firefly-iii
User ntfy notification forbidden 403
Support guidelines
- [x] I've read the support guidelines
I've found a bug and checked that ...
- [x] ... the documentation does not mention anything about my problem
- [x] ... there are no open or closed issues that are related to my problem
- [x] ... it's definitely a Firefly III issue, not me
Description
Hey James, I was trying to get ntfy notifications working for a user, but it seems it crashes on being forbidden (403). The same credentials and server does work for admin ntfy notification.
I have tried both clicking the test button and testing via real action (eg. creating API token) - same result. It's as if it ignores or doesn't use the credentials, but that's just a wild guess from my end..
Could you please take a look?
Debug information
Debug information generated at 2025-02-05 09:19:27 for Firefly III version v6.2.2.
| System information | |
|---|---|
| Item | Value |
| Firefly III | v6.2.2 / #25 (expects #25) |
| PHP version | 8.4.3 (64bits) / fpm-fcgi / Linux x86_64 |
| BCscale | 12 |
| Error reporting | Display: Off, reporting: ALL errors |
| Max upload | 104857600 (100 MB) |
| Database drivers | *mysql*, pgsql, sqlite, |
| Firefly III information | |
|---|---|
| Item | Value |
| Timezone | Europe/Prague + Europe/Prague |
| App environment | production, debug: false |
| Layout | v1 |
| Logging | info, stack / (empty) |
| Cache driver, session driver | file, file |
| Default language and locale | en_US + equal |
| Trusted proxies | ** |
| Login provider & user guard | eloquent / web |
| Login headers | N/A + N/A |
| Stateful domains | |
| Last cron job | 2025-02-04 23:00:00 (9 hours ago) |
| Mailer | log |
| Exchange rates | Disabled, downloads disabled |
| RB-column | Disabled |
| User-specific information | |
|---|---|
| Item | Value |
| User | #1 of 1 |
| User flags | :credit_card: :wrench: :bookmark_tabs: :email: |
| Native currency | CZK |
| Convert to native currency? | Disabled |
| Session start | 2025-02-01 00:00:00 |
| Session end | 2025-02-28 23:59:59 |
| View range | 1M |
| User language | en_US |
| User locale | en_US |
| Locale(s) supported | en_US.utf8: :white_check_mark: en_US.UTF-8: :white_check_mark: |
| User agent | Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0 |
Expected behaviour
Notification is sent
Steps to reproduce
- configure ntfy user notification with enabled authentification
- trigger action / click testing button
- see what's going on in logs
Additional info
Logs from docker container:
[2025-02-05 09:16:54] production.WARNING: [b] No Pushover token, channel is disabled.
[2025-02-05 09:16:54] production.ERROR: forbidden (error code: 40301, http status: 403)
[2025-02-05 09:16:54] production.ERROR: #0 /var/www/html/vendor/verifiedjoseph/ntfy-php-library/src/Guzzle.php(71): Ntfy\Guzzle->request()
#1 /var/www/html/vendor/verifiedjoseph/ntfy-php-library/src/Client.php(36): Ntfy\Guzzle->post()
#2 /var/www/html/vendor/wijourdil/ntfy-notification-channel/src/Services/NtfySendService.php(26): Ntfy\Client->send()
#3 /var/www/html/vendor/wijourdil/ntfy-notification-channel/src/Channels/NtfyChannel.php(31): Wijourdil\NtfyNotificationChannel\Services\NtfySendService->send()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(148): Wijourdil\NtfyNotificationChannel\Channels\NtfyChannel->send()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(106): Illuminate\Notifications\NotificationSender->sendToNotifiable()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Traits/Localizable.php(19): Illuminate\Notifications\NotificationSender->{closure:Illuminate\Notifications\NotificationSender::sendNow():101}()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(101): Illuminate\Notifications\NotificationSender->withLocale()
#8 /var/www/html/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(79): Illuminate\Notifications\NotificationSender->sendNow()
#9 /var/www/html/vendor/laravel/framework/src/Illuminate/Notifications/ChannelManager.php(39): Illuminate\Notifications\NotificationSender->send()
#10 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(361): Illuminate\Notifications\ChannelManager->send()
#11 /var/www/html/app/Handlers/Events/APIEventHandler.php(50): Illuminate\Support\Facades\Facade::__callStatic()
#12 /var/www/html/vendor/laravel/framework/src/Illuminate/Events/Dispatcher.php(479): FireflyIII\Handlers\Events\APIEventHandler->accessTokenCreated()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Events/Dispatcher.php(287): Illuminate\Events\Dispatcher->{closure:Illuminate\Events\Dispatcher::createClassListener():472}()
#14 /var/www/html/vendor/laravel/framework/src/Illuminate/Events/Dispatcher.php(267): Illuminate\Events\Dispatcher->invokeListeners()
#15 /var/www/html/vendor/laravel/passport/src/Bridge/AccessTokenRepository.php(70): Illuminate\Events\Dispatcher->dispatch()
#16 /var/www/html/vendor/league/oauth2-server/src/Grant/AbstractGrant.php(464): Laravel\Passport\Bridge\AccessTokenRepository->persistNewAccessToken()
#17 /var/www/html/vendor/laravel/passport/src/Bridge/PersonalAccessGrant.php(34): League\OAuth2\Server\Grant\AbstractGrant->issueAccessToken()
#18 /var/www/html/vendor/league/oauth2-server/src/AuthorizationServer.php(201): Laravel\Passport\Bridge\PersonalAccessGrant->respondToAccessTokenRequest()
#19 /var/www/html/vendor/laravel/passport/src/PersonalAccessTokenFactory.php(116): League\OAuth2\Server\AuthorizationServer->respondToAccessTokenRequest()
#20 /var/www/html/vendor/laravel/passport/src/PersonalAccessTokenFactory.php(71): Laravel\Passport\PersonalAccessTokenFactory->dispatchRequestToAuthorizationServer()
#21 /var/www/html/vendor/laravel/passport/src/HasApiTokens.php(66): Laravel\Passport\PersonalAccessTokenFactory->make()
#22 /var/www/html/vendor/laravel/passport/src/Http/Controllers/PersonalAccessTokenController.php(68): FireflyIII\User->createToken()
#23 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(47): Laravel\Passport\Http\Controllers\PersonalAccessTokenController->store()
#24 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(266): Illuminate\Routing\ControllerDispatcher->dispatch()
#25 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(212): Illuminate\Routing\Route->runController()
#26 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(808): Illuminate\Routing\Route->run()
