Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to generate API Password for Ampache and Subsonic #1038

Closed
raxp122 opened this issue Jan 2, 2023 · 5 comments
Closed

Unable to generate API Password for Ampache and Subsonic #1038

raxp122 opened this issue Jan 2, 2023 · 5 comments
Labels
Bug

Comments

@raxp122
Copy link

raxp122 commented Jan 2, 2023

After writing a name for the new API Password clicking the button returns: "Failed to generate new Ampache/Subsonic password" without any other context.
@paulijar paulijar added the Bug label Jan 2, 2023
@paulijar
Copy link
Collaborator

paulijar commented Jan 2, 2023

Thanks for the report. I could reproduce this on Nextcloud 17 but not on Nextcloud 25; I didn't test any other cloud versions yet. The root cause is not yet clear but it's probably something simple once I get the chance to look into it.

@Bendelk
Copy link

Bendelk commented Jan 2, 2023

Thanks for the report. I could reproduce this on Nextcloud 17 but not on Nextcloud 25; I didn't test any other cloud versions yet. The root cause is not yet clear but it's probably something simple once I get the chance to look into it.

@paulijar
Copy link
Collaborator

paulijar commented Jan 2, 2023

On Nextcloud, this seems to affect at least NC23 and older versions but not NC25. I haven't tested NC24. On ownCloud, at least OC10.0 is affected but 10.4 or 10.6 or 10.11 are not.

Anyone in a hurry should be able to fix this by removing the following line of code from their installation:

music/lib/Controller/SettingController.php

Line 150 in 65fd87b

* @CORS

With the @CORS attribute removed, it will become impossible to generate API keys from external sites (as has been the original intention of the API in question) but the chances are that you would not do that anyway. I don't know if anyone ever has.

@raxp122
Copy link
Author

raxp122 commented Jan 3, 2023

To give a bit more context i was on NC 24.0.8 so i tried upgrading to NC25 and all is working fine.

paulijar added a commit that referenced this issue Jan 5, 2023
@paulijar
Fix Ampache/Subsonic key creation not working on NC <25 and OC10.0
cff2560 
On Nextcloud versions older than 25 and on ownCloud 10.0, calling a
controller function with the @cors attribute doesn't work for the
normal logged-in users. Such functions are supposed to be called only
from external sites, and the user credential should be passed on each
call. The REST API `/api/settings/userkey/generate` was originally
created to be used from external sites in the PR
#485, and hence has the @cors
attribute.

This was now fixed by providing another REST API endpoint for the key
generation for our own front-end. At the same go, the REST API used by
our front-end for key management was modified to be better aligned with
the other similar REST APIs:
- URL path section `/userkey/` was replaced with `/user/keys/`
- Removing a key uses the HTTP verb `DELETE` and the target ID is part
  of the URL
- There is a getter for all the keys
- Creating the new key uses the same URL as the getter but verb `POST`

The CORS endpoint `/api/settings/userkey/generate` was kept as it
was in case some external site/application is actually using it.

refs #1038
@paulijar
Copy link
Collaborator

paulijar commented Jan 8, 2023

This is now fixed in the Music release v1.8.1.

@paulijar paulijar closed this as completed Jan 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulijar @raxp122 @Bendelk