Can't login (error 403/401) #1280
Labels
No Label
⌚ Major-release
⌚ Minor-release
⚔️ Wontfix
⚙️ CI
⛏️ Breaking
✨ Duplicate
❌ Invalid
❓ Question
❤️ Support
➡️ Frontport
➡️ Needs-frontport
🔙 Backport
💭 Brainstorming
🐛 Bug
🔭 Cannot-reproduce
🧺 Cleanup
🧾 Confirmed
💬 Discussion
📄 Documentation
🎯 Enhancement
🩹 External-dependecy
📱 F-droid
🎉 Feature
👋 Good-first-issue
🤾 Google-play
🔙 Has-backport
🚀 Improvement
🚨 Investigate
🌠 Long-term
🔙 Needs-backport
🧺 Needs-cleanup
📡 Needs-feedback
📈 Performance
📌 Priority-critical
📌 Priority-high
📍 Priority-low
📍 Priority-medium
🥑 Ready
🪒 Refactor
🔙 Regression
📸 Release
🔒 Security
💡 Suggestion
🧪 Testing
🌐 Translation
💻 UI/UX
🪜 Upstream
🟦 Website
🙇♂️ Needs-help
🛰️ API-dependency
🛡️ Blocked
🏗️ Build
🗒️ Changelog
🗄️ Repository
🗓️ Summary
No Milestone
No project
No Assignees
8 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitnex/GitNex#1280
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
# Describe your matter briefly
When trying to log into my instance, I can't. The application shows a pop up saying "The application has returned an error. Code 403". This is if I try to login with HTTPS. If I try with HTTP, I get the same message, but the code is 401.
The credentials are correct, I get them from my password manager. I can login with the same device using the same credentials to Gitea using my browser, but not with the app.
The instance URL is correct (no protocol prepending it). I have chosen to log in with username and password, and I don't have 2FA enabled.
I have previously used this application on my old phone which was running Android 7.1.2. It worked just fine. After upgrading my phone which now runs Android 13, I'm encountering this issue.
The server itself has not been modified in any way between the transition of these two phones.
The gitea instance is running in a docker container, behind nginx-proxy-manager. The server is only accessible through a VPN, which is ON when trying to log into gitea, and I have verified other applications for other services can access the server just fine.
What did you expect?
I should be able to login to my instance.
Some additional details
If you are copy/pasting from password manager, please type the username and password instead.
For some unknown reasons Android add hidden characters to the password (view it via toggle, sometime space) field from password managers. There was another issue (closed now) sometime ago discussing this.
If that were the case then I shouldn't be able to login with bte browser, but I can. I inspected the password and it seems fine. Nonetheless, I typed it out just in case. Same error.
Do you have a token to try?
To further debug this, I can personally check this if you can send the access details to hello@gitnex.com. That way I can check and confirm where the issue is and what is causing it.
A token did work. Weird.
Sorry but the instance is personal and behind a VPN. I would need to give you access to the VPN and to my account. I think you'll understand if I say I'm not comfortable with that.
I can help you debug tho. Tell me what to try. I'll do my own research if I can think of something of course.
Great to hear that token worked.
I will not conclude on this yet, but I have the feeling this maybe because of the new scopes introduced in 1.20.x to the API. This is fixed in the main branch though (soon in 5.2.0). Weirdly it will allow you to login with the username/password, but with limited access.
No worries, I totally understand that it is a private instance. You can however help with the log (logcat?) retrieved on the phone when accessing the instance with username/password.
But if not possible for different reasons, you can ignore it and as your issue is resolved with toekn, close this issue.
Yes, I can certainly provide a log. How would I do it tho?
The easiest way is to use an app like Logcat Reader. I haven't done this myself, because I use direct debugging on the machine with phone attached. But you can give it a try.
https://play.google.com/store/apps/details?id=com.dp.logcatapp&hl=en_US
That's fine, I can do it with my PC too. I have USB debugging enabled and everything. Just tell me how and I'll post it.
From command line get the device ID
adb devices.To get the device logs
adb -s "DEVICE ID" logcatAnd while that runs I would need to attempt to login with password, right?
I just sent you the log to the email you provided earlier. I won't send it here because I'm not sure if there's sensitive information in there or not.
Yes, received the log via email. I will go through it soon.
I'm facing the same problem. I'm using the same version of gitea and gitnex. The difference is I'm using ipv6 and iis reverse proxy to access my insurance. My domain is git.mamahaha.work, you can register an account to test.
@sangge my ISP does not support ipv6 yet, so I can't browse your instance or check.
I encountered the same issue. Upon checking the backend of gitea, I discovered that the latest Access Token has no permissions at all, whereas the old token used to have all the permissions.
@nriver yea, there is a change in the API. It is updated on the main/5.2.0.
This still would log you in but with limited access.
fyi https://blog.codeberg.org/the-permissions-for-your-scoped-access-tokens-might-change-on-thursday.html
I'm also facing this issue. I log in with password, not token. instance is codeberg. install from fdroid.
I've been using GitNex for months fine. I renamed the base URL path for my Gitea instance and use "/Gitea" now. There didn't appear to be a way to edit the Instance URL when I was logged in, so I logged out and tried to log in again but HTTP and HTTPS both 403, Token 401.
