You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using ntfy CLI, when trying to subscribe to a topic as a user with an empty password, it seems impossible to do so from the config file client.yml. Things I tried all result in 403 forbidden authentication failures.
Steps to reproduce
Set up a topic empty-password-test on the server with policy deny.
ntfy access everyone empty-password-test deny
Add a user alice with empty password and read access to empty-password-test.
ntfy user add alice # provide empty password
ntfy access alice empty-password-test ro
Run curl -u "alice:" -s http://my.domain.tld/empty-password-test/json, and observe that stream is opened successfully.
This verifies that the server has been set up correctly.
Run ntfy sub -C, and observe that authentication fails.
Run ntfy sub -u "alice:" -C, and observe that with the username&password override, authentication no longer fails.
Miscellaneous
I tried password: ~, password: null, password: false, and omitting the password field altogether. None worked, although password: false produced 401 unauthorized instead of 403 forbidden.
Versions:
Linux x86_64 5.18.14, ntfy 1.27.2@69d6cdd, go 1.18.4
The text was updated successfully, but these errors were encountered:
cyqsimon
changed the title
User with empty password in client.yml does not work
[Bug] User with empty password in client.yml does not work
Aug 4, 2022
wunter8
added a commit
to wunter8/ntfy
that referenced
this issue
Oct 9, 2022
Description
Using
ntfy
CLI, when trying to subscribe to a topic as a user with an empty password, it seems impossible to do so from the config fileclient.yml
. Things I tried all result in403 forbidden
authentication failures.Steps to reproduce
empty-password-test
on the server with policydeny
.alice
with empty password and read access toempty-password-test
.ntfy user add alice # provide empty password ntfy access alice empty-password-test ro
curl -u "alice:" -s http://my.domain.tld/empty-password-test/json
, and observe that stream is opened successfully.client.yml
.ntfy sub -C
, and observe that authentication fails.ntfy sub -u "alice:" -C
, and observe that with the username&password override, authentication no longer fails.Miscellaneous
password: ~
,password: null
,password: false
, and omitting thepassword
field altogether. None worked, althoughpassword: false
produced401 unauthorized
instead of403 forbidden
.The text was updated successfully, but these errors were encountered: