Trying authorization on flow editor without secret key

Until now I used node red without a secret key so I have credentialSecret: false ,in de settings.js.

Now I played around with authorization on the flow editor, still with credentialSecret: false .

But that doesn't seem to work. Do I need the secret key to make password protect to work for me?


Or do I have to do something with de type-attribute to make it work?

I would like this, because if you give webbrowser <ip address>:<port>, without /uiit will go directly to flow editor, rather then dashboard.

Hi @henkkas

credentialSecret does not have any relation to how you secure the editor.

What have you tried so far? When you say it doesn't work what exactly do you mean? Does the editor prompt for a login but you can't get in? Or does it not prompt for a login at all? Have you restarted Node-RED to pickup those changes? Are you sure you're editing the right settings file?

If you are trying to setup a user called admin with a password hallo then it will not work because you need to generate a password hash. This is explained in the link shown in the comment in that screenshot.

@knolleary Yes, indeed, I didn't read that carefully enough. Thanks, now it is working. :slight_smile:

@knolleary I said it was working fine and it did.

But then I got the great idea of changing the password, so I generated another hash for new password.
I pasted that new hash into the settings.js and restarted node-red.
But now it looks like there is no password check anymore. I tried rebooting and wiping password from browser, but no password check anymore.

Do you have any idea what I did wrong?

Did you log out of the editor (from the user drop-down menu)?

@knolleary Indeed, that was the solution.

Is it some how possible that log-out is automatic after x time not being on the editor?

Login tokens are valid for 7 days by default, but you can reduce that in the settings file.

However it is not activity based - it is an expiry time from the moment you login.

Ok @knolleary , thanks very much, that will do it for me. :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.