(adminAuth) unable to login node-red

There seems to be a lot of asterisks in the screenshot above of your login...

When you are trying to login, what are you putting in the password field, the hash which you have in your settings file, or the password that you used to generate the hash?

I putting the password which there in the setting.js file

Can you try copying the username & password shown below into your settings.js file;

     adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "$2a$08$1NzTz7reHuZ2LC7PI5raEe6iSWhvs/iPyvqEt7cMulEedF9orq3Xq",
            permissions: "*"
        }]
    },

Then restart node-RED, and try and login using these details;
Username: admin
Password: mypassword

...and let us know if you can then log in.

1 Like

Thanks Done

Are you able to login using those details?

If so, then maybe you made an error generating the password hash, see https://nodered.org/docs/user-guide/runtime/securing-node-red

Don't forget to set your own username/password :+1:

Thanks a lot. It would help me a lot in windows.

I hit the same issue that I could not login when setting adminAuth to use a hash.
I followed through and found the example provided by @Paul-Reed and tested that credential set and that works fine. meaning the issue is more about the hash generation.
The example working shows

  1. I have set everything correct
  2. That node-red is functioning correctly
  3. the hash is somehow not matching the password string when I generate it using the hash-pw command and node-red decrypts it.

I looked at point #3 a little more and tried to check the hash I provided against the password string using an online tool and they do match. I tried with the example provided and of course it too matched, and I did try a purposely failing case to make sure the online site was correctly functioning and it failed as it should.

I have also tried to generate the hash using an online tool (https://bcrypt-generator.com) and that hash too does not work.
So my attention returns bck to the only thing that is working on my system that is the example given by Paul-Read. How was that hash generated?

Quite intrigued with whats wrong.

Regards

Paul

By following the node-RED documentation...

The command node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" your-password-here seems a pretty reliable way to generate it.

I did see that alternative way mentioned and did try to see it it would produce the same result, unfortunately it is not clear to me what directory is the 'node-red' directory as there are a few levels in my users home directory I did try using it to see if I could generate something and it failed with errors so I gathered it was because I am not in the correct directory when executing the command, but perhaps the errors needs further investigation. Can you give the hash-pw method a try that is also staed in the instructions and see if it also works for you? I suspect it will. I just would like the confirmation.

Thanks
Paul

Yes, the wording in the docs is a little misleading -

Alternative, you can run the following command from within the Node-RED install directory:

I run the command from within the node-RED user directory, which on a Raspberry Pi is /home/pi/.node-red and seems to work fine.
The user directory is where your settings.js & flows.json files are stored.

I just tested node-red-contrib-bcrypt
It works for generating a good hash that works with adminAuth

Yes. I did once propose we create a node-red-hashpw shortcut but for some reason Nick wasn't keen.

I think the issue is my install, for some reason is has some issue that I cannot explain as it works with the hash of mypassword provided.
I have tried doing the command below as root and as the openhabian user, I am not on a pi but I built my openhab install using the openhabian scripts.

root@openhab /home...openhabian/.node-red $ su openhabian -
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
openhabian@openhab:~/.node-red$ pwd
/home/openhabian/.node-red
openhabian@openhab:~/.node-red$ node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" mypassword
internal/modules/cjs/loader.js:550
    throw err;
    ^

Error: Cannot find module 'bcryptjs'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:548:15)
    at Function.Module._load (internal/modules/cjs/loader.js:475:25)
    at Module.require (internal/modules/cjs/loader.js:598:17)
    at require (internal/modules/cjs/helpers.js:11:18)
    at [eval]:1:13
    at Script.runInThisContext (vm.js:65:33)
    at Object.runInThisContext (vm.js:197:38)
    at Object.<anonymous> ([eval]-wrapper:6:22)
    at Module._compile (internal/modules/cjs/loader.js:654:30)
    at evalScript (internal/bootstrap/node.js:483:27)
openhabian@openhab:~/.node-red$

If somebody could help me step through getting this resolved please.

Regards
Paul

Is bcrypt installed in your operating system?
It's not installed by default in all OS, you may need to manually install it.

No - that is not the advice that is needed here.

That one-liner alternative has to be run in the directory where Node-RED is installed. It's hard to be more specific because each OS puts globally installed modules in a slightly different place.

If you run: npm list -g node-red it should tell you where it is installed - go to that directory and rerun the command.

Have I been doing it wrong all these years... perhaps it's something unique to Raspbian.

pswd

pswd

Have you installed bcrypt globally or is it present in the node_modules in your nr user dir? For either, that command would work.

I can't recall how/if bcrypt was originally installed, but yes it's present in node_modules, so I'm assuming that's why it's working from .node-red.

Thanks, it works for me. With only user and password in text, does'nt work
With password hash, works ok
Node red in a Azure ubuntu virtualization 18.04

i succesfully generated a password with
node-red-admin hash-pw
and paste it inside the settings.js but only is unlocked with mypassword. How odd is that. its straight forward creating a has what the error you mentioning on a later post?
What about mypassword can anyone log with it and not the stored hash?
what i found strange though is when i hit node-red-admin hash-pw doesnt allow me enter a pass just the enter key works and then generates a hash