Glider icon indicating copy to clipboard operation
Glider copied to clipboard
verified publisher icon Mosc

Login issues in Glider app

Open Tintedfireglass opened this issue 3 years ago • 3 comments

After I changed my HN password glider didn't automatically log me out and was throwing up errors like not able to upvote not able to comment, etc. So after logging out when I tried to log back in it says "failed to login"

Screenshot:

https://media.discordapp.net/attachments/799844115344785428/984858954737790976/Screenshot_20220610-220646-861.png

Other info:

Android 11

OS: Linux motorola/hanoip_retailnq/hanoip:11/RRI31.Q1-42-51-12/c157c:user/release-keys 11 - 30

Phone : Motorola g60

App version : latest update from Fdroid v. 1.16.1

Thanks :)

Tintedfireglass avatar Jun 10 '22 16:06 Tintedfireglass

BTW, when I login to HN from web browser it asks me to solve a captcha. I think that is the problem as glider doesn't support it. (just a guess not sure if that's the real reason)

Edit :

Screenshot : https://media.discordapp.net/attachments/799844115344785428/985030709238448249/Screenshot_20220611-093004-845.png

Looks like it's gonna take a while for the captcha to go away..........

Tintedfireglass avatar Jun 10 '22 16:06 Tintedfireglass

Yeah, a CAPTCHA would certainly cause the login to fail. It's likely that the CAPTCHA was shown precisely because it was preceded by several failed requests with your old password. Luckily CAPTCHAs on HN are usually temporary.

So a couple things are going on here. Glider can not detect password changes on the website. What it could do is detect invalid credentials once a request has been made. Annoyingly, HN returns a 200 status code as if everything went fine, but the associated HTML does kind of mention that we are not logged in, so we could use this to trigger a logout. Also, although the app can not show CAPTCHAs, it could perhaps detect whether a login attempt has failed due to presence of a CAPTCHA in the HTML, and at least inform the user properly.

Finally, it might be best to change the way login data is retrieved and stored. Rather than asking for username and password in the app, we could present https://news.ycombinator.com/login to the user and just use the resulting cookie for further communication with HN. That would not only solve the CAPTCHA issue, but also prevent the user from having to trust the app with their password.

Mosc avatar Jun 10 '22 19:06 Mosc

Finally, it might be best to change the way login data is retrieved and stored. Rather than asking for username and password in the app, we could present https://news.ycombinator.com/login to the user and just use the resulting cookie for further communication with HN. That would not only solve the CAPTCHA issue, but also prevent the user from having to trust the app with their password.

Yes, That's a better way to handle password authentication

Tintedfireglass avatar Jun 11 '22 04:06 Tintedfireglass

The proposed structural fix has been implemented as of v2.0.0!

Mosc avatar Oct 23 '23 18:10 Mosc