Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Reverse proxy header auth still prompts for password #2781

Closed
2 tasks done
slapcat opened this issue May 19, 2024 · 4 comments
Closed
2 tasks done

[Bug]: Reverse proxy header auth still prompts for password #2781

slapcat opened this issue May 19, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@slapcat
Copy link

slapcat commented May 19, 2024

Verified issue does not already exist?

  • I have searched and found no existing issue
  • I will be providing steps how to reproduce the bug (in most cases this will also mean uploading a demo budget file)

What happened?

When using header auth, the web UI still prompts for a password. I'm asked to enter one, but then it will accept any password. Server logs show this when I login:

May 18 16:05:32 actualbudget yarn[832]: Logging in via header
May 18 16:05:32 actualbudget yarn[832]: HEADER VALUE: ************
May 18 16:05:32 actualbudget yarn[832]: Header Auth Login permitted from xx.xx.xx.xx

Header auth has been configured in the src/load-config.js file as the default login method:

let defaultConfig = {
  loginMethod: 'header',

I'm using Apache2 reverse proxy and configured it along the lines of the example here:

  <LocationMatch "/account/login/">
  ProxyPass http://xx.xx.xx.xx:5006/
  ProxyPassReverse http://xx.xx.xx.xx:5006/
  Header add X-ACTUAL-PASSWORD "****"
  RequestHeader set X-ACTUAL-PASSWORD "****"
  </LocationMatch>

  ProxyPass / http://xx.xx.xx.xx:5006/
  ProxyPassReverse / http://xx.xx.xx.xx:5006/

  Header add X-ACTUAL-PASSWORD "****"
  RequestHeader set X-ACTUAL-PASSWORD "****"

I can see the header is correctly added when I am given the password prompt:
image

Where are you hosting Actual?

Locally via Yarn

What browsers are you seeing the problem on?

Firefox, Chrome

Operating System

Linux
@slapcat slapcat added the bug Something isn't working label May 19, 2024
@twk3
Copy link
Contributor

twk3 commented May 20, 2024

@slapcat the changes to support header auth are only in the master branch at the moment. So you need both the master branch of acutal-server AND the master branch of the UI. The server master branch comes with the released version of the UI, and not master, which is likely resulting in the issue you are seeing.

@slapcat
Copy link
Author

slapcat commented May 20, 2024

Thanks for clarifying that @twk3 ! I'm trying to figure out how to use the master branch of the UI with the actual-server, but I'm having trouble finding the common files between the two. Can you share the steps?

@twk3
Copy link
Contributor

twk3 commented May 21, 2024

In the actual checkout, you build the UI using:

  1. yarn install
  2. ./bin/package-browser

Then in the actual-server checkout, you add the UI as a file path based dependency.

  1. yarn add <path-to-actual-checkout/packages/desktop-client

And then running the server like normal should give you the UI that you built

@slapcat
Copy link
Author

slapcat commented May 21, 2024

Thanks! Once I did that the header auth worked as expected.

@slapcat slapcat closed this as completed May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@twk3 @slapcat