#27 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(170): Illuminate\Routing\Router->{closure:Illuminate\Routing\Router::runRouteWithinStack():807}()
#28 /var/www/html/app/Http/Middleware/Authenticate.php(66): Illuminate\Pipeline\Pipeline->{closure:Illuminate\Pipeline\Pipeline::prepareDestination():168}()
#29 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): FireflyIII\Http\Middleware\Authenticate->handle()
#30 /var/www/html/vendor/laravel/passport/src/Http/Middleware/CreateFreshApiToken.php(63): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#31 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Laravel\Passport\Http\Middleware\CreateFreshApiToken->handle()
#32 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php(67): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#33 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Session\Middleware\AuthenticateSession->handle()
#34 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(88): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#35 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#36 /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#37 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#38 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#39 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#40 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Session\Middleware\StartSession->handle()
#41 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#42 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#43 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(75): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#44 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\Pipeline\Pipeline->then()
#47 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(786): Illuminate\Routing\Router->runRouteWithinStack()
#48 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(750): Illuminate\Routing\Router->runRoute()
#49 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(739): Illuminate\Routing\Router->dispatchToRoute()
#50 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(201): Illuminate\Routing\Router->dispatch()
#51 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(170): Illuminate\Foundation\Http\Kernel->{closure:Illuminate\Foundation\Http\Kernel::dispatchToRouter():198}()
#52 /var/www/html/app/Http/Middleware/InstallationId.php(48): Illuminate\Pipeline\Pipeline->{closure:Illuminate\Pipeline\Pipeline::prepareDestination():168}()
#53 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): FireflyIII\Http\Middleware\InstallationId->handle()
#54 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#55 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Http\Middleware\TrustProxies->handle()
#56 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#57 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#58 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle()
#59 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#60 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#61 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
#62 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#63 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Http\Middleware\ValidatePostSize->handle()
#64 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#65 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#66 /var/www/html/app/Http/Middleware/SecureHeaders.php(53): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#67 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): FireflyIII\Http\Middleware\SecureHeaders->handle()
#68 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\Pipeline\Pipeline->{closure:{closure:Illuminate\Pipeline\Pipeline::carry():184}:185}()
#69 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Pipeline\Pipeline->then()
#70 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#71 /var/www/html/public/index.php(73): Illuminate\Foundation\Http\Kernel->handle()
#72 {main}
I'm having a hard time replicating this, but I know nothing of your setup. I can add some debug info but that's all I can do right now.
I have the same problem when my ntfy docker is set to NTFY_AUTH_DEFAULT_ACCESS=deny-all, after changing to NTFY_AUTH_DEFAULT_ACCESS=read-write it works fine. "Ntfy authentication enabled" was checked and username/password entered in both cases.
I'm going to loop in the creator of the notification channel, @wijourdil. Perhaps they can shed some light on this?
I am using some hacks to make the channel user specific, so perhaps this is not a bug per se.
@Andaxb yeah, this does the trick. Not sure whether setting NTFY_AUTH_DEFAULT_ACCESS to ready-write is the right thing to do, but it works.
Thanks for taking a moment to look at this @JC5 and you're probably right.
We'll see what @wijourdil has to say
I can confirm that having different settings in the user and system settings trigger the behavior. Changing the configuration on System settings fixed the problem for me.
Ok, important addendum. As the OP mentioned, the admin credentials work fine, but the user credentials do not.
@Andaxb yeah, this does the trick. Not sure whether setting NTFY_AUTH_DEFAULT_ACCESS to ready-write is the right thing to do, but it works.
Well, this disables access control to your server. So if someone finds your server url and topic name, they will be able to read and write messages. I would rather wait for a fix than change this setting.
Hi,
I'm also encountering this issue. To understand what's happening, I set up an additional caddy server as a proxy between Firefly and ntfy. Here are my findings, which I hope will be helpful:
First, I confirmed that I have enabled ntfy's authentication settings in Firefly.
Next, here are the caddy logs. From the logs, it's clear that there are absolutely no authentication-related headers.
I'm wondering if it might be better to use a simple HTTP client, such as GuzzleHttp, to directly call the ntfy API?
Hi there!
This is an automatic reply. Share and enjoy
This issue has been marked as fixed. Thanks for reporting! A new version will be released in due time. Unfortunately, I cannot give an estimate, but the roadmap is available for your reading pleasure.
There is no need to close the issue. It will be closed automatically.
Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}