I tried setting password 123 and it didn't work. What do you mean by type the password in the browser terminal?
Could you give me an example.
Thank you.
Hehe, this is a tricky one. Since you tried 123 already, my suggestion does not really make sense anymore.
I'm a bit clueless atm. Can we make sure you're editing the right settings.js?
Can we try
journalctl -u node-red -b
Is there really no documentation in the web? I found only things regarding Onion Omega2.
Yes, I'm sure I'm editing settings.js
I tried to put that code but it says it can't find it.
I have searched the web for information but have not found anything related to this problem.
Greetings.
Could you help me if I share a desk with you so you can see what I'm doing wrong?
The logic would be: I have a controller connected to the network and this is the one with Node-Red and I connect to the controller through my computer through a local connection.
Hi there, yes we could try that. But as I mentioned, there is no guarantee because I could not find any documentation of the product (not the problem) you are using in the web.
What time-zone are you at?
Where and when did you buy the product?
Can you send some photos of the board with exact model number etc.?
I am in the time zone of Santiago de Chile: Time zone: UTC-4.
I bought the product on 07/15/21 and it will arrive on 07/30/21.
Yes, tell if this picture works for you.
Thanks.
Yes, that's the device I'm using.
@knolleary I had a quick look at the device but it's quite difficult, because I have never worked with NCD devices before (and the system is quite slow, bcrypt takes minutes to complete). As a short term solution we disabled the editor completely, which works for them for now, since they don't want the customer to "mess" with the flow.
But I have another questions regarding this: The process keeps restarting itself if I kill it and Node-RED is somehow started through node. Sorry I think this is when Node-RED is being started .. there is first a node process and after that I can see a node-red process. Could this be related to the password problem? They (me included) are really stuck with this.
If you reboot does node-red automatically restart? If so then that same mechanism may be restarting node-red. You need to find out how node-red auto starts on that device. On a Pi running Raspbian it would be done using systemd and you can stop node-red using
sudo systemctl stop nodered.service
but that may not be right for your device.
Thank you @Colin. We figured that bit out, in this case (on this device) it has to be done through the service command (systemctl is not installed/available). We are currently trying to manually start and stop Node-RED and see if the problem remains.
I ran @fsaavedra's settings.js on a test server with the exact node (8.10.0) / Node-RED (1.2.9) versions and without installing bcrypt to test the "fallback". Everything seems to be working - it's really odd.
However, I have noticed that if you enter the password wrongly a few times, Node-RED blocks the login for a while (that's why we are trying the manual process atm) .. unfortunately there is zero log if Node-RED blocks the login and I could not find anything in the forum about this (quick search only).
Edit: Manual stop/start does not solve the problem. Login fails.
@rko I will try to take a look at this over the coming week. This has been the first request to password protect the Node-Red flow editor. I assumed it would be relatively simple since it's just a flat file but I guess I overestimated the simplicity. I can tell you Node-Red is running as a start up service on the device which operates on OpenWRT. I may bring the Omega Onion folks into the conversation as well.
By the way I'm Travis from NCD.
1 Like
Hey Travis,
Thanks for getting back to us! We wanted to further investigate the problem with a VM, but I did not have the chance to spend much time on this. The OpenWRT VM is running, and I also managed to install some of the NCD stuff from here. However, the VM needs some resizing of the partition which I did not find the time to do, yet. Are there any specific and ready to use images you could provide?
@rko,
I do not have the system image file. Essentially we get the Omega Onion S2+ modules, then we run an install script which installs NodeJS, Node-Red, our ncd-red-wireless library, and copies over some script files which do things like display an admin web UI and a start up script that launches node-red on boot. If you wanted to investigate further I would say you could get the image file from Onion's website. At least I think they would have it available.
I tried to investigate yesterday but only got about 30 minutes invested before I was interrupted. My plan is to initially just implement basic auth protection to the node-red flow UI(username/password). If I can get that working I'll look into HTTPS.
Sorry it's taking a while to get this done, I'm crunched for time currently and this has only been requested by 1 users so far.
No worries. I think they currently disable the editor as workaround. However, it would be interesting to find out what causes this problem. And as far as I know they don't use https.
I will try to find an image for testing.
So I finally had a minute to go in and edit the settings.js file. I uncommented out and edited these lines:
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$uperSecure4sure",
permissions: "*"
}]
},
After this I restarted the node-red service. Upon restart I tried to access the Node-Red flow editor through port 1880. I was prompted for login as expected. I pasted in the username and password but got the response login failed. It's strange that the settings file update would prompt for the username and password but validation of credentials would fail.
Browser inspect console shows:
[Error] Failed to load resource: the server responded with a status of 403 (Forbidden) (token, line 0)
Under Network inspector in the browser the response back to the request is:
{
"error": "invalid_grant",
"error_description": "Invalid resource owner credentials"
}
Headers:
Summary
URL: http://192.168.88.29:1880/auth/token
Status: 403 Forbidden
Source: Network
Address: 192.168.88.29:1880
Initiator:
vendor.js:5:25687
Request
POST /auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Host: 192.168.88.29:1880
Origin: http://192.168.88.29:1880
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15
Referer: http://192.168.88.29:1880/
Content-Length: 95
Connection: keep-alive
Cookie: shellInABox=1:101
Node-RED-API-Version: v2
X-Requested-With: XMLHttpRequest
Response
HTTP/1.1 403 Forbidden
Date: Wed, 08 Sep 2021 18:10:42 GMT
Content-Length: 82
Content-Type: application/json
Connection: keep-alive
X-Powered-By: Express
Request Data
MIME Type: application/x-www-form-urlencoded; charset=UTF-8
client_id: node-red-editor
grant_type: password
scope
username: admin
password: $uperSecure4sure
This was through Safari. To be thorough I tried Crome browser as well but got the same outcome.
Thoughts?
I assume that you used bcrypt / hash-pw command to generate the password string (as described here) and the "superDuper password thingy" is just a placeholder?
Hello there !!
Thanks for the answers! I can put a password in nodered and it works! I don't know if it was the configuration that @rko did the other day or I don't know, but I make the password on this website:
What you could try is to put the IoT Edge computer with factory parameters again and try to put the key to see if it works.
Thanks.
Hehe, congrats! Did you also try to run the hash-pw command directly on the device?
I tried to run node-red admin hash-pw and /usr/lib/node_modules/node-red/red.js admin hash-pw but both doesn´t works so I made a password by the website posted.