Edit: Yes, I regenerated a new token in Gitea with all permissions to try. Made no difference. I forgot to Titanium Backup. I usually use that and just edit .db files or whatever to fix stuff like this.
Edit: Before anyone asks for an Android log cat, I can't use that damn thing, it's just an unfiltered non-semblance of text. I tried that LogCat Reader and set a tag filter for git, useless info.
Gitea Relevant Log Info:
My username has a period in it. It's always had one and it worked before trying to do this all over again.
It seems that most users have been experiencing this issue recently. I will need to investigate further, conduct tests on my end, and attempt to reproduce this. A fix will be implemented if the issue can be reproduced.
If anyone would like to provide additional details, such as the instance (e.g., Codeberg?), logs (if any) or any other info at hand, please feel free to do so.
To eliminate sanitation as an issue, I created a 'test' user without a period, no go. Password was 'testtest' as well, no-go. GitNex 5.1.0, Gitea 1.20.2.
Thank you for the information. At the time of writing this reply, I have just launched my development environment. I will now proceed to check on Codeberg.
So I tested
username/passandtokenlogins on Codeberg using the current dev (5.2.0) build (which suppose to fix this). I have no issues so far.I have attached the APK for those who want to test and confirm if this works for you. Please uninstall the other version first.
Token 401. Username/Password are now 401.
From the logs, I assume this is your private instance.
By any chance, can you test on Codeberg?
What instance?
On a side note, that dev apk isn't even returning from 'Processing'. Tried codeberg.org (404, immediate) and codeberg.org/gitnex (stuck 'processing'), neither worked.
Edit: Token failed, too.
Are you copy/pasting from some application or typing the username/pass or token?
I figured I should start a new post to keep things clean. Your error handling is so vague that it incorrectly assumes there is a problem with the URL when there isn't. I decided to test Token, first. A breakpoint in
LoginActivity.javaforToasty.error(ctx, getResources().getString(R.string.malformedUrl));quickly found it isn't a malformed URL in any way and that this error is extremely vague and broad, incorrectly informing end-users.It's throwing from
RetrofitClient.java,public static ApiInterface getApiInterface(Context context).((BaseActivity) context).getAccount().getAccount().getInstanceUrl()isnull....However, that too, is incorrect.
.getAccount().getAccount()is what is returningnull.On a side note, you've assumed OTPs are 6 pins and not 7 or 8 as per RFC spec (Gitea is considering aligning with spec to allow for 6-8. Developers can easily edit and implement however they wish.) For future-proofing, allow between
6-8.Edit: An
AccountContextis never created, ever (except during app start, but on a clean GitNex install it will have nothing and is still null later). I put a breakpoint on the constructor and did a refactor to detect when it's created, it's never called duringLoginActivitystuff. *shrug* This is what is causing Token to fail.Edit: You shouldn't trim passwords. Some people's passwords end in spaces.
Edit: By the way, what's the point of allowing us to specify a Token if you're just going to ignore it to create a
gitnex-appToken anyway? ???Edit: Found the issue for Username/Password logins.
createUserToken.addScopesItem("sudo");Removed it, working! I have been using Gitea 1.20.2 and 1.20.3. Perhaps this is relevant: https://docs.gitea.com/next/development/api-usage#sudoEdit: Unable to quickly determine Token failure. I've tried using a created token (named Test) with all permissions and I've also tried using the
gitnex-app-...token with all permissions, both fail with thenullerror for account.Created gitnex/GitNex#1284 to fix 401 as experienced from
sudo. This does not fix any 403, this is purely for the 401 due tosudo.If that is the case, then I can't do much in that. Trim will stay.
Once you use your own created token, no other token is created.
gitnex-apptoken is created with username/password.Once the change is there, GitNex will be updated with it.
Poor behavior for software, locking people out that have spaces on either end.
I meant that you should allow us to specify a name. I worded that poorly.
It hurts nothing to be RFC-compliant, but it's your project. >_>
I'll keep a non-Codeberg fork of this to maintain with patches, I'd rather not be limited by these decisions. I'll provide an APK on-site once I get Actions running.
Same, installed form F-Droid gives 403 with both token and password login .
My instance is codeberg.org .
GitNex version is 5.1.0 .
Only tried on HTTPS .
Compile it and remove that "sudo" permissions (it is wrong and has no place there, it didn't in 1.19 or any version either, it's a header or parameter request only). That'll fix the problem for Username/Password. As for Token, it's just broken. It attempts to access account info that doesn't exist yet. I don't have time right now to track it down.
@baaz GitNex 5.1.1 is available, please update and try.
@mmarif I successfully logged in using an access token. However, the username/password still doesn't work.
I successfully updated and logged in with username password.
You need to mention the Instance version. Any version below 1.19 should work fine, it won't have the incorrect
sudoadded that breaks 1.19+.Edit: On a sidenote, Username/Password don't work with any configuration for codeberg.org (for me). 404.
as already mentioned in this thread, my instance is codeberg.
I will lock this thread now. If
5.2.0once released does not solve your problem, please create a separate issue. Thank you everyone for your time.