Bacularis web interface "Authorization failed"

Wappler

Hi everybody! I'm at my wits end. For days now I've been trying to set up Bacularis on my new Ubuntu laptop, but I've been unable to get past the admin login. I've been tinkering around myself, tried using both ChatGPT and Claude nothing. Claude says that 'it's a PRADO framework issu and needs more debugging'. Anybody has any pointer how to proceed. Here's a summary of my attempts so far, thanks!

Bacularis Web Interface "Authorization Failed" Error - Docker Setup

Problem Summary

Bacularis web interface login consistently fails with "Authorization failed" error despite correct credentials and configuration. The API interface works perfectly at port 9097, but web interface login at port 8081 fails after form submission.

Environment Details

Bacularis Version: 5.3.1 (Docker containers)
Docker Setup: bacularis-web, bacularis-ui (API), bacularis-db (PostgreSQL)
PHP Version: 8.4.5
Web Server: nginx/1.26.3
OS: Linux (Docker on Ubuntu-like system)
PRADO Framework: 4.2.2

Container Configuration

docker ps | grep bacularis
# bacularis-web (port 8081) - Web interface
# bacularis-ui (port 9097) - API interface  
# bacularis-db (port 5432) - PostgreSQL database

Observed Behavior

✅ Working Components

API Authentication: curl -u admin:admin http://localhost:9097/api/v2/config/dir/status/ returns {"output":[],"error":0}
Web Interface Loads: Login page accessible at http://localhost:8081/page,LoginPage
Form Submission: Login form processes correctly (returns HTTP 302 redirects)
Container Connectivity: Web container can reach API container successfully

❌ Failing Components

Web Interface Login: Always shows "Authorization failed. Please contact the Bacularis administrator to grant permissions."
Session Persistence: Dashboard redirects back to login page (HTTP 302 to /page,LoginPage)
Authentication Flow: Form submission appears successful but session is not established

Configuration Files

web.conf

[Web]
auth_type = "local"
def_columns_per_page = "25"
def_job_age = "604800"
time_format = "F j, Y H:i:s"
date_format = "Y-m-d"
datetime_format = "Y-m-d H:i:s"
enable_users_login = "1"
security_informations = "0"
multiuser_restriction = "0"

[Authorization]
users = "admin"

hosts.conf

[Main]
auth_type = "basic"
login = "admin"
password = "admin"
client_id = ""
client_secret = ""
redirect_uri = ""
scope = ""
protocol = "http"
address = "bacularis-ui"
port = "9097"
url_prefix = ""

bacularis.users (both containers synchronized)

admin:$apr1$EWhwVzb0$f5kDEf1tn2KzZj5yCZJZn/

Troubleshooting Steps Completed

1. Fixed PHP 8.4 Compatibility Issues

Fixed deprecated syntax in PRADO framework files:
- /var/www/bacularis/protected/vendor/bacularis/bacularis-common/Common/Modules/JWT.php:170
- /var/www/bacularis/protected/vendor/pradosoft/prado/framework/Web/THttpRequest.php:747
- /var/www/bacularis/protected/vendor/pradosoft/prado/framework/TApplication.php:666
Fixed configuration file path in WebConfig.php:49

2. Resolved File Permission Issues

# Fixed ownership of user files
chown nginx:nginx /var/www/bacularis/protected/vendor/bacularis/bacularis-web/Web/Config/bacularis.users
chown nginx:nginx /var/www/bacularis/protected/vendor/bacularis/bacularis-api/API/Config/bacularis.users

3. Synchronized Password Hashes

Used htpasswd -nmb admin admin to generate identical password hashes in both containers
Verified both web and API containers have matching bacularis.users files

4. Tested Different Authentication Methods

Tried auth_type = "basic" and auth_type = "local"
Both configurations show same "Authorization failed" error

5. Verified Container Connectivity

# From web container to API container works
wget -qO- --header="Authorization: Basic YWRtaW46YWRtaW4=" "http://bacularis-ui:9097/api/v2/config/dir/status/"
# Returns: {"output":[],"error":0}

Technical Analysis

Login Flow Investigation

Form Submission: POST to /page,LoginPage with correct PRADO_PAGESTATE
HTTP Response: 302 redirect back to /page,LoginPage
Session Issue: No persistent authentication session established
Dashboard Access: Direct access to / redirects to login page

Error Pattern

Login form processes without "Invalid username or password" error
Form submission returns proper HTTP 302 responses
"Authorization failed" message appears after redirect
No authentication session persists for dashboard access

PRADO Framework Behavior

PRADO pagestate handling works correctly
Form validation passes
Authentication appears to succeed at form level
Session/authorization layer fails

Log Analysis

Container logs show no obvious authentication errors
No PHP fatal errors or PRADO exceptions visible
Web server successfully processes all requests

Questions for Community

Has anyone encountered this specific "Authorization failed" pattern where form submission works but sessions don't persist?
Are there known issues with PRADO 4.2.2 and PHP 8.4 that could cause session management problems?
Is there a web interface setup wizard that needs to be completed before login works?
Should the web interface authentication go through nginx HTTP Basic Auth instead of PRADO form authentication?
Are there additional configuration files or database settings that control web interface authorization beyond the files mentioned?

Workaround

The API interface works perfectly and can be accessed directly:

URL: http://localhost:9097
Credentials: admin/admin
Full Bacularis functionality available through API interface

Request for Help

Looking for guidance on debugging this PRADO framework session/authorization issue or similar experiences from the community. The configuration appears correct based on documentation, but the web interface authentication flow is not completing successfully.

Any insights into Bacularis web interface internals or similar Docker setup experiences would be greatly appreciated.

Generated on: $(date)
Docker Environment: Bacularis containers with PostgreSQL backend