Tt-rss + ttrss-android auth broken

Tiny Tiny RSS Support
1

PLEASE READ THIS BEFORE POSTING: Read before posting / reporting bugs

Describe the problem you’re having:

tt-rss android always report Error: username or password incorrect (HTTP basic auth + ttrss auth, this is not a single user installation). Was working perfectly fine a few days/hours ago. The passwords and usernames have been double checked and tt-rss works well in my desktop browser.

If possible include steps to reproduce the problem:

Not clear since it was working perfectly until a few days/hours.

  • setup tt-rss
  • setup http basic auth
  • try to connect w/ ttrss-android

tt-rss version (including git commit id):

d0cce0c7a431d886403632ef94add650363d4ef6

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:

TT-RSS hosting:

  • Ubuntu 16.04.3 LTS up to date
  • nginx + PHP 7.0.22-0ubuntu0.16.04.1
  • Mariadb 10.0.31-0ubuntu0.16.04.2

TT-RSS client:

  • Oneplus 3T, LineageOS up to date
  • TT-RSS 1.231 (465) (updated 7 hours ago)
  • Build timestamp: 2017.12.11 13:12:25

Please provide any additional information below:

Connection attempts as reported in the webserver (ip + http auth edited):
<XXX.XXX.XXX.XXX> - [16/Dec/2017:04:58:09 +0100] “POST /api/ HTTP/1.1” 200 65 “-” “Dalvik/2.1.0 (Linux; U; Android 7.1.2; ONEPLUS A3003 Build/NJH47F)”

Logs on android (with adb logcat, several blatantly irrelevant messages filtered out):

12-16 05:01:24.205 27152 27152 W System  : ClassLoader referenced unknown path: /data/app/org.fox.ttrss-1/lib/arm64
12-16 05:01:24.223 27152 27152 I ACRA    : ACRA is enabled for org.fox.ttrss, initializing...
12-16 05:01:24.235  1555  2809 I ActivityManager: START u0 {cmp=org.fox.ttrss/.OnlineActivity} from uid 10090 on display 0
12-16 05:01:24.259 27152 27152 D setupWidgetUpdates: interval= 900000
12-16 05:01:24.271 27152 27152 W art     : Before Android 4.1, method android.graphics.PorterDuffColorFilter android.support.graphics.drawable.VectorDrawableCompat.updateTintFilter(android.graphics.PorterDuffColorFilter, android.content.res.ColorStateList, android.graphics.PorterDuff$Mode) would have incorrectly overridden the package-private method in android.graphics.drawable.Drawable
12-16 05:01:24.274 27152 27152 D OnlineActivity: m_isOffline=false
12-16 05:01:24.283 27152 27152 I AppCompatViewInflater: app:theme is now deprecated. Please move to using android:theme instead.
12-16 05:01:24.291 27152 27152 D OnlineActivity: intent action=null
12-16 05:01:24.304 27152 27172 D LoginRequest: >>> ({"op":"login","password":"XXXXXXXXX","user":"XXXXXXXXX"}) https://XXXXXXXXXXXXXXXXXXXXXX
12-16 05:01:24.305 27152 27172 D NetworkSecurityConfig: No Network Security Config specified, using platform default
12-16 05:01:24.307 27152 27172 I DpmTcmClient: RegisterTcmMonitor from: com.android.okhttp.TcmIdleTimerMonitor
12-16 05:01:24.309 27152 27172 D LoginRequest: Using HTTP Basic authentication.
12-16 05:01:24.327 27152 27173 I Adreno  : QUALCOMM build                   : 853a1ff, I9c435c2712
12-16 05:01:24.327 27152 27173 I Adreno  : Build Date                       : 01/10/17
12-16 05:01:24.327 27152 27173 I Adreno  : OpenGL ES Shader Compiler Version: XE031.09.00.04
12-16 05:01:24.327 27152 27173 I Adreno  : Local Branch                     :
12-16 05:01:24.327 27152 27173 I Adreno  : Remote Branch                    :
12-16 05:01:24.327 27152 27173 I Adreno  : Remote Branch                    :
12-16 05:01:24.327 27152 27173 I Adreno  : Reconstruct Branch               :
12-16 05:01:24.332 27152 27173 I OpenGLRenderer: Initialized EGL, version 1.4
12-16 05:01:24.332 27152 27173 D OpenGLRenderer: Swap behavior 1
12-16 05:01:24.350 27152 27152 D OnlineActivity: license apk found
12-16 05:01:24.381  1555  1607 I ActivityManager: Displayed org.fox.ttrss/.OnlineActivity: +131ms (total +252ms)
12-16 05:01:24.578 27177 27177 E ANDR-PERF-MPCTL: Unable to create control service (stage=2, rc=-1)
12-16 05:01:24.981  1555  2353 D WifiStateMachine: updateCapabilities for config:<SSID>false,false
12-16 05:01:25.030  3249  3413 W QCNEJ   : |CORE| CNE received unexpected action: android.intent.action.BATTERY_CHANGED
12-16 05:01:25.228   717   717 I cnss-daemon: RTM_NEWNEIGH message received: 28
12-16 05:01:25.228   717   717 E cnss-daemon: Stale or unreachable neighbors, ndm state: 16
12-16 05:01:25.231   717   717 I cnss-daemon: RTM_NEWNEIGH message received: 28
12-16 05:01:25.231   717   717 I cnss-daemon: NDA_DST received: <IPADDRESS> ul: 562993138018496
12-16 05:01:25.232   717   717 I cnss-daemon: NDA_LLADDR received
12-16 05:01:26.691 27152 27172 D LoginRequest: <<< {"seq":0,"status":1,"content":{"error":"LOGIN_ERROR"}}
2

