Lukas
aebe0d0236
- Add production Docker Compose configuration - Add check_auth.py diagnostic script for session 401 debugging
148 lines
5.0 KiB
Python
148 lines
5.0 KiB
Python
#!/usr/bin/env python3
|
|
"""Diagnostic script for BanGUI auth/session 401 issue.
|
|
|
|
Tests the full auth flow against http://192.168.178.43:8080/api/v1/auth
|
|
using password "Hallo123!".
|
|
|
|
Usage:
|
|
python3 check_auth.py
|
|
"""
|
|
|
|
import json
|
|
import urllib.error
|
|
import urllib.request
|
|
|
|
BASE_URL = "http://192.168.178.43:8080/api/v1"
|
|
PASSWORD = "Hallo123!"
|
|
|
|
|
|
def make_request(url, method="GET", data=None, headers=None, cookie=None):
|
|
"""Make an HTTP request and return (status, headers, body, cookies)."""
|
|
req_headers = headers or {}
|
|
if data:
|
|
req_headers["Content-Type"] = "application/json"
|
|
if cookie:
|
|
req_headers["Cookie"] = cookie
|
|
|
|
req = urllib.request.Request(
|
|
url,
|
|
data=json.dumps(data).encode("utf-8") if data else None,
|
|
headers=req_headers,
|
|
method=method,
|
|
)
|
|
|
|
try:
|
|
with urllib.request.urlopen(req) as resp:
|
|
body = resp.read().decode("utf-8")
|
|
cookies = resp.headers.get_all("Set-Cookie") or []
|
|
return resp.status, dict(resp.headers), body, cookies
|
|
except urllib.error.HTTPError as e:
|
|
body = e.read().decode("utf-8")
|
|
cookies = e.headers.get_all("Set-Cookie") or []
|
|
return e.code, dict(e.headers), body, cookies
|
|
except Exception as e:
|
|
return None, {}, str(e), []
|
|
|
|
|
|
def extract_cookie_value(set_cookie_headers, cookie_name):
|
|
"""Extract cookie value from Set-Cookie headers."""
|
|
for header in set_cookie_headers:
|
|
if header.startswith(cookie_name + "="):
|
|
return header.split(";")[0]
|
|
return None
|
|
|
|
|
|
def main():
|
|
print("=" * 60)
|
|
print("BanGUI Auth Diagnostic Script")
|
|
print("Target:", BASE_URL)
|
|
print("=" * 60)
|
|
|
|
# 1. Check health endpoint (no auth needed)
|
|
print("\n[1] GET /health")
|
|
status, headers, body, _ = make_request(f"{BASE_URL}/health")
|
|
print(f" Status: {status}")
|
|
print(f" Response: {body[:200]}")
|
|
|
|
# 2. Check CORS preflight for login
|
|
print("\n[2] OPTIONS /auth/login (CORS preflight)")
|
|
status, headers, body, _ = make_request(
|
|
f"{BASE_URL}/auth/login",
|
|
method="OPTIONS",
|
|
headers={
|
|
"Origin": "http://192.168.178.43:8080",
|
|
"Access-Control-Request-Method": "POST",
|
|
"Access-Control-Request-Headers": "Content-Type",
|
|
},
|
|
)
|
|
print(f" Status: {status}")
|
|
print(f" Access-Control-Allow-Origin: {headers.get('Access-Control-Allow-Origin', 'MISSING')}")
|
|
print(f" Access-Control-Allow-Credentials: {headers.get('Access-Control-Allow-Credentials', 'MISSING')}")
|
|
|
|
# 3. Login
|
|
print(f"\n[3] POST /auth/login (password: {PASSWORD})")
|
|
status, headers, body, cookies = make_request(
|
|
f"{BASE_URL}/auth/login",
|
|
method="POST",
|
|
data={"password": PASSWORD},
|
|
headers={"Origin": "http://192.168.178.43:8080"},
|
|
)
|
|
print(f" Status: {status}")
|
|
print(f" Response: {body}")
|
|
print(f" Set-Cookie headers: {cookies}")
|
|
|
|
session_cookie = extract_cookie_value(cookies, "bangui_session")
|
|
if session_cookie:
|
|
print(f" Extracted session cookie: {session_cookie[:50]}...")
|
|
else:
|
|
print(" WARNING: No bangui_session cookie received!")
|
|
|
|
# 4. Validate session with cookie
|
|
print("\n[4] GET /auth/session (with cookie)")
|
|
if session_cookie:
|
|
status, headers, body, _ = make_request(
|
|
f"{BASE_URL}/auth/session",
|
|
cookie=session_cookie,
|
|
headers={"Origin": "http://192.168.178.43:8080"},
|
|
)
|
|
print(f" Status: {status}")
|
|
print(f" Response: {body}")
|
|
else:
|
|
print(" SKIPPED (no cookie from login)")
|
|
|
|
# 5. Validate session WITHOUT cookie (should be 401)
|
|
print("\n[5] GET /auth/session (without cookie)")
|
|
status, headers, body, _ = make_request(f"{BASE_URL}/auth/session")
|
|
print(f" Status: {status}")
|
|
print(f" Response: {body}")
|
|
|
|
# 6. Check backend settings (if available via /setup or other endpoint)
|
|
print("\n[6] GET /setup (check if setup is complete)")
|
|
status, headers, body, _ = make_request(f"{BASE_URL}/setup")
|
|
print(f" Status: {status}")
|
|
print(f" Response: {body[:200]}")
|
|
|
|
print("\n" + "=" * 60)
|
|
print("DIAGNOSIS SUMMARY")
|
|
print("=" * 60)
|
|
|
|
if session_cookie and "Secure" in str(cookies):
|
|
print("\n PROBLEM FOUND: Session cookie has 'Secure' flag set,")
|
|
print(" but you are accessing over HTTP (not HTTPS).")
|
|
print(" Browsers will NOT send Secure cookies over HTTP!")
|
|
print("\n FIX: Set SESSION_COOKIE_SECURE=false in your backend .env")
|
|
print(" and restart the backend.")
|
|
|
|
if not session_cookie and status == 401:
|
|
print("\n PROBLEM FOUND: Login succeeded but no session cookie was set.")
|
|
print(" This usually means the cookie is being rejected by the browser")
|
|
print(" due to Secure flag on HTTP, or SameSite restrictions.")
|
|
|
|
print("\n If CORS Access-Control-Allow-Origin is missing or wrong,")
|
|
print(" add your frontend origin to CORS_ALLOWED_ORIGINS in .env")
|
|
print("=" * 60)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|