ip:port (without any proxy or oauth) still has this redirect behavior. After some time, there is occasionally an error that says "A network error has occurred". Is there any way to grab the logs from the app? This is what the behavior looks like: ezgif com-video-to-gif-converter

victorbalssa commented 4 months ago

It's some kind of redirection issue on the home screen, and since you only have one account, it tries to connect directly to it.

(Something I should probably catch)

Just checking, are you sure that your are running the latest version of FireflyIII?

It must be something that abacus is trying to fetch and can't but the login process is working.

jacobburrell commented 4 months ago

I am having the same issue, just started a firefly instance to try it out.

Here is the debug page of Firefly:

`Debug information generated at 2024-05-06 02:59:28 America/Ensenada for Firefly III version 5.5.13.

Scope Version
Firefly III 5.5.13
Firefly III API 1.5.2
PHP 8.0.8
Host Linux
System info Value
Installation ID cd993252-1f48-4668-b375-f3b3aa2e10e5
Using docker? true
Telemetry false
Layout
System TZ America/Ensenada
Browser TZ America/Tijuana
App environment local
App debug mode false
App cache driver file
App logging info, stack
Display errors Off
Error reporting ALL errors
Interface apache2handler
Default language en_US
Default locale equal
BCscale 24
DB drivers mysql, pgsql, sqlite
Current driver mysql
DB version 16 (exp. 16)
Login provider eloquent
Trusted proxies (.env) **
User info Value
Session start 2024-05-01 00:00:00
Session end 2024-05-31 23:59:59
Session first 2024-04-28 00:00:00
User ID 1
User language en_US
User locale en_US
Attempt at "en_US.utf8" 'en_US.utf8'
Attempt at "en_US.UTF-8" 'en_US.UTF-8'
User agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

`

jacobburrell commented 4 months ago

@victorbalssa Saw your question regarding the latest version and saw I was running an older version that is the default deployment on CapRover that I'm playing around with.

Updating to 6.1.15Firefly III © James Cole, AGPL-3.0-or-later instantly fixed the issue with Abacus.

Probably should catch that or at least warn users to use e.g. 6.0+ version of Firefly.

csmith1210 commented 4 months ago

@jacobburrell Well it was nice to know I wasn’t the only one, but unfortunately I am running 6.1.15 already via docker.

scarm01 commented 4 months ago

Same here, I'm also running 6.1.15

victorbalssa commented 4 months ago

I'm going to remove the redirection loop in the next patch.

It's related to this error catching when any Home screen API call return a 404: https://github.com/victorbalssa/abacus/blob/4c36aa72fcb80c37f03435c594f078417cd7a1fd/src/components/UI/ErrorWidget.tsx#L40-L42

To help me reproduce this behaviour, here is the list you could try to see if any returns a 404 with FireflyIII v6.1.15:

victorbalssa commented 4 months ago

Just thinking of some quick fix, do you have USD currency activated?

scarm01 commented 4 months ago

I had it disabled, I enabled it but I'm still experiencing the same issue. Thank you :)

victorbalssa commented 4 months ago

Another try:

Go to your FireflyIII instance backend here: https://[URL]/preferences.

Under "Home Screen" set a preference for home screen accounts to display.

Click "Save Settings".

scarm01 commented 4 months ago

Thank you, but the problem is still there. I had already set a preferred home screen. I tried also to uncheck all the accounts.

victorbalssa commented 4 months ago

Ok can you share your access.log of FIII instance when the redirection loop happens?

I'm trying to find out where the 404 error comes from.

scarm01 commented 4 months ago 
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1367 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/currencies/EUR/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4008 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1385 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/about HTTP/1.1" 200 1051 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/currencies HTTP/1.1" 200 9599 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=EUR HTTP/1.1" 200 2399 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1367 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/currencies/EUR/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4008 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1385 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/about HTTP/1.1" 200 1051 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=EUR HTTP/1.1" 200 2399 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/currencies HTTP/1.1" 200 9599 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1367 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies/EUR/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4008 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1385 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=EUR HTTP/1.1" 200 2399 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/about HTTP/1.1" 200 1051 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies HTTP/1.1" 200 9599 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1367 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies/EUR/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4008 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1385 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/about HTTP/1.1" 200 1051 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=EUR HTTP/1.1" 200 2399 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies HTTP/1.1" 200 9599 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budgets?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1367 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies/EUR/accounts?type=asset&date=2024-06-30 HTTP/1.1" 200 4008 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/budget-limits?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1385 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/summary/basic?start=2024-04-01&end=2024-06-30&currency_code=EUR HTTP/1.1" 200 2399 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/about HTTP/1.1" 200 1051 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/currencies HTTP/1.1" 200 9599 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/bills?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 1117 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
192.168.1.18 - - [06/May/2024:19:12:34 +0200] "GET /api/v1/insight/expense/category?start=2024-04-01&end=2024-06-30 HTTP/1.1" 200 940 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"
victorbalssa commented 4 months ago

This is really the preference frontPageAccounts that isn't correctly setup.

192.168.1.18 - - [06/May/2024:19:12:33 +0200] "GET /api/v2/preferences/frontPageAccounts HTTP/1.1" 404 1014 "-" "Abacus/0.15.0 CFNetwork/1494.0.7 Darwin/23.4.0"

Can you retry to save just 1 or 2 accounts on the /preferences dashboard(?)

csmith1210 commented 4 months ago

Changing the Homescreen preferences does not have any effect for me either.

/api/v2/preferences/frontPageAccounts gives me a 404 error on my web browser too.

csmith1210 commented 4 months ago

Aha! Going through the preferences API numerically I found that the call should actually be /api/v2/preferences/frontpageAccounts (lower case p) and that returns HTTP 200.

victorbalssa commented 4 months ago

Arf good catch https://github.com/firefly-iii/firefly-iii/commit/6189d24b98b41a9b4d9ef826c050ff5aa93064b8.

I was still on the old version, it's still working for me (no 404) with frontpageAccounts instead of frontPageAccounts.

But we have our answer, I will try/catch this error.

bushvin commented 4 months ago

If any more testing is required, I may be of assistance, as I am experiencing the same issue.

I also have a containerized setup (rootless podman) behind HAProxy.

bushvin commented 4 months ago

I'm going to remove the redirection loop in the next patch.

It's related to this error catching when any Home screen API call return a 404:

https://github.com/victorbalssa/abacus/blob/4c36aa72fcb80c37f03435c594f078417cd7a1fd/src/components/UI/ErrorWidget.tsx#L40-L42

To help me reproduce this behaviour, here is the list you could try to see if any returns a 404 with FireflyIII v6.1.15:

  • /api/v1/currencies

  • /api/v1/about

  • /api/v1/summary/basic

  • /api/v2/preferences/frontPageAccounts

  • /api/v1/currencies/:currentCode/accounts

  • /api/v1/insight/expense/category

  • /api/v1/budgets

  • /api/v1/budget-limits

  • /api/v1/bills

Nonoe of them yield a 404.

My firefly III is v 6.1.15, btw