AdminAuth disconnects every few minutes

efratha94 · 24 March 2021 14:36

Hi all,
We've recently started using AdminAuth in settings.js to secure our flows. We're using node-red through a docker container, running on Portainer.

I've noticed that every time I login into a node-red flow, it disconnects after a few minutes and I get "You must be logged in to deploy changes" or "Deploy failed: Not authorized". Sometimes it happens only once and then it doesn't happen again, but sometimes it happens repeatedly.
It happens so quickly that I'm always still on the flow itself, working on it (the computer never shuts down or enters sleeping mode) and then my changes are lost.
Also, sometimes the login takes a very long time that it times out.

Do you have any idea how to fix it? Is it a known problem?

Thanks in advance

Steve-Mcl · 24 March 2021 15:39

I suspect your image is crashing and restarting. Check logs for clues.

efratha94 · 25 March 2021 06:15

I don't think it crashes, because I also take the flow from git, and if it crashed it would have asked me to pull the flow again (the flow would be restarted).
I also looked at the logs and it doesn't say anything like "flow started" in between these disconnections.

I asked other people who are also using the same docker server and sometimes the same node-red flows, and they said they didn't experience that sort of thing.

The credentials are the the same LDAP credentials for the portainer the containers are hosted on, and it stays connected the entire time, even when node red "disconnects".

I hope that's some more information that helps, maybe there's some other solution?

Thanks!

knolleary · 25 March 2021 07:44

Are you running multiple instances of the same container?

One thing you could try is to turn on audit-level logging (set audit to true in the logging section of settings.js).

You'll then get more logging related to access to the admin API. Using that, watch what log messages you get starting from when you login to when you next get the error.

efratha94 · 25 March 2021 08:07

No, they're all running on one instance only.
I will try that and update.
Thanks!

efratha94 · 29 March 2021 12:55

I tried updating the "audit" key to true in settings.js and restarted the flow, but for some reason it didn't give any more details regarding the authentication process.

As you can see here, it shows I'm logged in, but when checking inside the console it says I'm not (also when trying to hit deploy, it says I'm unauthorized - it logged me off)

and these are the logs, which for some reason didn't auto-refresh:

Thanks in advance

knolleary · 29 March 2021 14:05

The audit logs will appear in the runtime log, not the editor. The log output you've shared shows no audit log output.

efratha94 · 30 March 2021 05:08

Where can I find it?
The containers are hosted on a docker swarm server that I don't have direct access to (or at least not sudo access)

knolleary · 30 March 2021 08:44

You shared a screenshot of the node-red log in your previous post.... that's the log that should contain the audit logs.

efratha94 · 1 April 2021 07:18

Hi,
Did you mean the dev tools debugger?
If so, then this is what I get:

knolleary · 1 April 2021 07:40

No, I meant the other screenshot you shared - that started Welcome to Node-RED

efratha94 · 1 April 2021 08:02

efratha94 · 4 April 2021 05:51

Any help? please

knolleary · 4 April 2021 08:07

What browser are you using?

Can you grab a copy of /data/.sessions.json (or maybe .session.json I can't remember without checking):

before you login
immediately after you login
after you get the next unauthorized request.

Compare them - you should see a new entry appear after the initial login. Does the file change at all after that?

efratha94 · 29 April 2021 11:36

Hey, sorry it took me some time to reply.
I just tested it - there's a new entry after loggin in, but then it doesn't change once I'm disconnected.

Before logging in:

{
    "d1vc3KVhR8p55Yntv3adviZVlcCxTE3VJ1dcmPjwP/BNh/7NLG/rEA1ex8z4qAa36PJenOJOBJXRHNG0dD8pg+j3tI2rmZHe+jqv+cnRYil8E8Ra8G2+chOcRDddY//YA73uNA5PF6BRcryM4feJOMUZZeT+43lQF0msim3IRsg=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620297327694
    },
    "P/d8EE1Dx1BrSfRVg7sBb8U/Z/4cHDy3nCcLZpjchGpGJ/G1EvkWI0XM4xJwXbB/P1c3E2avVoPbJFd2fzi/OEB2DMXPLbe5MT0wgG4oc5+IuYepRRRghOJE/qQBpWXhyZBznp4bi5uyi7oud1GjqkSRuJjqOzgdGBMv7h+PdUc=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620299518434
    },
    "vDJh8edGuBFaX5oLtC2PySVNUerX3PATeU1Ete2dGPt6VQzw48dK+NrGd+kfSL9gq8rO8RpKATz9N7NaebTI3RFv13e8AuZzvvH6UCx0Ar2J0A2DwpDMiM6vIQINOoe4vhfMOe+5g5+GGhNZk57zkIXeGhSa9dbiztendIYtQWE=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620300136561
    }
}

After logging in and also after getting disconnected:

{
    "d1vc3KVhR8p55Yntv3adviZVlcCxTE3VJ1dcmPjwP/BNh/7NLG/rEA1ex8z4qAa36PJenOJOBJXRHNG0dD8pg+j3tI2rmZHe+jqv+cnRYil8E8Ra8G2+chOcRDddY//YA73uNA5PF6BRcryM4feJOMUZZeT+43lQF0msim3IRsg=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620297327694
    },
    "P/d8EE1Dx1BrSfRVg7sBb8U/Z/4cHDy3nCcLZpjchGpGJ/G1EvkWI0XM4xJwXbB/P1c3E2avVoPbJFd2fzi/OEB2DMXPLbe5MT0wgG4oc5+IuYepRRRghOJE/qQBpWXhyZBznp4bi5uyi7oud1GjqkSRuJjqOzgdGBMv7h+PdUc=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620299518434
    },
    "vDJh8edGuBFaX5oLtC2PySVNUerX3PATeU1Ete2dGPt6VQzw48dK+NrGd+kfSL9gq8rO8RpKATz9N7NaebTI3RFv13e8AuZzvvH6UCx0Ar2J0A2DwpDMiM6vIQINOoe4vhfMOe+5g5+GGhNZk57zkIXeGhSa9dbiztendIYtQWE=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620300136561
    },
    "K8NxtQMmr1U5bYgJsgCFtAo7kotzYcuI0HG91HB0xpKMJJq1p+uh6HKlTU9gBynvRm7YL64HxRoCHdUyTdS0iq9+68RiDeXlJNVYZ+rDkcHr0LV5ZBfY/LZdQgmEbgO1D46TPkIUCKhaTHHaYQLM0qXO/gCOlX2EwBgxQtLc0cI=": {
        "user": "efrat.h",
        "client": "node-red-editor",
        "scope": "*",
        "accessToken": "some-access-token",
        "expires": 1620300832141
    }
}

Thanks

efratha94 · 3 May 2021 13:56

I'm using chrome

efratha94 · 5 May 2021 08:59

I think I understand the problem better, but still needs support -
I have several projects on the same server, each in its own container (running on docker), and I'm working on them simultaneously with my user, which is with LDAP auth.

Again, each of the flows/projects is on a different container completely, but still, I think that's what signs me off.
The question is what can I do with that?

Thanks

system · 4 July 2021 08:59

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Refresh logged in node-red making issues General	4	324	18 September 2021
Credentials keep disappearing General	5	625	14 January 2021
adminAuth issues, Node Red does not start General	12	1334	10 November 2022
Flows missing after http securing General	2	84	5 October 2023
Vanishing flows General	12	152	29 December 2023

AdminAuth disconnects every few minutes

Related Topics