Login via web or api

Gabriele7 years ago

Hello everyone,

I know this could sound as a very stupid question, but I'm unable to login with users created via web interface or api (from android application).

In my registration payload I set name, email, password and token for future reference.

Every time I try to login with a newly created user (via web on Firefox) it always returns me "Wrong username or password".

What am i doing wrong?

Thank you very much

Anton Tananaev7 years ago

Are you saying it doesn't work in the official web app? Then you are probably misconfigured something.

Gabriele7 years ago

No, I'm not blaming the official app, clearly I'm doing something wrong.

I noticed that newly created user can login via email / password, whether admin can login via username. So I was trying to login via newly created username, but I suppose this is not possible

Anton Tananaev7 years ago

By "username" you mean "login"? Admin doesn't have it and you shouldn't use it because it's only for LDAP. Admin uses email like everyone else. It's just by default it has "admin" as email address.

Gabriele7 years ago

Ok, thanks, now I get it.

Thank you very much

Gabriele7 years ago

Still I can't understand when JSESSIONID is returned

This is a logcat for a normal login

01-17 13:23:47.089 23043-23119/com.gabrieleciaccia.tratest V/stazioj: L'invocazione avviene su http://XXXXXX.com:8082/api/session?undefined=false&email=pelo@pelo.com&password=asdasd
01-17 13:23:47.268 23043-23119/com.gabrieleciaccia.tratest V/login: response string is: {"id":33,"attributes":{},"name":"Pelo","email":"pelo@pelo.com","phone":null,"readonly":false,"admin":false,"map":null,"distanceUnit":null,"speedUnit":null,"latitude":0.0,"longitude":0.0,"zoom":0,"twelveHourFormat":false,"coordinateFormat":null,"disabled":false,"expirationTime":null,"deviceLimit":-1,"userLimit":0,"deviceReadonly":false,"token":"lFOz6ujFAkd5OrTdu4HMv","timezone":null,"password":null}
01-17 13:23:47.268 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Date: Wed, 17 Jan 2018 12:23:46 GMT
01-17 13:23:47.268 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Set-Cookie: JSESSIONID=14fsp8aucsorbrzuzmgve184p;Path=/api
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Expires: Thu, 01 Jan 1970 00:00:00 GMT
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Content-Type: application/json
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Headers: origin, content-type, accept, authorization
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Credentials: true
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Origin: *
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Content-Length: 401
01-17 13:23:47.269 23043-23119/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Server: Jetty(9.2.22.v20170606)
01-17 13:23:47.331 23043-23119/com.gabrieleciaccia.tratest W/Java7Support: Unable to load JDK7 types (annotations, java.nio.file.Path): no Java7 support added

this one is a login attempt AFTER the user registered

01-17 13:26:17.555 23043-23325/com.gabrieleciaccia.tratest V/login: request string is: 
01-17 13:26:17.555 23043-23325/com.gabrieleciaccia.tratest V/stazioj: L'invocazione avviene su http://XXXXX.com:8082/api/session?undefined=false&email=and@and.com&password=asdasd
01-17 13:26:17.645 23043-23325/com.gabrieleciaccia.tratest V/login: response string is: {"id":34,"attributes":{},"name":"Annibale","email":"and@and.com","phone":null,"readonly":false,"admin":false,"map":null,"distanceUnit":null,"speedUnit":null,"latitude":0.0,"longitude":0.0,"zoom":0,"twelveHourFormat":false,"coordinateFormat":null,"disabled":false,"expirationTime":null,"deviceLimit":-1,"userLimit":0,"deviceReadonly":false,"token":"tTDXKYTEp5Nc2cetFHGlp","timezone":null,"password":null}
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Date: Wed, 17 Jan 2018 12:26:17 GMT
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Content-Type: application/json
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Headers: origin, content-type, accept, authorization
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Credentials: true
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Access-Control-Allow-Origin: *
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Content-Length: 403
01-17 13:26:17.646 23043-23325/com.gabrieleciaccia.tratest I/MainActivity: header di risposta :Server: Jetty(9.2.22.v20170606)

As you can see, the second one is missing the Set-Cookie: header. But, if I restart the app and try the login after a while, it works correctly.

Can you point me out in the right direction?

Sorry for bothering you

Anton Tananaev7 years ago

As far as I know, cookie is set if there is no cookie in request.

Murthy Varanasi4 years ago

while trying traccar web file and logging in,it gives the following error
Any suggestions pls

app.js:78 GET http://3.138.160.165:8082/api/session?token=WWwmHxXF9xyc4jZB9VCAuC93MUEtYwPK 404 (Not Found)
ajax @ app.js:78
(anonymous) @ app.js:82
xhr.onreadystatechange @ app.js:72
XMLHttpRequest.send (async)
ajax @ app.js:78
(anonymous) @ app.js:81
VM66:1 Uncaught SyntaxError: Unexpected token H in JSON at position 0
    at JSON.parse (<anonymous>)
    at XMLHttpRequest.xhr.onreadystatechange (app.js:72)
Anton Tananaev4 years ago

Usually code 404 means that your user is not found. My guess is that the token is incorrect.

Murthy Varanasi4 years ago

If it's da token from the portal under accounts menu,then it is correct but I still get da error

leontino4 years ago

I'm getting the same problem, i'm use admin admin yet and get 404 error

http://xxx.yyyy.zz.154:8082/traccar/s/login?locale=de&user=admin&password=admin

Don't worked.

Anton Tananaev4 years ago

Where did you get this URL from? It won't work with the official Traccar.

leontino4 years ago

Sorry Anton, it's true, how I can make a external login ?