check ttrss logs in preferences system tab for anything relevant

also post which auth modules are enabled in config.php

3

Thank you very much for your reply.

Here’s the error appearing in the logs:

E_USER_WARNING (512) classes/api.php:84 Failed login attempt for XXXXX from XXX.XXX.XXX.XXX classes/api.php(84): user_error(Failed login attempt for XXXX from XXX.XXX.XXX.XXX, 512)
2. api/index.php(80): login()

Here is the config.php:

define('DB_TYPE', 'mysql');
define('DB_HOST', '');
define('DB_USER', 'XXXX');
define('DB_NAME', 'XXXX');
define('DB_PASS', 'XXXX');
define('DB_PORT', '');
define('MYSQL_CHARSET', 'UTF8');
define('SELF_URL_PATH', 'XXXX');
define('FEED_CRYPT_KEY', '');
define('SINGLE_USER_MODE', false);
define('SIMPLE_UPDATE_MODE', false);
define('PHP_EXECUTABLE', '/usr/bin/php');
define('LOCK_DIRECTORY', 'lock');
define('CACHE_DIR', 'cache');
define('ICONS_DIR', "feed-icons");
define('ICONS_URL', "feed-icons");
define('AUTH_AUTO_CREATE', true);
define('AUTH_AUTO_LOGIN', true);
define('FORCE_ARTICLE_PURGE', 0);
define('PUBSUBHUBBUB_HUB', '');
define('PUBSUBHUBBUB_ENABLED', false);
define('SPHINX_SERVER', 'localhost:9312');
define('SPHINX_INDEX', 'ttrss, delta');
define('ENABLE_REGISTRATION', false);
define('REG_NOTIFY_ADDRESS', '[email protected]');
define('REG_MAX_USERS', 10);
define('SESSION_COOKIE_LIFETIME', 86400);
define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
define('SMTP_FROM_ADDRESS', '[email protected]');
define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
define('SMTP_SERVER', '');
define('SMTP_LOGIN', '');
define('SMTP_PASSWORD', '');
define('SMTP_SECURE', '');
define('CHECK_FOR_UPDATES', true);
define('ENABLE_GZIP_OUTPUT', false);
define('PLUGINS', 'auth_internal, note');
define('LOG_DESTINATION', 'sql');
define('CONFIG_VERSION', 26);

Another phone running ttrss-android 1.229 (463) Buid timestamp 2017.11.21 14:41:03 works (with another user).

4

you should have said that. this means your problem is not with the server but either with the device, its network connection, or maybe actual password.

nothing changed with regard to http from version code 463 to 465 (the latest one) - the only change is related to custom tabs - so if 463 works 465 should work too.

e: can this user login via tt-rss web ui?

e2: i mean it’s ofc entirely possible of course that apk 465 BROKE EVERYTHING just very unlikely

5 
e: can this user login via tt-rss web ui?

That’s what I tested and I wasn’t able to login. Fortunately, I was still online from another computer and managed to change my password - not really a change since I set the password I currently use. I’m now able to login again both via the web ui and my phone (both web and tt-rss app).

It’s like my password suddenly changed without me changing it. Either it has been “corrupted” in some way, or my VPS has been compromised. Anyway, it’s working now. I’m going to check the logs carefully.

Thanks for your help.

6

you should check database backups if you have them

there shouldn’t have been any change with password hashes on current tt-rss, just imagine the shitstorm if i suddenly broke everyone’s password but it’s still somewhat worrying.

7

Looks like you just broke his :smiley: