Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-03-04 02:20:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

possible login fixes (#5444)

Browse Source 
# Description of Changes

Disable TLS checks and various cert checks to allow all sorts of
selfhost machines to be connected via tauri app

Version bump

Crop tool correctly shows ghostscript as optional so its not disabled on
java only installations

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### Translations (if applicable)

- [ ] I ran
[`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
This commit is contained in:
Anthony Stirling
2026-01-28 23:57:43 +00:00
committed by GitHub
parent e3982ed4c5
commit f3cf747cfe
11 changed files with 246 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
frontend/src-tauri/src/commands/auth.rs
View File

@@ -213,8 +213,20 @@ pub async fn login(
// Detect if this is Supabase (SaaS) or Spring Boot (self-hosted)
let is_supabase = server_url.trim_end_matches('/') == saas_server_url.trim_end_matches('/');
// Create HTTP client
let client = reqwest::Client::new();
// Create HTTP client with certificate bypass
// This handles:
// - Self-signed certificates
// - Missing intermediate certificates
// - Certificate hostname mismatches
// Note: Rustls only supports TLS 1.2 and TLS 1.3
let client = reqwest::Client::builder()
.danger_accept_invalid_certs(true)
.timeout(std::time::Duration::from_secs(30))
.build()
.map_err(|e| {
log::error!("Failed to create HTTP client: {}", e);
format!("Failed to create HTTP client: {}", e)
})?;
if is_supabase {
// Supabase authentication flow
@@ -235,7 +247,24 @@ pub async fn login(
.json(&request_body)
.send()
.await
.map_err(|e| format!("Network error: {}", e))?;
.map_err(|e| {
let error_msg = e.to_string();
let error_lower = error_msg.to_lowercase();
log::error!("Supabase login network error: {}", e);
// Detect TLS version mismatch
if error_lower.contains("peer is incompatible") ||
error_lower.contains("protocol version") ||
error_lower.contains("peerincompatible") ||
(error_lower.contains("handshake") && (error_lower.contains("tls") || error_lower.contains("ssl"))) {
format!(
"TLS version not supported: The Supabase server appears to require an unsupported TLS version. \
Please contact support. Technical details: {}", e
)
} else {
format!("Network error connecting to Supabase: {}", e)
}
})?;
let status = response.status();
@@ -296,7 +325,39 @@ pub async fn login(
.json(&payload)
.send()
.await
.map_err(|e| format!("Network error: {}", e))?;
.map_err(|e| {
let error_msg = e.to_string();
let error_lower = error_msg.to_lowercase();
log::error!("Spring Boot login network error: {}", e);
// Detect TLS version mismatch (server using TLS 1.0/1.1)
if error_lower.contains("peer is incompatible") ||
error_lower.contains("protocol version") ||
error_lower.contains("peerincompatible") ||
(error_lower.contains("handshake") && (error_lower.contains("tls") || error_lower.contains("ssl"))) {
format!(
"TLS version not supported: The server appears to be using TLS 1.0 or TLS 1.1, which are not supported by this desktop app. \
Please upgrade your server to use TLS 1.2 or higher, or use the web version of Stirling-PDF instead. \
Technical details: {}", e
)
// Other TLS/SSL errors (certificate issues)
} else if error_lower.contains("tls") || error_lower.contains("ssl") ||
error_lower.contains("certificate") || error_lower.contains("decrypt") {
format!(
"TLS/SSL connection error: This usually means the server has certificate issues. \
The desktop app accepts self-signed certificates, so this might be a TLS version issue. \
Technical details: {}", e
)
} else if error_lower.contains("connection refused") {
format!("Connection refused: Server is not reachable at {}. Check if the server is running and the URL is correct.", login_url)
} else if error_lower.contains("timeout") {
format!("Connection timeout: Server at {} is not responding. Check your network connection.", login_url)
} else if error_lower.contains("dns") || error_lower.contains("resolve") {
format!("DNS resolution failed: Cannot resolve hostname. Check if the server URL is correct.")
} else {
format!("Network error: {}", e)
}
})?;
let status = response.status();
log::debug!("Spring Boot login response status: {}", status);
@@ -505,7 +566,20 @@ async fn exchange_code_for_token(
) -> Result<OAuthCallbackResult, String> {
log::info!("Exchanging authorization code for access token with PKCE");
let client = reqwest::Client::new();
// Create HTTP client with certificate bypass
// This handles:
// - Self-signed certificates
// - Missing intermediate certificates
// - Certificate hostname mismatches
// Note: Rustls only supports TLS 1.2 and TLS 1.3
let client = reqwest::Client::builder()
.danger_accept_invalid_certs(true)
.timeout(std::time::Duration::from_secs(30))
.build()
.map_err(|e| {
log::error!("Failed to create HTTP client: {}", e);
format!("Failed to create HTTP client: {}", e)
})?;
// grant_type goes in query string, not body!
let token_url = format!("{}/auth/v1/token?grant_type=pkce", auth_server_url.trim_end_matches('/'));
@@ -526,7 +600,24 @@ async fn exchange_code_for_token(
.json(&body)
.send()
.await
.map_err(|e| format!("Failed to exchange code for token: {}", e))?;
.map_err(|e| {
let error_msg = e.to_string();
let error_lower = error_msg.to_lowercase();
log::error!("OAuth token exchange network error: {}", e);
// Detect TLS version mismatch
if error_lower.contains("peer is incompatible") ||
error_lower.contains("protocol version") ||
error_lower.contains("peerincompatible") ||
(error_lower.contains("handshake") && (error_lower.contains("tls") || error_lower.contains("ssl"))) {
format!(
"TLS version not supported: The authentication server appears to require an unsupported TLS version. \
Please contact support. Technical details: {}", e
)
} else {
format!("Failed to exchange code for token: {}", e)
}
})?;
let status = response.status();
if !status.is_success() {