Custom user authentication help

Hi !

Is there anyone who knows, how it can be use the custom user authentication? I tried with the example (with little modification of course) but it not works. Here is my custom js:

module.exports = {
    type: "credentials",
    authenticate: function(username,password) {
        return new Promise(function(resolve) {
            var ok=false;
            if(username=="Admin"&&password=="destiny5562"){
                ok=true;
            }
            else{
                ok=false;
            }
            if (ok==true) {
                // Resolve with the user object. Equivalent to having
                // called users(username);
                var user = { username: "admin", permissions: "*" };
                resolve(user);
            } else {
                // Resolve with null to indicate the username/password pair
                // were not valid.
                resolve(null);
            }
        }); 
    },
 }

And in my settings.js the only thing i do that, just enabled the adminAuth:

adminAuth: require("./user-authentication"),

When try to log in, browser dev console throw this when i use good username and password


But if i use the wrong username password combo, i got this:

So in a some way it works it can idetify good password username combo, but still didn't allow the let me enter the flow editor.

Do i miss something in the custom.js or the setting.js? Maybe form both missing something.

Thank you for your help in advance !

Did you implement the other parts ( users and default) according to this

1 Like

The explanation of how to do what you are trying is here: Securing Node-RED : Node-RED

You appear to be missing the users function.

1 Like

@Steve-Mcl @TotallyInformation I tried, what you suggested me and it's worked. So for that, i tried to make a more complicated custom auth. What i want the achive is a custom auth which working with mysql. Here is look like now:

var mysql = require('mysql');
var con = mysql.createConnection({
host: "localhost",
user: "root",
password: "",
database: "smh"
});

module.exports = {
    type: "credentials",
    users: function(username) {
        return new Promise(function(resolve) {
            con.connect(function(err) {
                con.query("SELECT * FROM users WHERE username ='"+username+"'", function (err, result, fields) {
                  if (err) throw err;
            if (result.length!=0) {
                // Resolve with the user object. It must contain
                // properties 'username' and 'permissions'
                var user = {username: result[0].username, permissions: result[0].permission};
                resolve(user);
            } else {
                // Resolve with null to indicate this user does not exist
                resolve(null);
            }
             });
            });    
        });
    },
    authenticate: function(username,password) {
        return new Promise(function(resolve) {
            con.connect(function(err) {
                con.query("SELECT * FROM users WHERE username ='"+username+"' AND password='"+password+"'", function (err, result, fields) {
                if (err) throw err;
           
                if (result.length!=0) {
                // Resolve with the user object. Equivalent to having
                // called users(username);
                     var user = { username:result[0].username, permissions: result[0].permissions};
                    resolve(user);
                } else {
                // Resolve with null to indicate the username/password pair
                // were not valid.
                    resolve(null);
                }
            });
          });    
        });
    },
    default: function() {
        return new Promise(function(resolve) {
            // Resolve with the user object for the default user.
            // If no default user exists, resolve with null.
            resolve({anonymous: true, permissions:"read"});
        });
    }
  }   

The problem with that code is basicly the same with the that one that i posted. If i pass the good username and password it didn't allow me the enter i got 401 error, but if i pass a wrong one 403 error. So the situation is the same at was before.

Anyone have idea what's wrong now?

Are you running node-red in a debugging environment like vscode? You could put break points in the code & see if your query is working as expected.

Alternatively, litter your code with console logs.

No, but i trying that.

Also put in some console.log statements before your resolves to see if you are actually getting the data you think you are.

1 Like

It's been a week since i posted, but i found it the solution. Problem was a mistyping of the permission field name. Anyway thank you for your help