this post was submitted on 03 Feb 2026
15 points (100.0% liked)

Voyager

7958 readers
13 users here now

The official lemmy community for Voyager, an open source, mobile-first client for lemmy.

Download on App Store

Download on Play Store

Use as a Web App

Download on F-Droid

Rules

  1. Be nice.
  2. lemmy.world instance policy

Sponsor development! 👇

Number of sponsors badge

💙

founded 2 years ago
MODERATORS
aeharding@lemmy.world
aeharding@vger.social
15
Can't log in to piefed (lemmy.world)
submitted 3 days ago* (last edited 3 days ago) by CombatWombatEsq@lemmy.world to c/voyagerapp@lemmy.world
19 comments fedilink hide all child comments
 

I was super excited to see that Voyager added experimental support for Piefed. I went a created an account on feddit.online, and tried to log in… and got a connection error. No worries, it’s experimental. That was like 5 months ago and it’s still happening and I’m starting to suspect it’s not going to get better on its own. I use a password manager, and it’s saying “connection error” so I feel like it’s probably not bad credentials? Did I choose a bad instance or is this client-side?

you are viewing a single comment's thread
view the rest of the comments
[–] wjs018@piefed.social 3 points 2 days ago (1 children)

You can't register from within Voyager, but you can log in to an existing (the button on the lower right of the adding an account screen). The reason you can't register a new piefed account in Voyager is because that functionality doesn't exist in the API yet.

I was able to log in to feddit just fine using curl, so it seems to be voyager-specific. Not sure if there might be an errant cloudflare challenge or other kind of proxy-level filtering that it might be getting caught up in.

Not sure if @aeharding@vger.social might have suggestions for how to help ID the issue or get a more descriptive error message.

[–] Jerry@feddit.online 4 points 2 days ago (1 children)

This is helpful. Thanks.

Can you share the curl command? Seems like something worth keeping in my notes and will help me in looking more closely at the firewall rules.

[–] wjs018@piefed.social 3 points 2 days ago (2 children)

Here you go:

curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "your_username",
  "password": "your_password"
}'
[–] Jerry@feddit.online 3 points 2 days ago

The Cloudflare WAF log shows that it allowed the login request to go through. I'll have to look more this evening.

[–] Jerry@feddit.online 2 points 2 days ago* (last edited 2 days ago) (2 children)

Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request)

@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@.@...............kz.....n...........  
@x..@x..POST /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@.@.CB.............BO.+Ngj..Vk.......

The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox

I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

I'm grasping at straws.

[–] rimu@piefed.social 2 points 2 days ago (1 children)

When I do a curl request to the feddit.online API endpoint I can log in fine. If I use an invalid password I get the expected error message.

rimu@rimu-mate2 ~ $ curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "rimu",
  "password": "valid password"
}'
{"jwt":"some gibberish"}
rimu@rimu-mate2 ~ $ curl --request POST   --url https://feddit.online/api/alpha/user/login   --header 'Content-Type: application/json'   --data '{
  "username": "rimu",
  "password": "invalid password"
}'
{"code":400,"message":"incorrect_login","status":"Bad Request"}
[–] Jerry@feddit.online 2 points 2 days ago

@rimu@piefed.social
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.

Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

[–] wjs018@piefed.social 2 points 2 days ago

Pinging @rimu@piefed.social for help as well.

I don't think the referer is checked at all for api endpoints, so I doubt that is the issue.