Streams on Nostr: Papa Dragon wrote the following post Fri, 08 Sep 2023 16:42:08 -0700Hi all, @!Streams ...
Papa Dragon wrote the following post Fri, 08 Sep 2023 16:42:08 -0700Hi all, @!Streams (npub1yml…x54a) enthusiasts!
First of all, this is probably going to be my longest post ever here, so sorry for that, but I guess some details are needed for this issue. I'd like to be able to use the ldapauth addon with the Streams YunoHost package, so that YunoHost users can use their login info (username & password) to access a streams based website. So far, it doesn't work that good. In order to explain, I'll use an example.
Lets say Clark Kent has a YunoHost server. His YunoHost username is "clark" (full name being "Clark Kent"). Let's also say that he just installed a streams based website, dailypla.net, using the YunoHost package with the ldapauth addon enabled (see this branch), and that in the YunoHost admin interface he chose to be the dailypla.net streams based website's admin.
The connexion using "clark" as the username and Clark Kent's YunoHost password works fine. He's now asked to create his first channel. He chooses to name it "Superman" using "superman" as the channel's nickname. So far, everything goes rather smoothly, he adds a profile picture and decides to log out as he heard someone cry for help somewhere in Metropolis.
After saving the old lady's cat which climbed too high on a tree, Clark Kent comes back to his computer and tries to log in as "superman" (his channel's nickname), but it doesn't work:
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:auth.php:331:require: authenticate: failed login attempt: superman from IP 1.2.3.4
He then tries with "clark@dailypla.net" (his YunoHost account email address), but no luck:
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:auth.php:152:account_verify_password: password failed for clark@dailypla.net
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:auth.php:331:require: authenticate: failed login attempt: clark@dailypla.net from IP 1.2.3.4
Finally, he's able to log in using his YunoHost username "clark", and he lands on his "Superman" channel.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:194:ldapauth_authenticate: ldapauth: User clark authenticated.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:99:ldapauth_hook_authenticate: ldapauth: Login success for clark
He then creates a "Kal-El" channel to keep in touch with his family, with the nickname "kalel". After cfreating it without a problem, he decides to log out and log in again, see how things go. Same issue as using the "superman" channel's nickname:
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user kalel.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:166:ldapauth_authenticate: ldapauth: User kalel found but unable to load data.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:auth.php:152:account_verify_password: password failed for kalel
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:auth.php:331:require: authenticate: failed login attempt: kalel from IP 1.2.3.4
As this all seems very strange, Clark Kent decides to give it another shot and reinstalls his streams website, but this time his first channel is "Clark Kent" with the nickname "clark", assuming that it could somehow prevent messing up the system. Also he creates his two other channels "Superman" and "Kal-El" as previously. But that doesn't change anything. The only way he can connect is using the YunoHost username, "clark". Otherwise:
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:auth.php:331:require: authenticate: failed login attempt: superman from IP 1.2.3.4
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user kalel.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:166:ldapauth_authenticate: ldapauth: User kalel found but unable to load data.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:auth.php:152:account_verify_password: password failed for kalel
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:auth.php:331:require: authenticate: failed login attempt: kalel from IP 1.2.3.4
The only thing Clark Kent can do his change his default channel, so that when he logs in using his YunoHost username he'll land on it. But that's about all. He decides that "Superman" will be his default channel. He can't login to a channel entering the channel's nickname and his YunoHost password. But there's much worse.
Clark Kent has an account on the streams based website smallvil.le. He tries to clone his channels there. But it simply doesn't work as expected. He first tries to clone superman@dailypla.net, and here's what the log shows on the smallvil.le server:
2023-09-08T22:44:37Z:LOG_INFO:c94b15480e:Url.php:224:get: error: https://dailypla.net/api/z/1.0/channel/export/basic?f=&zap_compat=1:
And on the dailypla.net server:
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:101:api_call: API info: 4.3.2.1 api/z/1.0/version type: json Array
(
[func] => api_zot_version
[auth] =>
)
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:112:api_call: API call for : api/z/1.0/version
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:113:api_call: API parameters: Array
(
[req] => /api/z/1.0/version
)
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:api.php:101:api_call: API info: 4.3.2.1 api/z/1.0/channel/export/basic type: json Array
(
[func] => api_export_basic
[auth] => 1
)
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:api_auth.php:148:api_login: API_login failure: Array
(
[USER] => streams
[HOME] => /var/www/streams
[HTTP_ACCEPT_ENCODING] => deflate, gzip, br
[HTTP_ACCEPT] => */*
[HTTP_USER_AGENT] => Mozilla/5.0 (compatible)
[HTTP_AUTHORIZATION] => Basic c3VwZYJtYW46SnVsfWV0dGUvOTc3Kg==
[HTTP_HOST] => dailypla.net
[SCRIPT_FILENAME] => /var/www/streams//index.php
[REDIRECT_STATUS] => 200
[SERVER_NAME] => dailypla.net
[SERVER_PORT] => 443
[SERVER_ADDR] => 1.2.1.2
[REMOTE_USER] => superman
[REMOTE_PORT] => 38624
[REMOTE_ADDR] => 4.3.2.1
[SERVER_SOFTWARE] => nginx/1.18.0
[GATEWAY_INTERFACE] => CGI/1.1
[HTTPS] => on
[REQUEST_SCHEME] => https
[SERVER_PROTOCOL] => HTTP/2.0
[DOCUMENT_ROOT] => /var/www/streams/
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /api/z/1.0/channel/export/basic?f=&zap_compat=1
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[REQUEST_METHOD] => GET
[QUERY_STRING] => req=/api/z/1.0/channel/export/basic&f=&zap_compat=1
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[PHP_AUTH_USER] => superman
[PHP_AUTH_PW] => *****
[REQUEST_TIME_FLOAT] => 1694213077.8208
[REQUEST_TIME] => 1694213077
)
Same goes when he tries to clone kalel@dailypla.net.
