HTTP authentication support

[pmaziere]

HTTP authentication is currently missing which makes this application useless for anyone hosting its wallabag with privacy in mind

thanks

[tcitworld]

Hi, I guess you want to post this issue on wallabag bug tracker, not on wallabag's android app bug tracker. wallabag v2 should be handled by an OAuth system, I guess we can work something out.

[pmaziere]

not sure I agree here Wallabag is a web service that I choose to protect by an HTTP authentication scheme: from my point of view wallabag does'nt care about how I choose to host it. On the opposite, the android app should offer the possibility to connect to a wallabag instance protected by an HTTP authentication, which, if I did not miss anything, is not the case currently: there are no UI to give an HTTP login/password

If wallabag v2 choose to use an OAuth system, it does not change the fact that I also want to have my wallabag instance protected by an HTTP authentication: from my point of view, these are 2 different authentication levels, OAuth on the application side and HTTP on the networking protocol side

[EtiennePerot]

+1. I don't trust random self-hosted web apps to be secure. I want nginx's auth on top of it for extra safety. tt-rss's Android app for example lets me set the HTTP username/password exactly for this reason.

[tcitworld]

wallabag v2 doesn't support HTTP auth for now, please open a new issue over there if you are still interested with this feature. I close here for now.

[EtiennePerot]

:(

[tcitworld]

This doesn't mean we are closed to the idea, just that we focus on other things for now.

[tcitworld]

HTTP Auth is now available, thanks to @di72nn \o/

[di72nn]

HTTP Auth needs testing. For details see the first comment at #124

[tcitworld]

The latest build is available on Google Play for testers : https://play.google.com/apps/testing/fr.gaulupeau.apps.InThePoche

[nicosomb]

New beta?

On dim., nov. 15, 2015 at 7:24 PM, Thomas Citharel < [email protected] [[email protected]] > wrote: The latest build is available on Google Play for testers : https://play.google.com/apps/testing/fr.gaulupeau.apps.InThePoche [https://play.google.com/apps/testing/fr.gaulupeau.apps.InThePoche]

— Reply to this email directly or view it on GitHub [https://github.com/wallabag/android-app/issues/20#issuecomment-156841505] .[https://github.com/notifications/beacon/AAHcDpaOHrOk7QEOxHQM6QHGVV9gZx-vks5pGMVSgaJpZM4B_tyW.gif]

[tcitworld]

Yup.

[nicosomb]

Not available for me

On dim., nov. 15, 2015 at 7:51 PM, Thomas Citharel < [email protected] [[email protected]] > wrote: Yup.

— Reply to this email directly or view it on GitHub [https://github.com/wallabag/android-app/issues/20#issuecomment-156842933] .[https://github.com/notifications/beacon/AAHcDg-53qPKvBNo2m1afni1oVqGo4qqks5pGMu8gaJpZM4B_tyW.gif]

[tcitworld]

@di72nn It seems HTTP Auth works according to Google Play comments. An user reported using it with Yunohost which uses LDAP auth.

[di72nn]

Nice to hear that.

I've finally decided to test it myself. On my Android 4.4 device: feeds and actions seem to work, but images in articles don't show up. It looks like onReceivedHttpAuthRequest is not invoked for images at all (probably it has something to do with Android 4.4: source). Images in WebView may not work / are not thoroughly tested.

As a workaround for images-problem I suggest to disable HTTP Auth for assets directory (security implications should be considered).

[di72nn]

Tested on Android 4.2.2. Images in articles was not working. PR #153 seems to fix it. On Android 4.4 (and who knows what else?) the problem is not affected by PR: images don't show up.

[tcitworld]

Isn't that's only because the images come from different domains ?

[di72nn]

I tested it only for the images stored on a wallabag server. Any external images should not be affected by HTTP Auth in any way.

[tcitworld]

Right. I'll write something in the documentation about it.