Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Channel page doesn't load when HTTP Basic Auth is active #599

Open
kkwpsi opened this issue Sep 21, 2024 · 6 comments
Open

Channel page doesn't load when HTTP Basic Auth is active #599

kkwpsi opened this issue Sep 21, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@kkwpsi
Copy link

kkwpsi commented Sep 21, 2024

Describe the bug
In the context of problem ID 598, I did some tests.
I created a new user and disabled HTTP Basic Auth on Invidious server. I logged in via Clipious as a new user (cookie). There were no problems loading the channel pages. I loaded at least a few of them.
Then I enabled HTTP Basic Auth on Invidious server and cleared the Clipious data and cache. In Clipious I added the same server with login details for HTTP Basic Auth. I logged in as the same user (cookie). In this case I couldn't open the channel pages (see logs below).

That user never logged via token or asking for token.

To Reproduce
Steps to reproduce the behavior:

  1. Add new server with HTTP Basic Authetication
  2. Try to load channel page

Expected behavior
The channel page should load as if you were connecting to the server without HTTP Basic Auth.

Screenshots
none

Smartphone (please complete the following information):

  • Device: Samsung S23
  • OS: Android 14
  • Version Clipious: 1.21.2
  • Version Invidious: 2024.09.20-a021b930 @ master

Additional context
[INFO] [Service] - 2024-09-21 21:14:39.632724 - calling https://xxxxxxxxxx/api/v1/trending?region=US
[INFO] [Service] - 2024-09-21 21:14:39.681168 - Response from GET https://xxxxxxxxxx/api/v1/popular, status: 200
[INFO] [Service] - 2024-09-21 21:14:40.550929 - Response from GET https://xxxxxxxxxx/api/v1/trending?region=US, status: 200
[INFO] [Service] - 2024-09-21 21:15:10.352193 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions
[INFO] [Service] - 2024-09-21 21:15:10.515448 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403
[SEVERE] [Service] - 2024-09-21 21:15:10.515827 - Error while calling service: Unexpected char 'B' at line 1, column 1

@kkwpsi kkwpsi added the bug Something isn't working label Sep 21, 2024
@lamarios
Copy link
Owner

I cannot reproduce this one the channel page loads fine on my server with basic auth. Care to share the invidious server version ?

@kkwpsi
Copy link
Author

kkwpsi commented Sep 22, 2024

I edited my first post. I confirmed described tests a moment ago.

Clipious' logs without HTTP Auth Basic:

[INFO] [Service] - 2024-09-22 12:50:25.946300 - Response from GET https://xxxxxxxxxx/api/v1/stats, status: 200
[INFO] [Service] - 2024-09-22 12:50:37.477739 - Calling https://xxxxxxxxxx/api/v1/stats
[INFO] [Service] - 2024-09-22 12:50:37.732852 - Response from GET https://xxxxxxxxxx/api/v1/stats, status: 200
[INFO] [Service] - 2024-09-22 12:50:37.733287 - calling https://xxxxxxxxxx/api/v1/videos/dQw4w9WgXcQ
[INFO] [Service] - 2024-09-22 12:50:40.182016 - Response from GET https://xxxxxxxxxx/api/v1/videos/dQw4w9WgXcQ, status: 200
[INFO] [Service] - 2024-09-22 12:50:40.282060 - calling https://xxxxxxxxxx/api/v1/popular
[INFO] [Service] - 2024-09-22 12:50:40.282649 - calling https://xxxxxxxxxx/api/v1/trending?region=US
[INFO] [Service] - 2024-09-22 12:50:40.339873 - Response from GET https://xxxxxxxxxx/api/v1/popular, status: 200
[INFO] [Service] - 2024-09-22 12:50:41.012887 - Response from GET https://xxxxxxxxxx/api/v1/trending?region=US, status: 200
[INFO] [Service] - 2024-09-22 12:51:05.171250 - calling https://xxxxxxxxxx/api/v1/videos/1YHDGLqH1VM
[INFO] [Service] - 2024-09-22 12:51:06.712490 - Response from GET https://xxxxxxxxxx/api/v1/videos/1YHDGLqH1VM, status: 200
[INFO] [Service] - 2024-09-22 12:51:06.738673 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions
[INFO] [Service] - 2024-09-22 12:51:06.739280 - calling https://xxxxxxxxxx/api/v1/auth/playlists
[INFO] [Service] - 2024-09-22 12:51:06.784266 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 200
[INFO] [Service] - 2024-09-22 12:51:06.879244 - Response from GET https://xxxxxxxxxx/api/v1/auth/playlists, status: 200

Apache's logs without HTTP Auth Basic:

