Hi, I installed the addon, set the timezone & superuser password, and enabled ingress auth in the configuration tab. Then addon started normally, nothing unusual noticed in the log.
When I load the ingress UI however, I get only a partially loaded home screen with a red error dialog that has the following raw JSON content:
{"headers":{"normalizedNames":{},"lazyUpdate":null},"status":403,"statusText":"Forbidden","url":"http://my_local_ip:8123/api/hassio_ingress/M4rh4WttNIJx2dFXfyIkpr4Y-2QXJ0N0rnG98Tbg1E4/api/ui_settings/","ok":false,"name":"HttpErrorResponse","message":"Http failure response for http://my_local_ip:8123/api/hassio_ingress/M4rh4WttNIJx2dFXfyIkpr4Y-2QXJ0N0rnG98Tbg1E4/api/ui_settings/: 403 Forbidden","error":{"detail":"You do not have permission to perform this action."}}
I did a search of the addon github issues, and this thread, but didnāt come up with anything concrete to try next. Any suggestions?
Edit: so if I disable ingress auth, then I get a login prompt when loading the ingress url, and I can successfully log in using the paperless superuser credentials from the addon config. UI loads normally in this case. So I guess thereās something wrong with my setup that is preventing the HA SSO from working? Thanks in advance for any advice!
OK well itās still not working. I can only log in manually using superuser (admin) credential after turning off ingress auth setting. Once I re-enable the setting, neither admin nor HA users can successfully load the UI via ingress.
First, really appreciate your engagement here, many thanks! Iām a Paperless noob but very intrigued and looking forward to trying it out.
My ha username is different than the superuser admin. So, I turned off ingress auth, logged in as admin, and see two users in the list, admin and my ha username. (Interestingly, none of my other ha users are there yet, but maybe they are only added when attempting to load the UI via ingress for the first time? Iām not sure what the expected behavior is for ingress auth functionality.)
When I check the permissions for my ha user I see this:
So it doesnāt look like my ha user got any default permissions. If I understand the Paperless docs correctly, at least UISettings View permission is required to even fully load the web UI. And I would suggest that ha addon users via ingress should get default permissions that are a bit broader than the bare minimum.
I went ahead and granted my ha user full permissions across the board, and after turning ingress auth back on everything works!
Happy to file a GitHub issue for you on the minimum default permission if that is helpful, let me know.
