transdroid icon indicating copy to clipboard operation
transdroid copied to clipboard

Published 20 hours ago verified publisher icon erickok

add authentication type selection

Open GottZ opened this issue 4 years ago • 2 comments

this is somewhat related to #499

setup: rtorrent + rutorrent nginx reverse proxy with usage of the auth_request module

if the browser has no valid authentication session cookie when surfing to https://rutorrent.home.gottz.de it will be redirected to a login page similar to this: https://login.home.gottz.de/?host=rutorrent.home.gottz.de&path=/

transdroid how ever can only do basic and digest auth

first attempt of solving this from my side: i added parsing of the http Authorization header to my authenticator behind the auth_request directive in nginx i successfully used curl https://foo:[email protected] to get in during testing.

as soon as you set username and password in transdroid, you will not encounter a http auth header inside the http request made by transdroid even if the webserver returns 401.

workaround to make transdroid send the authentication:

error_page 401 = @error401;
location @error401 {
        if ($http_user_agent ~ "Transdroid") {
                more_set_headers 'WWW-Authenticate: Basic realm="such torrent so wow"';
                return 401;
        }
        return 302 https://login.home.gottz.de?host=$host&path=$request_uri;
}

i hereby request support for authentication type selection within the transdroid settings between none, auto, basic, digest and header. (where header can be a custom http header with a token or similar)

why do i worry even after i deployed a workaround for myself? because i doubt i'll be the only person alive to run into this issue. also deploying a useragent comparison feels like dealing with a special snowflake since this is legit the only app i use that i have to do this for.

GottZ avatar Sep 25 '19 11:09 GottZ

While you might not be the only person alive to do this, I have not encountered a single other in the 10 years that Transdroid exists, so at least you are quite unique!

If you say no other app needs such a workaorund, why is this? Because they 'just' act as a web browser? I am not sure how another app that directly targets the SCGI mount point would handle this. Perhaps those other apps use your web browser's cookies to essentially not have to deal with the login part?

erickok avatar Sep 26 '19 09:09 erickok

A custom header support would be useful for my usage too. My qbittorrent instance has auth turned off, and the auth middleware that Traefik uses can pass requests through SSO if I can provide a token somehow. I tried putting it into the IP section as a GET parameter, but that obviously fails. A constant (but editable by the user) token could be sent in every request's header.

gregistech avatar Mar 22 '22 05:03 gregistech