this post was submitted on 03 Feb 2026
16 points (100.0% liked)

Voyager

8033 readers
2 users here now

The official lemmy community for Voyager, an open source, mobile-first client for lemmy.

Download on App Store

Download on Play Store

Use as a Web App

Download on F-Droid

Rules

  1. Be nice.
  2. lemmy.world instance policy

Sponsor development! 👇

Number of sponsors badge

💙

founded 2 years ago
MODERATORS
aeharding@lemmy.world
aeharding@vger.social
16
Can't log in to piefed (lemmy.world)
submitted 3 weeks ago* (last edited 3 weeks ago) by CombatWombatEsq@lemmy.world to c/voyagerapp@lemmy.world
19 comments fedilink hide all child comments
 

I was super excited to see that Voyager added experimental support for Piefed. I went a created an account on feddit.online, and tried to log in… and got a connection error. No worries, it’s experimental. That was like 5 months ago and it’s still happening and I’m starting to suspect it’s not going to get better on its own. I use a password manager, and it’s saying “connection error” so I feel like it’s probably not bad credentials? Did I choose a bad instance or is this client-side?

you are viewing a single comment's thread
view the rest of the comments
[–] wjs018@piefed.social 9 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I can confirm that my feddit.online account isn't working with Voyager for whatever reason. I was able to log in with a couple of other piefed instances without issue.

Tagging @jerry@feddit.online for visibility.

Edit: I just tried Boost and it worked with my feddit account. Could be something really weird going on.

[–] Jerry@feddit.online 4 points 3 weeks ago (2 children)

I used to be able to log in via Voyager. I don't know what changed. I get a message that Voyager doesn't support signups via Piefed. Is this what you see?

I'll have to look at this tonight. Maybe it's a firewall issue? Rimu, @rimu@piefed.social, any suggestions on where to start?

[–] wjs018@piefed.social 5 points 3 weeks ago (1 children)

You can't register from within Voyager, but you can log in to an existing (the button on the lower right of the adding an account screen). The reason you can't register a new piefed account in Voyager is because that functionality doesn't exist in the API yet.

I was able to log in to feddit just fine using curl, so it seems to be voyager-specific. Not sure if there might be an errant cloudflare challenge or other kind of proxy-level filtering that it might be getting caught up in.

Not sure if @aeharding@vger.social might have suggestions for how to help ID the issue or get a more descriptive error message.

[–] Jerry@feddit.online 5 points 3 weeks ago (1 children)

This is helpful. Thanks.

Can you share the curl command? Seems like something worth keeping in my notes and will help me in looking more closely at the firewall rules.

[–] wjs018@piefed.social 4 points 3 weeks ago (2 children)

Here you go:

curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "your_username",
  "password": "your_password"
}'
[–] Jerry@feddit.online 4 points 3 weeks ago

The Cloudflare WAF log shows that it allowed the login request to go through. I'll have to look more this evening.

[–] Jerry@feddit.online 3 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request)

@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@.@...............kz.....n...........  
@x..@x..POST /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@.@.CB.............BO.+Ngj..Vk.......

The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox

I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

I'm grasping at straws.

[–] rimu@piefed.social 4 points 3 weeks ago (1 children)

When I do a curl request to the feddit.online API endpoint I can log in fine. If I use an invalid password I get the expected error message.

rimu@rimu-mate2 ~ $ curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "rimu",
  "password": "valid password"
}'
{"jwt":"some gibberish"}
rimu@rimu-mate2 ~ $ curl --request POST   --url https://feddit.online/api/alpha/user/login   --header 'Content-Type: application/json'   --data '{
  "username": "rimu",
  "password": "invalid password"
}'
{"code":400,"message":"incorrect_login","status":"Bad Request"}
[–] Jerry@feddit.online 4 points 3 weeks ago

@rimu@piefed.social
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.

Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

[–] wjs018@piefed.social 3 points 3 weeks ago

Pinging @rimu@piefed.social for help as well.

I don't think the referer is checked at all for api endpoints, so I doubt that is the issue.

[–] rimu@piefed.social 4 points 3 weeks ago (2 children)

Do you have any nginx rules which block scrapers by inspecting the user agent string? Perhaps that's catching Voyager.

[–] Jerry@feddit.online 3 points 3 weeks ago

I have to look again because it was a while ago, but I do block some user agent strings, but if I'm blocking Voyager this way, I really screwed up.

Another possibility is that Cloudflare is presenting a managed challenge during sign up.

[–] Jerry@feddit.online 3 points 3 weeks ago* (last edited 3 weeks ago)

Nope. I posted below what is coming into the server. The only thing I can think of is that the referrer is coming in as https://localhost/inbox which might explain the 400 error (Bad Request). Does your nginx configuration drop incoming cookies for the login endpoint?