search

BIDMCDigitalPsychiatry / LAMP-platform

The LAMP Platform (issues and documentation).
https://docs.lamp.digital/
Other
12 stars 10 forks source link

No secret_key during mongo database deployment #756

Closed carlan1 closed 1 year ago

carlan1 commented 1 year ago

There is an issue with key generation under mongoDB database initialization.

Expected behavior: Initializing a LAMP docker stack (while using the default stack as listed under docs.lamp.digital) should initialize a mongoDB container. The mongo container should automatically include a key-value pair (located within a collection called test.credential) with a key name of secret_key. The value associated with this key should be equal to the encrypted password used to authenticate the LAMP dashboard.

Current behavior: At this time, when inspecting the test.credential collection, the secret_key field has a default value of null. Therefore, at this time, in order to be able to authenticate the server and log into the dashboard, the administrator needs to manually update this key-value pair with an encrypted custom password (encrypted using the ROOT_KEY in the LAMP stack).

Administrators should not be required to manually encrypt and update the secret key. We need to make a change such that there is an automatically generated admin password, and that this default password is equal to the key that is generated in the server container logs.

bvescovi-orangeloops commented 1 year ago

I'll look into it

bvescovi-orangeloops commented 1 year ago

I've tried this locally and I couldn't reproduce it.

Screen Shot 2023-04-20 at 11 44 49

I've noticed that's only generating the password if the "credential" collection is not created in the mongodb. @carlan1 are you sure that the db was empty when starting the server?

bvescovi-orangeloops commented 1 year ago

I've also noticed that there is a piece of code adding another admin user with the environmental variable: DB_ADMIN_USERNAME Which will create an admin credential with that access key and no password to handle through Oauth (this should be an account on the identity provider)

bvescovi-orangeloops commented 1 year ago

I've made another test using the local machine to run the server but connecting to a clean mongodb database and I couldn't reproduce this either. I got the password generated and I was again able to log in, through the oauth server using the autogenerated credential.

avaidyam commented 1 year ago

I wonder if it was a one-off error. Let's ignore it for now, and if it comes up again we can re-open the issue.