User Auth login from flow editor

Hello Noder's.

Is it possible we can change admin user auth from the flow editor. Aiming towards the Raspberry pi ?
Can the Exec module do this ?
Is there a module that already does this? has anyone ever done this before or thought about it ?

Thanks

Do you mean replace the default authentication with an alternative?

Hi.

So i have set a user name and pass in the settings.js.
Password was generated using the node-red-admin tool.
Copied the pass word into node-red settings.js
If i wish to change the password i need to open the admin tool again, generate a new password and copy it to the settings.js.
Is there a way to do this within the flow? i know the Exec module can interact with the system files.

@mako if you are using the default auth mechanism, then one vital extra step is to restart Node-RED for it to pickup any changes you make. So that makes it a bit more complicated if you want Node-RED to update itself - still doable, but more complicated.

A basic flow would be:

  • File In node to read your current settings file
  • a Function node to generate the new password hash (or Exec node to run node-red-admin to do it)
  • Function node to parse the settings file, figure out where to insert the new hash and do so
  • File Out node to write the new settings file
  • Exec node to trigger an appropriate command to restart Node-RED - the specifics will depend on how you are running Node-RED. This isn't trivial. If you exec node-red-stop && node-red-start, then the node-red-stop will kill the exec node and the node-red-start will never happen.... so you need to figure some way around that.

A different alternative would be to create a custom authentication plugin that reads usernames/password from an external file and allows for the file to update without requiring a restart of node-red. Whilst that would make it easier to create a flow to update the password, it is more complicated to create the custom plugin in the first place.

I realise this doesn't give you all the answers, but it points you in a direction if you want to pursue it.

sudo systemctl restart nodered

plus use visudo to allow the node-red user to run systemctl without entering a password, but I think you would need to do that anyway for node-red-stop/start.

.. and I assume the way you enter the new password is also behind https ? otherwise you are submitting it in the clear.

That is of course assuming you are running on a Pi or Ubuntu system with Node-RED running as a service using our install script.

If you're running it somehow else, the precise way to restart will be different.

If running on a Pi and with root control you may as well just issue a reboot command :slight_smile:

Cheers Chaps.

It would be running on a Pi. And issuing a reboot command was the preferred method.
I have a flow that achieves this already on the PI.
I wouldn't use node red Start stop. On every instance i run the ```
sudo systemctl enable nodered.service


Infact

@knolleary is there a way to pull the authenticated user ID into the flow logic? I could read settings.js but may have multiple user accounts configured... :confused:

@jmacle There is no relationship between who might be logged into the editor at any one time and what the flows are doing. You might have multiple users logged in at any one time. The flows run independently of that.