Hi !
Is there anyone who knows, how it can be use the custom user authentication? I tried with the example (with little modification of course) but it not works. Here is my custom js:
module.exports = {
type: "credentials",
authenticate: function(username,password) {
return new Promise(function(resolve) {
var ok=false;
if(username=="Admin"&&password=="destiny5562"){
ok=true;
}
else{
ok=false;
}
if (ok==true) {
// Resolve with the user object. Equivalent to having
// called users(username);
var user = { username: "admin", permissions: "*" };
resolve(user);
} else {
// Resolve with null to indicate the username/password pair
// were not valid.
resolve(null);
}
});
},
}
And in my settings.js the only thing i do that, just enabled the adminAuth:
adminAuth: require("./user-authentication"),
When try to log in, browser dev console throw this when i use good username and password
But if i use the wrong username password combo, i got this:
So in a some way it works it can idetify good password username combo, but still didn't allow the let me enter the flow editor.
Do i miss something in the custom.js or the setting.js? Maybe form both missing something.
Thank you for your help in advance !
Did you implement the other parts ( users and default) according to this
The explanation of how to do what you are trying is here: Securing Node-RED : Node-RED
You appear to be missing the users function.
@Steve-Mcl @TotallyInformation I tried, what you suggested me and it's worked. So for that, i tried to make a more complicated custom auth. What i want the achive is a custom auth which working with mysql. Here is look like now:
var mysql = require('mysql');
var con = mysql.createConnection({
host: "localhost",
user: "root",
password: "",
database: "smh"
});
module.exports = {
type: "credentials",
users: function(username) {
return new Promise(function(resolve) {
con.connect(function(err) {
con.query("SELECT * FROM users WHERE username ='"+username+"'", function (err, result, fields) {
if (err) throw err;
if (result.length!=0) {
// Resolve with the user object. It must contain
// properties 'username' and 'permissions'
var user = {username: result[0].username, permissions: result[0].permission};
resolve(user);
} else {
// Resolve with null to indicate this user does not exist
resolve(null);
}
});
});
});
},
authenticate: function(username,password) {
return new Promise(function(resolve) {
con.connect(function(err) {
con.query("SELECT * FROM users WHERE username ='"+username+"' AND password='"+password+"'", function (err, result, fields) {
if (err) throw err;
if (result.length!=0) {
// Resolve with the user object. Equivalent to having
// called users(username);
var user = { username:result[0].username, permissions: result[0].permissions};
resolve(user);
} else {
// Resolve with null to indicate the username/password pair
// were not valid.
resolve(null);
}
});
});
});
},
default: function() {
return new Promise(function(resolve) {
// Resolve with the user object for the default user.
// If no default user exists, resolve with null.
resolve({anonymous: true, permissions:"read"});
});
}
}
The problem with that code is basicly the same with the that one that i posted. If i pass the good username and password it didn't allow me the enter i got 401 error, but if i pass a wrong one 403 error. So the situation is the same at was before.
Anyone have idea what's wrong now?
Are you running node-red in a debugging environment like vscode? You could put break points in the code & see if your query is working as expected.
Alternatively, litter your code with console logs.
Also put in some console.log statements before your resolves to see if you are actually getting the data you think you are.
It's been a week since i posted, but i found it the solution. Problem was a mistyping of the permission field name. Anyway thank you for your help
