boinc icon indicating copy to clipboard operation
boinc copied to clipboard
verified publisher icon BOINC

Unable to Log in to Account managers via weak/main account keys on Android Devices

Open MrGrappleMan opened this issue 10 months ago • 4 comments

Describe the bug

Attempting to log in to any account manager using a weak or main account key fails on Android devices. The issue occurs when trying to authenticate through BOINC’s account manager system.

Steps to reproduce

  1. Open the BOINC client on an Android session.
  2. Select "Use account manager"
  3. Use Science United or in fact any other account manager.
  4. Enter the weak/main account key for authentication in "User" field like the desktop versions.
  5. Observe that login fails, as no password is supplied. The manager outright denies a login attempt w/o a password.

Expected behavior

The Android manager should detect that the user is attempting to log in via an account key if no password is input. Like the desktop version, an appropriate request about an account key should be called to the respective server.

Screenshots

No response

System information

OS: Android 14 aarch64 API Level: 34 BOINC version: 8.0.4

Additional context

No response

MrGrappleMan avatar Feb 14 '25 11:02 MrGrappleMan

Account managers aren't BOINC projects; they don't use account keys.

davidpanderson avatar Feb 15 '25 07:02 davidpanderson

Science United, the account manager itself has a page that describes the usage of weak account keys. This works on desktop based distributions and thus, primarily for guest machines. https://scienceunited.org/su_weak_auth.php instructs to perform changes manually in /var/lib/boinc/ to achieve logins without exposure of account details.

Weak or main account key logins apply to both manually added projects and account managers.

MrGrappleMan avatar Feb 15 '25 08:02 MrGrappleMan

Science United does. But not account managers in general.

davidpanderson avatar Feb 15 '25 09:02 davidpanderson

Science United does. But not account managers in general.

Unsure about Gridcoin, GRCPool or whatever the real name of the account manager is, but even BAM has a provision: https://www.boincstats.com/bam/account/

Strangely, in BAM, using the weak authenticator in the username field of the Desktop versions works. Science United requires an email explicitly, forcing the user to follow the unconventional method of manually creating files. I have not tried connecting the PC version of the manager to the Android client, or rooted android and manually adding the appropriate files to BOINC's data directory. The Android client can have the capability to do so, yet is limited by the native manager.

MrGrappleMan avatar Feb 15 '25 09:02 MrGrappleMan