this post was submitted on 03 Feb 2026
15 points (100.0% liked)

Voyager

7958 readers
13 users here now

The official lemmy community for Voyager, an open source, mobile-first client for lemmy.

Download on App Store

Download on Play Store

Use as a Web App

Download on F-Droid

Rules

  1. Be nice.
  2. lemmy.world instance policy

Sponsor development! 👇

Number of sponsors badge

💙

founded 2 years ago
MODERATORS
aeharding@lemmy.world
aeharding@vger.social
15
Can't log in to piefed (lemmy.world)
submitted 3 days ago* (last edited 3 days ago) by CombatWombatEsq@lemmy.world to c/voyagerapp@lemmy.world
19 comments fedilink hide all child comments
 

I was super excited to see that Voyager added experimental support for Piefed. I went a created an account on feddit.online, and tried to log in… and got a connection error. No worries, it’s experimental. That was like 5 months ago and it’s still happening and I’m starting to suspect it’s not going to get better on its own. I use a password manager, and it’s saying “connection error” so I feel like it’s probably not bad credentials? Did I choose a bad instance or is this client-side?

you are viewing a single comment's thread
view the rest of the comments
[–] wjs018@piefed.social 3 points 2 days ago (2 children)

Here you go:

curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "your_username",
  "password": "your_password"
}'
[–] Jerry@feddit.online 3 points 2 days ago

The Cloudflare WAF log shows that it allowed the login request to go through. I'll have to look more this evening.

[–] Jerry@feddit.online 2 points 2 days ago* (last edited 2 days ago) (2 children)

Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request)

@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@.@...............kz.....n...........  
@x..@x..POST /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@.@.CB.............BO.+Ngj..Vk.......

The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox

I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

I'm grasping at straws.

[–] rimu@piefed.social 2 points 2 days ago (1 children)

When I do a curl request to the feddit.online API endpoint I can log in fine. If I use an invalid password I get the expected error message.

rimu@rimu-mate2 ~ $ curl --request POST \
  --url https://feddit.online/api/alpha/user/login \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "rimu",
  "password": "valid password"
}'
{"jwt":"some gibberish"}
rimu@rimu-mate2 ~ $ curl --request POST   --url https://feddit.online/api/alpha/user/login   --header 'Content-Type: application/json'   --data '{
  "username": "rimu",
  "password": "invalid password"
}'
{"code":400,"message":"incorrect_login","status":"Bad Request"}
[–] Jerry@feddit.online 2 points 2 days ago

@rimu@piefed.social
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.

Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

[–] wjs018@piefed.social 2 points 2 days ago

Pinging @rimu@piefed.social for help as well.

I don't think the referer is checked at all for api endpoints, so I doubt that is the issue.