I was super excited to see that Voyager added experimental support for Piefed. I went a created an account on feddit.online, and tried to log in… and got a connection error. No worries, it’s experimental. That was like 5 months ago and it’s still happening and I’m starting to suspect it’s not going to get better on its own. I use a password manager, and it’s saying “connection error” so I feel like it’s probably not bad credentials? Did I choose a bad instance or is this client-side?
Help me here. I’m not an expert. Here is the request going into the server. The error code is 400 (Bad Request)
@x..@x.. 18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664 E....3@.@...............kz.....n........... @x..@x..POST /api/alpha/user/login HTTP/1.1 X-Forwarded-For: 162.120.199.186, 172.70.111.121 X-Forwarded-Proto: https Host: feddit.online Content-Length: 56 accept-language: en-US,en;q=0.5 content-type: application/json accept-encoding: gzip, br cf-ray: 9c85ae25b9720f65-EWR user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1) cdn-loop: cloudflare; loops=1 cf-connecting-ip: 162.120.199.186 cf-ipcountry: US cf-visitor: {"scheme":"https"} cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo {"password":"<hidden>","username":"testuser"} 18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712 E.....@.@.CB.............BO.+Ngj..Vk.......The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox
I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?
I’m grasping at straws.
When I do a curl request to the feddit.online API endpoint I can log in fine. If I use an invalid password I get the expected error message.
rimu@rimu-mate2 ~ $ curl --request POST \ --url https://feddit.online/api/alpha/user/login \ --header 'Content-Type: application/json' \ --data '{ "username": "rimu", "password": "valid password" }' {"jwt":"some gibberish"} rimu@rimu-mate2 ~ $ curl --request POST --url https://feddit.online/api/alpha/user/login --header 'Content-Type: application/json' --data '{ "username": "rimu", "password": "invalid password" }' {"code":400,"message":"incorrect_login","status":"Bad Request"}@rimu@piefed.social
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.
I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?
The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don’t know what was different about those 2 times.
Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.
Pinging @rimu@piefed.social for help as well.
I don’t think the referer is checked at all for api endpoints, so I doubt that is the issue.