BasicAuth with Hash is not working

8gears / n8n-helm-chart

A Kubernetes Helm chart for n8n a Workflow Automation Tool. Easily automate tasks across different services.

https://artifacthub.io/packages/helm/open-8gears/n8n

Apache License 2.0

187 stars 97 forks source link

BasicAuth with Hash is not working #13

Closed tl-Bruno-Braga closed 3 years ago

tl-Bruno-Braga commented 3 years ago

Hello

I am trying to setup basic auth with n8n. I am using the hashed option which looking at the source code seems to indicate that a bcrypt hash should be set as N8N_BASIC_AUTH_PASSWORD.

When i enable hash:

config:  
 security:
    basicAuth:
      active: true
      hash: true

the basic auth on my browser keeps saying that the password is wrong. I have generated the bcrypt password using the following code:

var salt = bcrypt.genSaltSync(10);
console.log(process.env.N8N_PASSWORD)
var hash = bcrypt.hashSync(process.env.N8N_PASSWORD, salt);
console.log(hash)

Any reason why this is not working? Seems to work when i set hash to false and use normal password authentication.

Thanks

Vad1mo commented 3 years ago

I only tried it with username/password but your config settings seems to look good to me. I guess it is the hash itself, can you try to run n8n locally seting the hash and debug the application or ask the n8n team

tl-Bruno-Braga commented 3 years ago

https://github.com/n8n-io/n8n/issues/1835

Tried locally and same issue. Asked above.

tl-Bruno-Braga commented 3 years ago

Hello @Vad1mo i was wrong actually. I tested locally and it seems that it was working. The hash i provided was incomplete. Once i plugged that same hash on my helm setup i keep getting unauthorized. I noticed that N8N_BASIC_AUTH_HASH is not being set on env variables or so it seems.

There is definitively some issue here. Can i ask you to try it yourself and see if you can login?

Thanks

Vad1mo commented 3 years ago

the helm chart is writing the config file that n8n is using, I tried to avoid using ENV Vars as in that case I need to support each one individually. can you please take a look in your configMap, this one should contain the entry, if there is no entry then this is a problem with this helm chart.

tl-Bruno-Braga commented 3 years ago

This is the configmap:

{
  "listen_address": "0.0.0.0",
  "port": 5678,
  "protocol": "http",
  "security": {
    "basicAuth": {
      "active": true,
      "hash": true
    }
  }
}

Looking at config inside container:

/data # cat /n8n-config/config.json
{
  "listen_address": "0.0.0.0",
  "port": 5678,
  "protocol": "http",
  "security": {
    "basicAuth": {
      "active": true,
      "hash": true
    }
  }
}

However, i would like to ask you to try and see if you can reproduce the issue on your side.

Vad1mo commented 3 years ago

where is the password entry in the config file? can you quote your hash in the yaml file?

tl-Bruno-Braga commented 3 years ago

We are integrating with vault so we source on a file with exports. The hash is therefore an exporter variable. Password works fine but hash does not. However, it seems that when i try the export route with a local docker compose it works fine. With helm chart it does not. Perhaps there is something overriding this on the chart.

Just thought it would be useful to bring this up since the functionality is lacking. I am now using password instead since i could not get the hash to work.

Vad1mo commented 3 years ago

I strongly think it's something on your side, maybe vault. This Helm chart just creates the config file that n8n used.

try to hardcode the password bypassing vault and see if that works