API unable to authenticate after updating Inventree

[JacobEFO]

Hi,

After I recently updated Inventree to the latest stable version and the API to 0.14.0 all my API based scripts have problems authenticating yielding a server connection issue. More precisely I get the following error:

Server connection error: <class 'requests.exceptions.ConnectionError'>
InvenTree server is not connected. Skipping authentication check
Traceback (most recent call last):
  File "/Users/jefo/MEGA/Electronics/PowerGaard/kicad/database/pgdb/mwe.py", line 4, in <module>
    api = InvenTreeAPI("http://inventree.localhost", username="root", password="jefo123")
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jefo/anaconda3/lib/python3.11/site-packages/inventree/api.py", line 77, in __init__
    self.connect()
  File "/Users/jefo/anaconda3/lib/python3.11/site-packages/inventree/api.py", line 131, in connect
    raise ConnectionError("Authentication at InvenTree server failed")
ConnectionError: Authentication at InvenTree server failed

I've gone down to a minimum example of the following code, where I have replaced username and password:

from inventree.api import InvenTreeAPI

if __name__ == "__main__":
    api = InvenTreeAPI("http://inventree.localhost", username="username", password="password")

I have also tried accessing with a token that worked last week on an older version of Inventree (v14.2 I believe it was). I am wondering why it states: 'InvenTree server is not connected.' because I have access to it on the new platform https://inventree.localhost/platform or the old GUI on https://inventree.localhost.

I have similarly tried accessing with pots 1337 and 8000 but unsurprisingly they do not work, as I have not specified any specific link in the INVENTREE_URL_SITE environment variable. Switching between http and https and using other combinations for the server address such as <URL>/api, <URL>/platform/api etc. similarly yield nothing.

Do you have any ideas what's going on?

Version info
Macos Monterey: 12.7.5
Inventree source code SHA: 9f35971db17e1660fcd27c752558d41952a3e541
Inventree API: 0.14.0
Docker:

[SchrodingersGat]

These two should be the same.

[JacobEFO]

@SchrodingersGat yes naturally, the latest paste was from one of the tries that I've been running with. Whether it's http or https is no different in the functionality, but I'd expect it should match up with the server instance that uses https.

[SchrodingersGat]

@JacobEFO apologies, I missed the last part where you had already tried that.

Looking at the initial error message it is stating an authentication error - this means the username / password combination is incorrect. Incidentally you should remove that data from your post

[JacobEFO]

I had verified numerous times that both the 'root' user with its accompanying password and my local super user with its respective password could indeed log in on the webpage but would fail authentication on the API. Similarly using a token that had previously been used successfully for authentication prior to updating Inventree failed with the same error.

[SchrodingersGat]

That is very odd. I have just confirmed that the latest inventree-python lib works with a local setup and also the demo server.

Can you check if you can connect to:

• host: https://demo.inventree.org
• username: admin
• password: inventree

(using your current python setup)

[JacobEFO]

I can successfully log-in through the web-page but also gain access using the API using username/password.

So I might just conclude, this is an inventree installation/setup problem more than the API at least.

[reid-p]

I've got exactly the same issue
Web access login works fine, password double and triple checked
python api using token or basic logon fails with "Authentication at InvenTree server failed"

[JacobEFO]

I have still yet to find a resolution. At the moment I put my inventree work on the shelf and hope to return in a newer version where this bug might just be miraculously solved :)

[SchrodingersGat]

@reid-p @JacobEFO have you tested access against the demo server?

[reid-p]

Yes the demo works.
I can see the creds being sent in the headers, so seems to be a server side issue.

I'm using inventree-python 0.14, installed via pip.

Here's the details of my server:

Version Information:

InvenTree-Version: 0.15.3
Django Version: 4.2.12
Commit Hash: d4d9aa9
Commit Date: 2024-05-28
Commit Branch: stable
Database: mysql
Debug-Mode: True
Deployed using Docker: False
Platform: Linux-5.14.0-427.18.1.el9_4.x86_64-x86_64-with-glibc2.34
Installer: GIT

Active plugins: [{'name': 'InvenTreeBarcode', 'slug': 'inventreebarcode', 'version': '2.0.0'}, {'name': 'InvenTreeCoreNotificationsPlugin', 'slug': 'inventreecorenotificationsplugin', 'version': '1.0.0'}, {'name': 'InvenTreeCurrencyExchange', 'slug': 'inventreecurrencyexchange', 'version': '1.0.0'}, {'name': 'InvenTreeLabel', 'slug': 'inventreelabel', 'version': '1.0.0'}, {'name': 'InvenTreeLabelMachine', 'slug': 'inventreelabelmachine', 'version': '1.0.0'}, {'name': 'InvenTreeLabelSheet', 'slug': 'inventreelabelsheet', 'version': '1.0.0'}, {'name': 'DigiKeyPlugin', 'slug': 'digikeyplugin', 'version': '1.0.0'}, {'name': 'LCSCPlugin', 'slug': 'lcscplugin', 'version': '1.0.0'}, {'name': 'MouserPlugin', 'slug': 'mouserplugin', 'version': '1.0.0'}, {'name': 'TMEPlugin', 'slug': 'tmeplugin', 'version': '1.0.0'}]

[SchrodingersGat]

Ok, so the demo server is running "master" branch, whereas you are running "stable". Perhaps there is a difference there

[reid-p]

Solved for my setup.
Had to add "WSGIPAssAuthorization On" to the apache config.
Authorization header wasn't getting sent thru.

Thou I tried a coupe of other things as well on the way.
Downgrade to python 3.11 (from 3.12). Haven't tried 3.12 again.
pulled the latest changes on stable to 0.15.4 / fa1a9da23a86a1cc6bea29e647c268872a15dcb1
reinstalled the python venv and reset the database to initial setup.
played with a couple of setting in the config.yaml related to cookies.

"invoke server" worked ok which suggested an apache config issue.

@JacobEFO, The following patch helped debug the issue for me.

diff --git a/src/backend/InvenTree/InvenTree/middleware.py b/src/backend/InvenTree/InvenTree/middleware.py
index d5463af22..c5b422342 100644
--- a/src/backend/InvenTree/InvenTree/middleware.py
+++ b/src/backend/InvenTree/InvenTree/middleware.py
@@ -70,6 +70,7 @@ class AuthRequiredMiddleware(object):

         # API requests are handled by the DRF library
         if request.path_info.startswith('/api/'):
+            print(f"{request.headers}")
             response = self.get_response(request)
             return response

[JacobEFO]

Thanks for following up. However, I seem to have no luck at all still.

Where did you add the WSGIPAssAuthorization On flag?

[SchrodingersGat]

@JacobEFO are you behind another layer of proxy / etc?

[JacobEFO]

@JacobEFO are you behind another layer of proxy / etc?

Sorry @SchrodingersGat, sometimes I just don't get updates. I am not behind any proxy or anything like that whatsoever. My network setup has not changed inbetween me switching versions.

[EliasJRH]

Also having this issue. Trying to use InvenTree python API with local instance but can't connect. It works with the demo instance however.

UPDATE: With the InvenTree docker setup, I modified the docker-compose.yml to map the server service's container port 8000 to host port 8000. I then connected to the API similarly to @JacobEFO using 127.0.0.1:8000 which was successful.

[SchrodingersGat]

@EliasJRH so, are you saying you could not connect when it was served on port 80?

[EliasJRH]

@EliasJRH so, are you saying you could not connect when it was served on port 80?

@SchrodingersGat I was not able to connect to it with the inventree.localhost url.

[SchrodingersGat]

@EliasJRH sorry for the delayed response. Are you saying that http://inventree.localhost:80 failed, but http://127.0.0.1:80 worked - without changing any of the server setup?

[SchrodingersGat]

I have just tested this on a fresh docker setup, with inventree hosted at http://inventree.localhost

If I connect (via the python API) to http://inventree.localhost, the connection works just fine.

However connecting to https://inventree.localhost (note, https instead of http) then I get the following error:

Server connection error: <class 'requests.exceptions.SSLError'>
InvenTree server is not connected. Skipping authentication check
Traceback (most recent call last):
  File "<pyshell#14>", line 1, in <module>
    api = InvenTreeAPI("https://inventree.localhost", username=user, password=password)
  File "C:\Python39\lib\site-packages\inventree\api.py", line 77, in __init__
    self.connect()
  File "C:\Python39\lib\site-packages\inventree\api.py", line 131, in connect
    raise ConnectionError("Authentication at InvenTree server failed")
ConnectionError: Authentication at InvenTree server failed

[JacobEFO]

After updating inventree and the containers to 0.16.1 I managed to get access via the API to adress http://inventree.localhost:1337.

By including the following settings in the .env file:

INVENTREE_WEB_PORT=1337
INVENTREE_SITE_URL="http://inventree.localhost"

Next step will be to figure out why my API calls are no longer working correctly.

[SchrodingersGat]

@JacobEFO OK I might have something here...

It appears that maybe doing subdomain requests against "localhost" (e.g. inventree.localhost) is not supported by the python requests library: psf/requests#5847

If you use a locally bound IP address of your machine as the INVENTREE_SITE_URL, then you should (hopefully) be able to get access?

e.g. INVENTREE_SITE_URL=http://192.168.120.10 (but use an actual valid IP for your machine)...