paperless-mobile icon indicating copy to clipboard operation
paperless-mobile copied to clipboard
verified publisher icon astubenbord

[Bug]: Login fails when using ENABLE_HTTP_REMOTE_USER and traefik oauth login provider

Open ulbi opened this issue 2 years ago • 4 comments

What happened?

I did setup my Paperless and tried to connect to it. The app finds my server (https://something.com) and when I try to login it returns: "type 'Null' is not a subtype of type 'String'"

Steps to reproduce

  1. Setup paperless on docker

  2. configure paperless with
    PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true" PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_X_FORWARDED_USER

  3. setup the traefik with the webserver # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" # traefik-https the actual router using HTTPS - "traefik.http.routers.paperless-https.rule=Host(something.com`)" - "traefik.http.routers.paperless-https.entrypoints=https" - "traefik.http.routers.paperless-https.tls=true" - "traefik.http.routers.paperless-https.tls.certresolver=myresolver" - "traefik.http.services.paperless.loadbalancer.server.port=8000" - "traefik.http.routers.paperless-https.middlewares=traefik-forward-auth,add-remote-user-header"

     # Custom Header middleware
 - "traefik.http.middlewares.add-remote-user-header.headers.customrequestheaders.HTTP_REMOTE_USER=X-Forwarded-User"        `

  4. start it all up

  5. try to login

Log output from the app

No response

Screenshots

No response

Paperless-ng*x Version

1.17.4

Paperless-Mobile Version

2.3.9

Device

Samsung Galaxy S20

Operating System Version

Android 12

Device Locale

German

Selected Locale

None

Additional Context

No response

ulbi avatar Oct 26 '23 20:10 ulbi

Hi, could you try to login using the latest version (3.1.4)? A lot has changed since 2.3.9. Also, you can check the app logs now or access them from your device's file system and add them to your issue report above.

astubenbord avatar Dec 12 '23 22:12 astubenbord

Hi @astubenbord ,

just gave it a try and entered the MS 365 login details - the resulting log:

2023-12-15 09:18:31.012 DEBUG   --- [      AuthenticationCubit] - restoreSession           : Trying to restore previous session...
2023-12-15 09:18:31.012 DEBUG   --- [      AuthenticationCubit] - restoreSession           : There is nothing to restore.
2023-12-15 09:18:31.015 INFO    --- [                         ] -                          : Setting refresh rate to 60.000003814697266
2023-12-15 09:20:09.110 DEBUG   --- [      AuthenticationCubit] - login                    : Trying to log in unknown@unknown...
2023-12-15 09:20:09.110 DEBUG   --- [      AuthenticationCubit] - _addUser                 : Adding new user unknown@unknown..
2023-12-15 09:20:09.110 DEBUG   --- [      AuthenticationCubit] - _addUser                 : Fetching bearer token from the server...

Which user should I try?

Regards, René

ulbi avatar Dec 15 '23 08:12 ulbi

Same issue when using authelia and HTTP_REMOTE_USER=true setting. Logging in to Paperless NGX webserver itself works fine ( authelia authenicates and user is logged in ). When using paperless mobile it is stuck on the bearer token. Tried to exclude the api url but to no avail. Is there some url I have to exclude as well to bypass authelia for paperless mobile to login succesfully ?

JSM2703 avatar Dec 28 '23 07:12 JSM2703

Solved this one by bypasssing authelia for the api part :

- domain:
    - paperless.DOMAINNAME
  policy: bypass
  resources :
    - '^/api([/?].*)?$'

JSM2703 avatar Jan 03 '24 13:01 JSM2703