<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:38 +0200] "GET /api/v1/stats HTTP/1.1" 200 3672 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:38 +0200] "GET /api/v1/videos/dQw4w9WgXcQ HTTP/1.1" 200 10435 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /api/v1/popular HTTP/1.1" 200 2149 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /api/v1/trending?region=US HTTP/1.1" 200 24994 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /vi/s8H4Eh_C1xo/maxres.jpg HTTP/1.1" 200 74406 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /vi/ibkAdhJxOD4/maxres.jpg HTTP/1.1" 200 80785 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /vi/o9AxTxHDW3U/maxres.jpg HTTP/1.1" 200 101517 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:40 +0200] "GET /vi/4sfN9Jy-obA/maxres.jpg HTTP/1.1" 200 132284 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:41 +0200] "GET /vi/x2Sq6aA5AVU/maxres.jpg HTTP/1.1" 200 183156 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:41 +0200] "GET /vi/pTdpUbrsKDg/maxres.jpg HTTP/1.1" 200 254998 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:41 +0200] "GET /vi/x287j7Vby0U/maxres.jpg HTTP/1.1" 200 144367 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:50:54 +0200] "POST /login?type=invidious HTTP/1.1" 302 3767 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/yEQVQvNq8Sc/maxres.jpg HTTP/1.1" 200 85757 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/jr42N2cGe4Q/maxres.jpg HTTP/1.1" 200 168858 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/ih8xfkayoUI/maxres.jpg HTTP/1.1" 200 89950 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/1YHDGLqH1VM/maxres.jpg HTTP/1.1" 200 51306 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/VtSlZy-vC3o/maxres.jpg HTTP/1.1" 200 182942 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/EN42A4x0CjU/maxres.jpg HTTP/1.1" 200 75979 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/qyP8arCDJk8/maxres.jpg HTTP/1.1" 200 124183 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/RvDsX1fz9EQ/maxres.jpg HTTP/1.1" 200 138448 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/6arK6cCaPGU/maxres.jpg HTTP/1.1" 200 38948 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:01 +0200] "GET /vi/rWjky-ibZIM/maxres.jpg HTTP/1.1" 200 167795 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:02 +0200] "GET /vi/7VPZy_JSKwE/maxres.jpg HTTP/1.1" 200 204494 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:02 +0200] "GET /vi/-jYfC4YYXIw/maxres.jpg HTTP/1.1" 200 59287 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:05 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12964 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:07 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 200 1044 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:07 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 200 3598 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:11 +0200] "GET /vi/Xtgppn5p5Hc/maxres.jpg HTTP/1.1" 200 168508 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:11 +0200] "GET /vi/On1mm8vWJ50/maxres.jpg HTTP/1.1" 200 111243 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:12 +0200] "GET /vi/go2IUgLg-c4/maxres.jpg HTTP/1.1" 200 81667 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:16 +0200] "GET /vi/C8H-k1z9Z7A/maxres.jpg HTTP/1.1" 200 113216 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:17 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 200 3599 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip>- - [22/Sep/2024:12:51:17 +0200] "GET /api/v1/channels/UCmBA_wu8xGg1OfOkfW13Q0Q HTTP/1.1" 200 6635 "-" "Dart/3.5 (dart:io)"

Clipious' logs with HTTP Auth Basic:

[INFO] [Service] - 2024-09-22 12:57:00.983832 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions
[INFO] [Service] - 2024-09-22 12:57:01.120045 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403
[SEVERE] [Service] - 2024-09-22 12:57:01.120327 - Error while calling service: Unexpected char 'B' at line 1, column 1
[INFO] [Service] - 2024-09-22 12:57:11.129668 - calling https://xxxxxxxxxx/api/v1/auth/subscriptions
[INFO] [Service] - 2024-09-22 12:57:11.276477 - Response from GET https://xxxxxxxxxx/api/v1/auth/subscriptions, status: 403
[SEVERE] [Service] - 2024-09-22 12:57:11.276806 - Error while calling service: Unexpected char 'B' at line 1, column 1

Apache's logs with HTTP Auth Basic:

<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:55:36 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:55:51 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:07 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12961 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:07 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:07 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3226 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:06 +0200] "GET /vi/-jYfC4YYXIw/maxres.jpg HTTP/1.1" 200 61832 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:06 +0200] "GET /vi/Xtgppn5p5Hc/maxres.jpg HTTP/1.1" 200 168443 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:10 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 670 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:22 +0200] "GET /api/v1/videos/1YHDGLqH1VM HTTP/1.1" 200 12960 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 670 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/playlists HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:22 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 671 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:58 +0200] "GET /vi/On1mm8vWJ50/maxres.jpg HTTP/1.1" 200 111264 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:57:01 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3224 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:56:59 +0200] "GET /vi/go2IUgLg-c4/maxres.jpg HTTP/1.1" 200 81669 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:57:08 +0200] "GET /vi/C8H-k1z9Z7A/maxres.jpg HTTP/1.1" 200 115771 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:57:09 +0200] "GET /vi/pNE8qgRO_2k/maxres.jpg HTTP/1.1" 200 120821 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:57:09 +0200] "GET /vi/45YegdgOsX0/maxres.jpg HTTP/1.1" 200 143418 "-" "Dart/3.5 (dart:io)"
<my_domain>:443 <my_ip> - <authed_user?> [22/Sep/2024:12:57:11 +0200] "GET /api/v1/auth/subscriptions HTTP/1.1" 403 3225 "-" "Dart/3.5 (dart:io)"

@lamarios
Copy link
Owner

How did you get this version of invidious ? I pulled images this morning and I am still on 2024.08.26-4782a67

@kkwpsi
Copy link
Author

kkwpsi commented Sep 22, 2024

I did 'git pull' && 'make' yesterday. I did this because I wanted to make sure I was testing on the current version of Invidious. But I am sure that this kind of bug also existed on the current official release of Invidious (v2.20240825.2).

@lamarios
Copy link
Owner

I see. I'm not sure how to reproduce this. Do you use the following parameters on your server ?

signature_server: inv_sig_helper:12999
visitor_data: CHANGE_ME
po_token: CHANGE_ME

I realized I don't use those.

@kkwpsi
Copy link
Author

kkwpsi commented Sep 22, 2024

I don't use these parameters either. I've attached my Invidious configuration.
config.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants