Can't login after installation

[pblanton]

I followed the instructions for installing Kitsui and it is installed correctly. I got no errors and I see the new Dynamo database, S3 bucket and Lambdas.

The deploy script gave me these credentials...

Admin db entry created Username: email@gmail.com Password: password123

I can hit the login page fine, but when I attempt to login, I get an error "Unable to log in".

I checked the dynamo db user table and see the data. The hashed password is

"$pbkdf2-sha256$10000$tnauNUaoVQpBSKn1HkNI6Q$l0yMNqzGEEXCV4gDBT35gLjbfiXPXyP/xS/bx3ei.0A"

and the role is "FullAdmin".

There's a disconnect somewhere. What do you suppose the problem is?

[johncave]

Hi @pblanton, this repo was mainly created as a university project and is known to be buggy. My first suggestion would be to check the cloudwatch logs for the created Lambda function and see if it's throwing any errors when trying to work on logging you in. Other than that, did you create the items in the us-east-1 region?

[pblanton]

John,

Yes I know it was a university project, but I think it's a good idea and wanted to explore the design. I'd like to create a serverless competitor to wordpress, and I like the idea. I'd love to get your code running so I can see how you approached it.

I installed it on us-west-2.

One thing that puzzles me, I copied your code for the password hashing, and ran it in the PyCharm console.

from passlib.hash import pbkdf2_sha256 password = "password123" hashed_pass = pbkdf2_sha256.encrypt(password, rounds=10000) print hashed_pass

I ran it three times and got three different hashes.

$pbkdf2-sha256$10000$IYQwxhjD2JvT.r83JkSoNQ$PoGcPjBXJDySAjqZXqwAaEZzYImjzqSBAqk13RkINvg $pbkdf2-sha256$10000$tnauNUaoVQpBSKn1HkNI6Q$l0yMNqzGEEXCV4gDBT35gLjbfiXPXyP/xS/bx3ei.0A $pbkdf2-sha256$10000$j5HyXitFiHEOgfC.t7b2Xg$V5s8V3fLCmoldVZ7REiSeI4.I.2VR92axouNN.bKzdQ

Seems like that could be an issue.

[chownema]

Not sure how you got 3 different hashes :/, I stood up the project 2 days ago and tested on the core lambda module and the login seemed fine, might be to do with api gateway changes.. We did have an issue before where api gateway was mapping it's event args to lambda incorrectly and resulting in the inability for the lambda module to get any arguments passed in a post

[pblanton]

Yeah... I thought it weird too, so I re-ran the experiment in PyCharm's console. I ran this exact code four times...

from passlib.hash import pbkdf2_sha256 password = "password123" hashed_pass = pbkdf2_sha256.encrypt(password, rounds=10000) print hashed_pass

and got these four different hashes...

$pbkdf2-sha256$10000$j5HyXitFiHEOgfC.t7b2Xg$V5s8V3fLCmoldVZ7REiSeI4.I.2VR92axouNN.bKzdQ $pbkdf2-sha256$10000$em8tJQRAaK2VMiYEIGTsPQ$RT5UpdXwM/3rvUgHwgwXkfTDhoxdD6Eveli5.qpD9JQ $pbkdf2-sha256$10000$wzgnhHAuJYTQOkfIOYfw3g$yQ1bCW7C8BsU9XjfE5D47wtBsRHb1wo8i3ZYfLuPPDA $pbkdf2-sha256$10000$XwsBAIBQ6l1rrVVKSWntfQ$5WOOsJhHakVTThEAPMY/YCF6NCgNy6/bLfJaeD8DueI

[pblanton]

I suspect I'll just disable hashing in order to attempt to get the login to work. Once I do and I play with it a bit, I'll create some unit tests for the hashing stuff and re-implement it.

[pblanton]

I just noticed that the first run of the second test, and the last run of the first test generated the same hash. :-/

[johncave]

@pblanton You should be getting different hashes on each run of the hashing algorithm, as this is part of how PBKDF2 works. It's a secure password hash algorithm, not a general-purpose hash such as SHA2.

Are you seeing any error messages in the Cloud Watch logs?