He then tries to clone clark@dailypla.net and... surprise, the Superman channel gets cloned on smallvil.le! It seems that only the default channel is cloned (using the YunoHost username to form the handle clark@autrechose.club). Obviously a few things aren't happening as expected.
Here are Clark Kent's expectations for his streams based dailypla.net website installed using the YunoHost package:
Log in using his YunoHost username and password : works
Create a few channels : works
Log in using any of his channels' nicknames and his YunoHost password : doesn't work
Clone any of his channels on another streams based website : doesn't work
So, here's the thing: I really don't know where the problem lies: YunoHost or the ldapauth addon. And even if I knew, I'm no coder so there's not much I could do, except some testing. All I can say is that this could be summed up quite simply: for the moment, if you use the ldapauth addon, there's no way to connect to a streams website using the channel's nickname and the YunoHost password (and this is what impeaches the non-default channels cloning).
@mike (npub1nl9…fh6t) , do you thing that this could be fixed only by adapting the ldapauth addon, or would you say there's problably some things to work out the YunoHost side? I really don't know if this could be something easily fixed or on the contrary something that would require lots of work, I just now that if this issue could be solved, it would be a really nice addition to the YunoHost package.
Thanks for reading me if you reached that point!
@Papa Dragon (npub1sr2…k2le)
First of all, this is probably going to be my longest post ever here, so sorry for that, but I guess some details are needed for this issue. I'd like to be able to use the ldapauth addon with the Streams YunoHost package, so that YunoHost users can use their login info (username & password) to access a streams based website. So far, it doesn't work that good. In order to explain, I'll use an example.
Lets say Clark Kent has a YunoHost server. His YunoHost username is "clark" (full name being "Clark Kent"). Let's also say that he just installed a streams based website, dailypla.net, using the YunoHost package with the ldapauth addon enabled (see this branch), and that in the YunoHost admin interface he chose to be the dailypla.net streams based website's admin.
The connexion using "clark" as the username and Clark Kent's YunoHost password works fine. He's now asked to create his first channel. He chooses to name it "Superman" using "superman" as the channel's nickname. So far, everything goes rather smoothly, he adds a profile picture and decides to log out as he heard someone cry for help somewhere in Metropolis.
After saving the old lady's cat which climbed too high on a tree, Clark Kent comes back to his computer and tries to log in as "superman" (his channel's nickname), but it doesn't work:
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:06:09Z:LOG_INFO:e7b3e8882a:auth.php:331:require: authenticate: failed login attempt: superman from IP 1.2.3.4
He then tries with "clark@dailypla.net" (his YunoHost account email address), but no luck:
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:auth.php:152:account_verify_password: password failed for clark@dailypla.net
2023-09-08T22:10:39Z:LOG_INFO:d1e6448297:auth.php:331:require: authenticate: failed login attempt: clark@dailypla.net from IP 1.2.3.4
Finally, he's able to log in using his YunoHost username "clark", and he lands on his "Superman" channel.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:194:ldapauth_authenticate: ldapauth: User clark authenticated.
2023-09-08T22:09:19Z:LOG_INFO:2d3253735f:ldapauth.php:99:ldapauth_hook_authenticate: ldapauth: Login success for clark
He then creates a "Kal-El" channel to keep in touch with his family, with the nickname "kalel". After cfreating it without a problem, he decides to log out and log in again, see how things go. Same issue as using the "superman" channel's nickname:
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user kalel.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:166:ldapauth_authenticate: ldapauth: User kalel found but unable to load data.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:auth.php:152:account_verify_password: password failed for kalel
2023-09-08T22:22:52Z:LOG_INFO:a0a65b4940:auth.php:331:require: authenticate: failed login attempt: kalel from IP 1.2.3.4
As this all seems very strange, Clark Kent decides to give it another shot and reinstalls his streams website, but this time his first channel is "Clark Kent" with the nickname "clark", assuming that it could somehow prevent messing up the system. Also he creates his two other channels "Superman" and "Kal-El" as previously. But that doesn't change anything. The only way he can connect is using the YunoHost username, "clark". Otherwise:
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:36:23Z:LOG_INFO:549b21cdc1:auth.php:331:require: authenticate: failed login attempt: superman from IP 1.2.3.4
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user kalel.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:166:ldapauth_authenticate: ldapauth: User kalel found but unable to load data.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:auth.php:152:account_verify_password: password failed for kalel
2023-09-08T22:36:30Z:LOG_INFO:cb2822ba29:auth.php:331:require: authenticate: failed login attempt: kalel from IP 1.2.3.4
The only thing Clark Kent can do his change his default channel, so that when he logs in using his YunoHost username he'll land on it. But that's about all. He decides that "Superman" will be his default channel. He can't login to a channel entering the channel's nickname and his YunoHost password. But there's much worse.
