Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uploaded images are locked behind SSO #80

Open
MrTastyBiscuits opened this issue Aug 14, 2024 · 1 comment
Open

Uploaded images are locked behind SSO #80

MrTastyBiscuits opened this issue Aug 14, 2024 · 1 comment

Comments

@MrTastyBiscuits
Copy link

Describe the bug

When installing, I have set my Lutim instance to be accessible to YNH users only. Despite that, shared images should be accessible by everybody as described here :

lutim_ynh/manifest.toml

Line 38 in 319b762

help.en = "If you set Lutim as visitors, everyone will be able to upload images and share them.<br>But even if not public, everyone can see an image from a link shared with your Lutim."

It is not the case, shared images are locked behind the SSO.

Context

  • Hardware: VPS bought online
  • YunoHost version: 11.2.27
  • I have access to my server: Through SSH | through the webadmin
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
  • Using, or trying to install package version/branch: 0.17.0~ynh1

Steps to reproduce

  1. Install Lutim from the webadmin
  2. Select a domain and install at its root
  3. Choose to make the app limited to YNH users
  4. Leave "Encrypt images" ticked (default)
  5. Click install
  6. Wait for quite some time
  7. Access Lutim, upload an image and copy link
  8. Open link in private window of browser
  9. Get stuck on the SSO without seeing the image

Expected behavior

It is described here:

lutim_ynh/manifest.toml

Line 38 in 319b762

help.en = "If you set Lutim as visitors, everyone will be able to upload images and share them.<br>But even if not public, everyone can see an image from a link shared with your Lutim."

Upload should be limited to YNH users while viewing of uploaded images should be available to everybody

Other attemps

I have tried to install the app as public and obviously it is accessible without being logged in. Changing it afterwards to YNH users only leads to the same incorrect behaviour as described in the issue above.

My knowledge of Linux/NGINX is not good enough for me to try to tinker with the config files, that said, I did not find anything in the config files of this repo that would suggest the behaviour described in manifest.toml is actually implemented (but I could be very wrong there).

Either way, thank you for your work on this app (and YNH) and please let me know if there is anything else that I can do.
@moeenio
Copy link

moeenio commented Feb 5, 2025

I don't see any nginx config that would allow accessing the uploaded images without login, thus I wonder why it says that this is possible... Maybe I'll look into nginx config for that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moeenio @MrTastyBiscuits