HTTP Authentication enabled - is gcode upload via the API still possible from PrusaSlicer?

Doc_Mungo · November 9, 2020, 10:56am

[OctoPrint v1.4.2, OctoPi v0.17.0]

I have enabled HTTP authentication on haproxy and installed fail2ban for protection against brute force attacks. Accessing the web-interface works perfectly.

However - uploading gcode using the API from PrusaSlicer is not possible anymore as a valid username and password is neccessary. IMHO this is absolutely logical.

Maybe this is a stupid question:

Is it still possible accessing OctoPrint from PrusaSlicer with HTTP authentication enabled? I have absolutely no idea where I should specify username and password.

I have not found a topic on the forum - if did overlook it - my apologies.

Any help is appreciated!

Thanks
Markus

Spooky_Wookie · November 9, 2020, 1:18pm

It's what i do, too.
When using the API-key you dont need to to supply user/password.
Just make sure you use the created the API-key from the corect user...

Doc_Mungo · November 9, 2020, 1:27pm

Just to be on the same page: You have activated authentication both on application level (OctoPrint) and you also have additionaly set up haproxy with authentication so you get an additional HTTP-log in window created by the browser?

I have tried different API-Keys (the admin one and als created an additional user with a separate key), none of this works.

PrusaSlicer always displays the following errormessage:

"Could not connect to OctoPrint: HTTP 401:

401 Unauthorized

You need a valid user and password to access this content. Note: OctoPrint version at least 1.1.0 is required."

Everything was working flawlessly before I enabled HTTP-authentication...

Spooky_Wookie · November 9, 2020, 2:09pm

Doing it without the haproxy-auth...
So, sorry i have no solution...

b-morgan · November 9, 2020, 9:12pm

Can you modify the URL like this? http://username:password@example.com/

Doc_Mungo · November 13, 2020, 9:04am

Thanks for the tip! This basically works, downside: The username and password are visible in plaintext within PrusaSlicer and the transmission of the credentials to OctoPrint is nearly transparent (Base64). At the moment I am trying to implement HTTPS access from within PrusaSlicer. It's not that satisfactory using self-signed certificates I'll also try ngrok on another Pi and see if it's easier to setup and maintain.

b-morgan · November 13, 2020, 1:03pm

There is one more tip I can offer (without the exact solution). In @foosel's latest OctoPrint on Air she informs us that access control will be mandatory in 1.5.0+ but there is a way for the local subnet (only) to bypass it.

Since I don't have access control enabled (yet) myself, I don't know how to accomplish this but I'll let you know when I figure it out.

Charlie_Powell · November 13, 2020, 1:20pm

The API key is a form of access control, I think the OP is using http basic auth (or similar) so that shouldn't affect them.

b-morgan · November 13, 2020, 1:42pm

The magic is documented at: https://docs.octoprint.org/en/master/configuration/config_yaml.html#access-control