Clark Kent has an account on the streams based website smallvil.le. He tries to clone his channels there. But it simply doesn't work as expected. He first tries to clone superman@dailypla.net, and here's what the log shows on the smallvil.le server:
2023-09-08T22:44:37Z:LOG_INFO:c94b15480e:Url.php:224:get: error: https://dailypla.net/api/z/1.0/channel/export/basic?f=&zap_compat=1:
And on the dailypla.net server:
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:101:api_call: API info: 4.3.2.1 api/z/1.0/version type: json Array
(
[func] => api_zot_version
[auth] =>
)
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:112:api_call: API call for : api/z/1.0/version
2023-09-08T22:44:37Z:LOG_INFO:66aa434e47:api.php:113:api_call: API parameters: Array
(
[req] => /api/z/1.0/version
)
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:api.php:101:api_call: API info: 4.3.2.1 api/z/1.0/channel/export/basic type: json Array
(
[func] => api_export_basic
[auth] => 1
)
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user superman.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:166:ldapauth_authenticate: ldapauth: User superman found but unable to load data.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:109:ldapauth_authenticate: ldapauth: Searching user clark@dailypla.net.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:ldapauth.php:166:ldapauth_authenticate: ldapauth: User clark@dailypla.net found but unable to load data.
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:auth.php:152:account_verify_password: password failed for superman
2023-09-08T22:44:37Z:LOG_INFO:2c9854155f:api_auth.php:148:api_login: API_login failure: Array
(
[USER] => streams
[HOME] => /var/www/streams
[HTTP_ACCEPT_ENCODING] => deflate, gzip, br
[HTTP_ACCEPT] => */*
[HTTP_USER_AGENT] => Mozilla/5.0 (compatible)
[HTTP_AUTHORIZATION] => Basic c3VwZYJtYW46SnVsfWV0dGUvOTc3Kg==
[HTTP_HOST] => dailypla.net
[SCRIPT_FILENAME] => /var/www/streams//index.php
[REDIRECT_STATUS] => 200
[SERVER_NAME] => dailypla.net
[SERVER_PORT] => 443
[SERVER_ADDR] => 1.2.1.2
[REMOTE_USER] => superman
[REMOTE_PORT] => 38624
[REMOTE_ADDR] => 4.3.2.1
[SERVER_SOFTWARE] => nginx/1.18.0
[GATEWAY_INTERFACE] => CGI/1.1
[HTTPS] => on
[REQUEST_SCHEME] => https
[SERVER_PROTOCOL] => HTTP/2.0
[DOCUMENT_ROOT] => /var/www/streams/
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /api/z/1.0/channel/export/basic?f=&zap_compat=1
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[REQUEST_METHOD] => GET
[QUERY_STRING] => req=/api/z/1.0/channel/export/basic&f=&zap_compat=1
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[PHP_AUTH_USER] => superman
[PHP_AUTH_PW] => *****
[REQUEST_TIME_FLOAT] => 1694213077.8208
[REQUEST_TIME] => 1694213077
)
Same goes when he tries to clone kalel@dailypla.net.
He then tries to clone clark@dailypla.net and... surprise, the Superman channel gets cloned on smallvil.le! It seems that only the default channel is cloned (using the YunoHost username to form the handle clark@autrechose.club). Obviously a few things aren't happening as expected.
Here are Clark Kent's expectations for his streams based dailypla.net website installed using the YunoHost package:
Log in using his YunoHost username and password : works
Create a few channels : works
Log in using any of his channels' nicknames and his YunoHost password : doesn't work
Clone any of his channels on another streams based website : doesn't work
So, here's the thing: I really don't know where the problem lies: YunoHost or the ldapauth addon. And even if I knew, I'm no coder so there's not much I could do, except some testing. All I can say is that this could be summed up quite simply: for the moment, if you use the ldapauth addon, there's no way to connect to a streams website using the channel's nickname and the YunoHost password (and this is what impeaches the non-default channels cloning).
@mike (npub1nl9…fh6t) , do you thing that this could be fixed only by adapting the ldapauth addon, or would you say there's problably some things to work out the YunoHost side? I really don't know if this could be something easily fixed or on the contrary something that would require lots of work, I just now that if this issue could be solved, it would be a really nice addition to the YunoHost package.
Thanks for reading me if you reached that point!
@Papa Dragon (npub1sr2…k2le)