Wrong credentials / no login pop-up

Question

Wrong credentials / no login pop-up

what-ri opened this issue 4 years ago · comments

Hi,

If a user writes wrong credentials, he is re-directed to access forbidden page. If he tries to retry to open the recording, user never gets a login box again - he has to clear his cookies in order for it to appear again.

Is there any way to prompt the script to use the login popup after failed login?

Tobias Fiebig · Answer 1 · Wed Jun 24 2020 18:18:39 GMT+0800 (China Standard Time)

I can not reproduce that here (login popup reappears when i enter the wrong credentials, please test): https://bbb.home.aperture-labs.org/playback/presentation/2.0/playback.html?meetingId=0f78a81048ba3453f3fea134924ec4bfdd01eb42-1590186065110

Will take a look later tonight. For that, please let me know which browser you are using.

what-ri · Answer 2 · Wed Jun 24 2020 18:21:55 GMT+0800 (China Standard Time)

Thanks for prompt replies!

It works fine on your instance!
I am using Chrome on Win.

Tobias Fiebig · Answer 3 · Wed Jun 24 2020 18:24:48 GMT+0800 (China Standard Time)

Ok, than this seems to be a configuration issue on your side. I can reproduce it on your instance. Can you share your nginx configuration?

what-ri · Answer 4 · Wed Jun 24 2020 18:27:19 GMT+0800 (China Standard Time)

edited: nginx config - was not necessary for issue

Tobias Fiebig · Answer 5 · Wed Jun 24 2020 18:31:28 GMT+0800 (China Standard Time)

And maybe one of the statements where you enabled auth in /etc/bigbluebutton/nginx/ ?

what-ri · Answer 6 · Wed Jun 24 2020 18:32:57 GMT+0800 (China Standard Time)

This is the podcast config:

    location /podcast {
            root    /var/bigbluebutton/published;
            index  index.html index.htm;
            ### Uncomment the next three lines if you want to use password
            ### authentication (see dedicated files. Create /var/www/htpasswd
            ### as an empty file with 'touch /var/www/htpasswd'.
            # satisfy any;
            # auth_basic "Restricted";
            # auth_basic_user_file "/var/www/htpasswd";
            auth_request /auth;
            error_page 403 /index.html;
    }

SOLVED - create blank htpasswd & uncomment the lines

Tobias Fiebig · Answer 7 · Wed Jun 24 2020 18:34:36 GMT+0800 (China Standard Time)

Can you disable these two configs and see if that helps:
<------>include /etc/nginx/bots.d/ddos.conf;.
<----->include /etc/nginx/bots.d/blockbots.conf;

?

what-ri · Answer 8 · Wed Jun 24 2020 18:39:02 GMT+0800 (China Standard Time)

I commented them out, still getting the same result.
However, if i click on Cancel for auth, it will provide 401 nginx page & i will get asked again for credentials, but if i type in the wrong user/pass i will not.

I will try to disable custom error pages & see what happens.

Tobias Fiebig · Answer 9 · Wed Jun 24 2020 18:42:09 GMT+0800 (China Standard Time)

Uhm, only saw just now...

            satisfy any;
            auth_basic "Restricted";
            auth_basic_user_file "/var/www/htpasswd";

This must be present, and /var/www/htpasswd must exist (as an empty file). It ensures BBB collects the AUTH_BASIC credentials and puts them into the request headers for the request to auth.

what-ri · Answer 10 · Wed Jun 24 2020 18:45:40 GMT+0800 (China Standard Time)

That was it!
Thank you very much!

Drop me your PayPal so i can buy you a coffee! :)

Tobias Fiebig · Answer 11 · Wed Jun 24 2020 18:49:32 GMT+0800 (China Standard Time)

I am already being paid for my work to the public. Public servant at a university n stuff. ;-)

If you want to do buy someone a coffee, i suggest one of these institutions (even 2.99 help):
https://voedselbankennederland.nl/
https://www.tafel.de/
http://arbeiterkind.de/
https://www.seenotretter.de/wer-wir-sind/

what-ri · Answer 12 · Wed Jun 24 2020 18:50:59 GMT+0800 (China Standard Time)

Consider it done!