Hi like to add more then one user to use the dashboard.
So i edit the setting.js.
It seems that only the last account/user is working, can there be only one user ?
I want to have one user that i use to edit the dashboard and another user for using in IFTTT
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "<my_hash1>",
permissions: "*",
username: "api-user",
password: "<my_hash2>",
permissions: "read"
}]
},
Hi @pvklink - you haven't quite got the syntax right. The users property is meant to be an array of user objects:
users: [{
username: "admin",
password: "<my_hash1>",
permissions: "*"
}, {
username: "api-user",
password: "<my_hash2>",
permissions: "read"
}]
OK, my dashboard seems to work now with two accounts (one readonly) and ssl, so much secure!
But, my webhook in IFTTT does not use this settings and is not secure!
I tested my IFTTT webhook:
https://:@router..nl:1880/pvkapi it works, but:
https://router..nl:1880/pvkapi also works!
post (body)
{"command":"switchlight", "idx": 354, "switchcmd": "Set Level","level": 40}
adminAuth only secures the editor. It does not secure the routes you define with the HTTP nodes.
We only support basic auth on those routes - the security docs page tells you how to configure it.
I also set
httpNodeAuth: {user:"api-user",pass:"xxx"},
httpStaticAuth: {user:"api-user",pass:"xxxx"},
but still i can add http post and get requests in IFTTT without username and password
problem solved... reboot did the trick
