Authentication Help Needed

#1

I'm pulling my hair out trying to get basic username:password security working. I'm able to modify setting.js and get the login box to show up, but it does not accept my credentials. i was not able to install the admin tools, but I could use this tool to generate the hash:

node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" your-password-here

but even when putting the hashed password into settings file and restarting NR, it will not take my credentials. I'm running NR in a docker container on a QNAP NAS. Any ideas would be appreciated.

Thanks
Mike

0 Likes

#2

As i continue to try everything I can think of, i've tried the default password scramble sample (which i believe is a scramble for the word password), which itself doesn't authenticate.

0 Likes

#3

Definitely what you report is not a trivial issue (that sometimes pop up in the forum):

1- Editing the wrong settings.js file :x:
2- mistake when copy / paste the lengthy hashed password to settings.js :x:
3- Trying to login with the hashed password (60 bytes long) :x:

The only thing that came to my mind you already tested: try the example password from the docs, which indeed match the word "password"

I will try to search in the old forum to see if I can find some clue.

0 Likes

#4

Thank you!! I'm stumped and surely there is an explanation and way to resolve. Confident I'm editing the correct settings.js because I can comment out the password function and immediately remove the login prompt from the app. I've copied and pasted many many times to suspect that isn't the issue. I've also tried not only the node -e option to create one but several referenced online bcrypt generators and the fact that the example one doesn't work tells me its something more fundamental than the copy paste. I'm accessing the site by local IP. Can't think of anything that might in be in the equation to interfere, although this is hosted in a docker container on a QNAP NAS under container station. Just don't know if there isn't something screwy with installations and wherever the bcrypt code stuff comes from that could cause it to fail on the login (decrypt?).

Any help is appreciated. Love the app but really would like to secure it.

0 Likes

#5

Could you post the startup log from node red please, up to the point it fails to authorise.

0 Likes

#6

Hi @mikerenna

This is one of those things that should Just Work. @Andrei has already listed the common pitfalls - none of which appears to apply here.

could you provide an example of the hash running that node command on your QNAP gives you? (Along with what word you hashed with it...)

What version of node.js are you running?

0 Likes

#7

I'm not sure how to tell which version of node.js. is that part of the docker image? There IS a version of Node.js v8 8.9.4.0 that is installed as an app in the qnap's app center. The docker image installed for Node-red itself in the qnap's container station is v8.
.

0 Likes

#8

When you start node-red the version of nodejs is listed in the startup log

0 Likes

#9

aha. 8.15.0

0 Likes

#10

also
Node-RED version v0.19.5
Linux 4.2.8 x64 LE
npm 6.4.1

0 Likes

#11

also, as for an example hash returned, if I run this:
`node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" 7kA6H8rnGL9T
i get:
$2a$08$T8jtFOaq7VjPUHNQmKABXeXP/kVZ5Ntqermn6bk.nvEiZ6H3tddCm

which won't work. But again, just using the default value for password doesn't work either.

0 Likes

#12

one other random thing. If I try to use node-red-admin path to get a hash, i can't install node-red-admin. i get a permissions error. I eventually abandoned trying to solve that having read that the node -e command could be run for the same purpose.

0 Likes

#13

Good catch. It is worth to investigate. The loging failure could be related to permission issues.

0 Likes

#14

I spent a good deal of time trying to figure this one out but not being much of a linux guy and just recently getting into the docker thing (not to mention that this is running on QNAP in container station), i'm a bit stumped on how to go after that one. Adding sudo doesn't work. I'm sure there are path issues. (in the qnap scenario you SSH into QNAP and then navigate to the docker container using "docker exec -it [container name] /bin/bash" from there I can run the npm install of node-red-admin which clearly executes, downloads and attempts to install but this error: npm WARN checkPermissions Missing write access to /usr/local/lib/node_modules
npm ERR! path /usr/local/lib/node_modules
npm ERR! code EACCES
npm ERR! errno -13
npm ERR! syscall access
npm ERR! Error: EACCES: permission denied, access '/usr/local/lib/node_modules'
npm ERR! { Error: EACCES: permission denied, access '/usr/local/lib/node_modules'
npm ERR! stack: 'Error: EACCES: permission denied, access '/usr/local/lib/node_modules'',
npm ERR! errno: -13,
npm ERR! code: 'EACCES',
npm ERR! syscall: 'access',
npm ERR! path: '/usr/local/lib/node_modules' }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator (though this is not recommended).

0 Likes

#15

No thoughts from anyone?

0 Likes

#16

I'm going to guess the user you are running the command as doesn't actually have the root access required. But before we go there - Is the only reason you want node-red-admin to create the hash of the password ? - you can also do that using the command line below from within the node-red-install directory

node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" your-password-here
0 Likes

#17

that is the only reason. My real issue is that the hashed passwords don't work. In fact, even the default password in the sample file does not work. I can turn on and off the login prompt by commenting out the authentication section, which rules out working on the wrong settings file. I'm baffled.

0 Likes

#18

I wonder if this is a DOCKER issue?? (never having used Docker, I won't be much help...sorry)

0 Likes

#19

its certainly one of the variables (and unfortunately not one easy to eliminate and rule out). Surely someone has proven this authentication model works with docker.

0 Likes