Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Navidrome Public Authentiation do not work #101

Open
Ju-2006 opened this issue Apr 22, 2023 · 11 comments
Open

Navidrome Public Authentiation do not work #101

Ju-2006 opened this issue Apr 22, 2023 · 11 comments

Comments

@Ju-2006
Copy link

Ju-2006 commented Apr 22, 2023

Hi,

Thank you for this wonderful app and the work you done on it to integrate it with yunohost 👍

On a Yunohost server installed on a VPS, runing other Apps smoothly, I test Navidrome, working well via Yunohost portal or diret url, remove Navidrome to test other apps (Funkwhale and Airsonic-NG) and finally reinstall Navidrome, every thing is working but authentication from client or via public url

Yunohost 11.1.18 (stable)
Navidrome 0.49.3~ynh2
My laptop running Fedora 37 Firefox 112.01
Subsonic on Android 13

Navidrome

  • Installation done and working
  • Discovering of Music done

It work if:

  • I access through Yunohost portail through https://mydomain/yunohost/sso/ with user1/password and click on Navidrome tile, everything is ok, I can see and play music

It don't work if:

  • I try to access to https://mydomain/navidrome, it display the login page but when I authenticate with user1/password getting: "error unauthorized" pop up in red
  • Using DSub on smartphone, with user1/password I get error "Connection failure. Wrong username or password"

Tested with other users, result with the same errors

Group "Visitors" have permission "Navidrome", try to remove / set again the permission do not change nothing

Remove Navidrome and reinstall do not solve the issue

Hop you can help me
Regards :-)
Julien

@win8linux
Copy link

Can confirm that this issue still persists as of June 2023.

@ericgaspar
Copy link
Member

I think this PR changed authentication to use SSO. If you remove those two lines your should be able to use public auth.

@selfhoster1312
Copy link
Contributor

selfhoster1312 commented Jun 12, 2023

It was working for me and still is, but i haven't updated in a while. I just updated right now and it's broken. I'll investigate. Sorry about this!

EDIT: It was in fact still "working" as explained in the next comment. I just changed my Yunohost user password which did not change the Navidrome database password :)

@selfhoster1312
Copy link
Contributor

selfhoster1312 commented Jun 12, 2023

OK this was indeed a limitation in the PR i proposed upstream.

For context:

  • Navidrome uses its own password database which needs to be populated when accounts are created from LDAP or SSO ; so when accessing from SSO the password is populated randomly
  • There is currently no support for extracting the plaintext password from HTTP header, as is currently provided by SSOWat for Yunohost users
  • There is currently no support for authentication from SSO then LDAP if SSO is not populated

What you can do right now:

  • if your account was created from LDAP, you can use your LDAP password to access Navidrome (EDIT: Navidrome does not support LDAP)
  • if your account was created from navidrome admin, it should just work
  • if your account was created from SSO, you can change your account password using anything (including nothing) as "current" password in the password change form

I'll try to see if i can think of something better, but it may require much better auth support from Navidrome. EDIT: Upstream navidrome still does not support LDAP so that's not going to be easy/fast :)

@Ju-2006
Copy link
Author

Ju-2006 commented Jun 12, 2023

OK this was indeed a limitation in the PR i proposed upstream.

For context:

* Navidrome uses its own password database which needs to be populated when accounts are created from LDAP or SSO ; so when accessing from SSO the password is populated randomly

* There is currently no support for extracting the plaintext password from HTTP header, as is currently provided by SSOWat for Yunohost users

* There is currently no support for authentication from SSO _then_ LDAP if SSO is not populated

What you can do right now:

* if your account was created from LDAP, you can use your LDAP password to access Navidrome

* if your account was created from SSO, you can change your account password using anything (including nothing) as "current" password in the password change form

I'll try to see if i can think of something better, but it may require much better auth support from Navidrome. EDIT: Upstream navidrome still does not support LDAP so that's not going to be easy/fast :)

Hi @selfhoster1312

Thank you for the reply,
I was in the LDAP configuration, I changed my password and it just work like that \o/
It's very nice :-)

Have a great day 👍

@selfhoster1312
Copy link
Contributor

Hey, great everything is good for you !

I was in the LDAP configuration, I changed my password and it just work like that \o/

Sorry i'm not sure i get it. Changing your LDAP password should not affect Navidrome. Did you mean you changed the navidrome password from the webUI after logging in via Yunohost SSO?

@Ju-2006
Copy link
Author

Ju-2006 commented Jun 13, 2023

Yes that's it, I changed the navidrome password from the webUI (sorry for the missinginformations)

@dramborleg
Copy link
Contributor

It might be convenient if this were mentioned somewhere on the app's configuration page in the yunohost management tool. Right now there's a section explaining where the media files are expected to be stored as well as how to change it, so that might be a good place to make note of this so it's more clear to future users.

Would be happy to make a PR myself at some point if it's something that the maintainers wouldn't be opposed to merging.

@ericgaspar
Copy link
Member

If relevant, PR are welcome

@Chevrah
Copy link

Chevrah commented Feb 29, 2024

I just reinstalled navidrome, with a clean database.

Logged in with SSO, how do I make this user an admin that can add more public authentication users?

@Chevrah
Copy link

Chevrah commented Feb 29, 2024

NVM figured I need to go on first install to /navidrome/app/#/login was not clear in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants