How can I set up open dashboard access, but have user/pass on editor?

thebaldgeek 20 October 2020 13:32 1

Have been trolling through this forum and Google looking for an answer for just over two hours, if I missed it, please point it out and I will be on my way....

I'd like to have unfettered access to the dashboard pages, but require a username and password for the editor.

I have spent a lot of time in a text editor tweaking settings.js.
Added the following block of code;

adminAuth: {
    type: "credentials",
    users: [{
        username: "user",
        password: "$2a$04$hZQUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxkohIcQ.H2",
        permissions: "*"
    }]
},

Also have been experimenting with setting true/false and taking it out entirely the following line;
credentialSecret: "false";

Those changes turn on a user/pass for all Node-RED, that is to say, both the dashboard and the editor.... I can't find a way to enable it for one mode and not the other.

If the platform matters I am on a Pi 3 running Node-RED 1.0.3 and Node.js version 12.14.1

Thanks for your help.

Paul-Reed 20 October 2020 13:55 2

Are you sure?
Adding adminAuth should only apply basic auth for the Admin pages (editor), and not the dashboard.

In your settings.js file, have you changed the httpNodeAuth setting? That would normally require auth for the node endpoints (dashboard), but by default, it is commented out and therefore auth is not applied.

knolleary 20 October 2020 13:59 3

And don't play with the ctedentialSecret property. That has nothing to do with authentication and if you change it, the runtime won't be able to decrypt your credentials file and your flows will be broken.

dceejay 20 October 2020 14:05 4

In settings you should also move the admin path away from the http path. Eg move httpadmin to /admin. Then the admin with will only apply to that path

1 Like

thebaldgeek 20 October 2020 14:33 5

Thanks guys.
I think the key is to uncomment this line;
httpAdminRoot: '/admin',

I had not tried that.
Uncomment that line, add the section on adminAuth and as Nick said, do not mess with the credentialSecret.

You will then find your user/pass protected editor at http://yourPiIP:1880/admin and the openly accessible dashboard at http://yourPiIP:1880/ui/

Awesome stuff.

1 Like

tmichaeltx 20 October 2020 15:08 6

When you do this, what type of error, login or otherwise do you get if you go to http://yourPiIP:1880 ?

system Closed 3 November 2020 15:08 7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Custom user authentication for dashboard Dashboard node-red-dashboard , security	1	328	19 July 2023
Enable Dashboard Access but deny flow adaptions Dashboard	5	593	16 November 2021
How to protect the dashboard with credentials for more than 1 users? Dashboard	20	208	27 February 2024
adminAuth change path root General	3	1532	19 February 2019
Accessing the Admin-API General	4	602	6 May 2022

Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy