Android app login forcing 2FA #111
Comments
|
Hmm.. I am not able to reproduce yet, but I will keep trying. Are you using a reverse proxy like nginx? Are you able to create a test account on the demo site (https://databag.coredb.org) and login with the mobile app there? |
|
I am using a nginx reverse proxy, but I have no problems accessing server through web browser, only on the android app. I just tried making an account at databag.coredb.org. I can access this account through the web browser no problem but when I try to login from app with either "balloons/databag.coredb.org" or with "balloons / databag.coredb.org" I just get "Error please try again" |
|
Sorry for the delay in response. I am seeing an issue with the demo server and not sure if it is related. I hope to have it resolved today. |
|
I resolved my server configuration issue. Can you try and login to the the demo server again? I just tested with fdroid and the login: Sorry for the trouble you are having. |
|
Yes the android app works now for databag.coredb.org, what change did you make to the server configuration? I tried looking through all the documentation for the project and I can't find any information on server configuration settings. I am using the docker installation. Is there a list of environment parameters that can be configured in the docker compose file? |
|
The demo server runs on a manually configured system. My problem was I had pointed the server to a cert without attaching the full cert chain. I also run a similar setup to you for my personal use. Docker + nginx reverse proxy, which hasn't had any issues. There is nothing really to configure when deploying the container. The only variables you can set are for admin password and development mode. Are you able to view the console output of the container? If you see log messages when using the browser, but not the mobile, that suggests the request is being blocked before reaching the container, possible the reverse proxy. If the server returns an HTTP 403 or 405, the client interprets that to mean a login was initiated and the MFA code is required but not provided; the MFA modal then pops up. Is there any special configuration with the reverse proxy around HTTP headers or source IP address that could trigger this? Are you using the mobile app over wifi, on the same network as your PC browser? (random possibility: I found some posts describing 403s from their reverse proxy because their device IP was in a proxy file ip-bans.yml) I am sorry I am not able to reproduce the issue with my local setup. |
|
Your suggestions pointed me in the right direction, Thank you! Problem was the user-agent in the http header is okhttp which my nginx was detecting as a bot, and since I had bot protection on it automatically denied the requests. If I get time over the next couple days I can scan through the code to find out where the okhttp user agent is initialized and make a PR for masking the user agent. Something like below code, here is link to github conversation about it square/okhttp#5399 |
|
Awesome...thank you for solving this! |
I am unable to login to the android app through either the fdroid or google versions of the app. Every time I try to login it asks me for a MFA verification code.
I own a domain name from godaddy this is configured correctly with A records to the IP of my server.
If username = balloons, and domain URL = chat.test.server, my login info is written as "balloons/chat.test.server" and password is correct. If I try the login if like "balloons / chat.test.server" then I just get an "Error Please Try Again".
Multi Factor Authentication is not enabled for the user.
I am successfully able to access my server at its domain name and login through the web browser.
Here are some pictures of what is shown when attempting to login to android app.
The text was updated successfully, but these errors were encountered: