mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-10 23:54:00 -05:00
Open
opened 2026-05-25 23:36:46 -05:00 by GiteaMirror
·
7 comments
No Branch/Tag Specified
master
enforce-append-only-migrations-ci
delay-initial-sync-until-loaded
jfdoming/mobile-app-build
claude/error-codes-worker-boundary-26i5uu
jfdoming/api-tokens-part-1
jfdoming/api-tokens-part-2
jfdoming/api-tokens-part-3
jfdoming/mobile-app-updates
ai/simplify-categories-get-api
api-browser-custom-data-dir
claude/budget-version-migration-compat-151jlr
claude/worker-error-serialization-9iqtl7
claude/react-table-library-research-afx83z
claude/issue-8401-regression-test-9nw9l3
jfdoming/mobile-app-foundation-part-1
jfdoming/mobile-app-scaffold
release
ai-fix-cleanup-def-8290
claude/relaxed-shannon-jusywa
claude/fervent-keller-s6f2fq
claude/determined-feynman-st1y9z
claude/wizardly-einstein-vi2wce
claude/sweet-albattani-7nseio
feat/bank-sync-per-budget-file
claude/affectionate-cannon-y0kc82
claude/dependabot-findings-m9pgmb
claude/mac-app-ios-publish-zjs1lz
claude/vigilant-tesla-aiiyos
depot-migrate-secrets-1781296330308
claude/quirky-cerf-v5qck7
claude/animation-removal-alternative-2etfh1
claude/netlify-preview-comments-consolidate-9XPYa
osc/7391-error-boundaries-reports
claude/pensive-dijkstra-7DYui
claude/server-app-version-mismatch-HTCGv
claude/pr-8027-review-feedback-mELuO
claude/zealous-wozniak-e5pO0
claude/intelligent-heisenberg-BSHJq
claude/translation-download-refactor-jFRsO
claude/mobile-performance-ideas-G9PAO
claude/github-issue-7988-5A5ly
blacksmith-migration-ff70d2d
claude/great-mayer-KRvOk
claude/react-native-ios-compilation-fcJh5
claude/serene-goldberg-58xv0
claude/kind-euler-LVG3K
release-automation/edge-nightly
7710-bundle-migrations
claude/fix-docker-build-error-WMfed
claude/llm-compatible-release-notes-t20Nr
7710-tests-tdd
cursor/transaction-table-rewrite-f077
claude/plan-ci-secure-context-OtEe1
claude/fix-issue-7667-DPXi3
cursor/resolve-pr-7449-ee11
claude/fix-typescript-build-error-JPtZ5
copilot/add-repository-configs-to-packages
worktree-compressed-drifting-ritchie
claude/api-consumer-verification-kfz1K
pr-7454
claude/fix-issue-7410-LLLQ4
revert-7281-generate-icons
react-query-useSchedules
copilot/sub-pr-6140
package-upgrades
v26.7.0
v26.6.0
v26.5.2
v26.5.1
v26.5.0
v26.4.0
v26.3.0
v26.2.1
v26.2.0
v26.1.0
v25.12.0
v25.11.0
v25.10.0
v25.9.0
v25.8.0
v25.7.1
v25.7.0
v25.6.1
v25.6.0
v25.5.0
v25.4.0
v25.3.1
v25.3.0
v25.2.1
v25.2.0
v25.1.0
v24.12.0
v24.11.0
v24.10.1
v24.10.0
v24.9.0
v24.8.0
v24.7.0
v24.6.0
v24.5.0
v24.4.0
v24.3.0
v24.2.0
v24.1.0
v23.12.0
v23.11.0
v23.10.0
v23.9.0
v23.8.1
v23.8.0
v23.7.2
v23.7.1
v23.7.0
v23.6.0
v23.5.0
v23.4.2
v23.4.1
v23.4.0
v23.3.2
v23.3.0
v23.2.9
v23.2.5
v23.1.12
v22.12.9
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
regression
reports
responsive
rules
schedules
server
✨ merged
split transactions
tech debt
tech-support
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
✅ approved
wontfix
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/actual#91536
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @aroberts on GitHub (Mar 1, 2025).
Original GitHub issue: https://github.com/actualbudget/actual/issues/4488
Verified issue does not already exist?
What happened?
I've gotten actual running with header auth, but I'm still seeing the password prompt on app load. Diving through the issues, it looks like this should not be happening (#2781). Is this a regression, potentially related to the recent work with multi-user, or is there something I am not configuring right?
if I type anything into the password box, it takes me to the same data, and the logs indicate it's accepting my header login.
relevant config:
is there anything obvious missing?
How can we reproduce the issue?
Launch actual with header auth configured; visit any actual page
Where are you hosting Actual?
docker
What browsers are you seeing the problem on?
Safari, Firefox
Operating System
None
@matthewkdies commented on GitHub (Mar 12, 2025):
I've also run into this bug! Using Caddy, here's my Caddyfile configuration
When requests are directed to Actual, they have the necessary header:
However this does not work for me. In the Actual logs, I see the following:
It is unprotected by password, and returns the following raw JSON:
However in the Docker Compose file, I have the following:
And they show up in the container as well:
For what it's worth, there is an experimental feature for OpenID: https://actualbudget.org/docs/experimental/oauth-auth/.
@hobbit44 commented on GitHub (Mar 31, 2025):
I'm having this on a fresh install, using openid and multiuser. What I'm noticing is that when you navigate to the root url, you get redirected to /login with the "Sign in with OpenID" button. But if you navigate directly to /login, you get the password prompt and it will fail to login. You have to go back to the home to get the correct redirect state.
@paulcoates commented on GitHub (May 17, 2025):
I'm also experiencing this issue. I've verified that my reverse proxy and actual-server environment variables are configured correctly using the following CURL request to the
/account/loginendpoint which returns a valid auth token... so header auth looks properly configured.However, my browser based requests are still getting redirected to
/account/needs-bootstrap/. I had a look at the code for that route from the initial PR in the actualbudget/actual-server repo that added the header auth functionality and compared it to its current state.c23cbb4b0e/packages/sync-server/src/app-account.js (L32-L45)The call to
listLoginMethodsappears to get the login methods associated to accounts in the database, but I don't think 'header' will ever be returned - as the database isn't aware when that is enabled. So unless OpenID has been turned on, this will always return a single value, andgetLoginMethod()never gets called like it used to.I think that is why @hobbit44 was able to get partial resolution when openid and multiuser was enabled, as that situation would mean
getLoginMethodgets called, and header auth would be identified.I think this a a by-product of a fix in OpenID implementation (most recently #4533) that introduced the ternary logic for
loginMethod. @lelemm would you have any thoughts as to whether this is on the right track?@matthewkdies commented on GitHub (May 17, 2025):
@paulcoates I just wanted to make a quick response to you above comment to say that is great troubleshooting and documentation! It is really clear while also being succinct, something I strive to do in my comments as well. Hope I'm not bothering you with a ping to say this!
With all of that being said, a quick way to confirm this would be to revert the used version of Actual to one before OpenID Connect was introduced as a feature and test that. I will do this when I get home later, if I remember to haha!
@lelemm commented on GitHub (May 19, 2025):
You are right, @paulcoates. But, I think there is something else making the header auth not work. I'm just not finding time to look at this.
If you want to tackle this and send it to me for review, I would gladly review it.
@pyrho commented on GitHub (May 24, 2025):
I've made an attempt at a fix, some assumptions were made.. I'm not 100% sure of what I did; worst case it serves as a base to a proper fix for someone who actually knows what they're doing.
I'm currently running a container that has my changes, with header auth working.
I built it with this command:
docker build -f packages/sync-server/docker/alpine.Dockerfile -t actual-header-auth-fix)And here are the environment variables I have set:
@ky1vstar commented on GitHub (Aug 27, 2025):
I've discovered a workaround, that results in working forward auth setup via Traefik and Actual Budget in docker compose.
Make sure, that you know what you are doing since it required direct SQLite manipulations.
You need to execute following commands inside a container: