[BUG] Authentication does not work correctly

malordin commented 1 year ago

Environment

Self-Hosted (Docker)

System

Windows 10 21H2 , Firefox 109.0 x64

Version

2.1.1

Describe the problem

I have set up two users, malordin and admin, with hash and type : admin. But if I log in without cookies and then log in, I can't change the configuration under any user with admin rights. In addition, I have 2 sections hidden from Guests, but when I log in as any user with admin privileges, I still can not see them. What is the problem?

Additional info

Here is my beginning of conf.yml

appConfig:
  theme: crayola
  layout: auto
  iconSize: medium
  language: en
  startingView: default
  defaultOpeningMethod: newtab
  statusCheck: false
  statusCheckInterval: 1
  faviconApi: allesedv
  routingMode: history
  enableMultiTasking: false
  widgetsAlwaysUseProxy: false
  webSearch:
    disableWebSearch: false
    searchEngine: duckduckgo
    openingMethod: newtab
    searchBangs: {}
  enableFontAwesome: true
  enableMaterialDesignIcons: false
  hideComponents:
    hideHeading: false
    hideNav: false
    hideSearch: false
    hideSettings: false
    hideFooter: false
  disableConfigurationForNonAdmin: true
  auth:
    enableGuestAccess: true
    users:
      - user: admin
        hash: 12345
        type: admin
      - user: malordin
        hash: 1245
        type: admin
    enableKeycloak: false
  showSplashScreen: false

There is no information in the logs:

➜  dashy sudo docker-compose logs -f
Dashy  | yarn run v1.22.15
Dashy  | $ node server
Dashy  | 
Dashy  | Checking config file against schema...
Dashy  | ✔️ Config file is valid, no issues found
Dashy  | 
Dashy  | SSL Not Enabled: Public key not present
Dashy  | 
Dashy  | 
Dashy  |  ██████╗  █████╗ ███████╗██╗  ██╗██╗   ██╗
Dashy  |  ██╔══██╗██╔══██╗██╔════╝██║  ██║╚██╗ ██╔╝
Dashy  |  ██║  ██║███████║███████╗███████║ ╚████╔╝
Dashy  |  ██║  ██║██╔══██║╚════██║██╔══██║  ╚██╔╝
Dashy  |  ██████╔╝██║  ██║███████║██║  ██║   ██║
Dashy  |  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝   ╚═╝
Dashy  | 
Dashy  | *******************************************************************************************
Dashy  | Welcome to Dashy! 🚀
Dashy  | Your new dashboard is now up and running with Docker
Dashy  | *******************************************************************************************
Dashy  | 
Dashy  | 
Dashy  | Using Dashy V-2.1.1. Update Check Complete
Dashy  | ✅ Dashy is Up-to-Date
Dashy  |

Please tick the boxes

[X] You have explained the issue clearly, and included all relevant info
[X] You are using a supported version of Dashy
[X] You've checked that this issue hasn't already been raised
[X] You've checked the docs and troubleshooting guide
[X] You agree to the code of conduct

liss-bot commented 1 year ago

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

d34vbd5 commented 1 year ago

I do have a very similar problem. Sometimes i can see my Dashboard (Auth Enabled, Guestmode Disabled) but still i am not logged in (can't do any changes).

SiDaS1998 commented 1 year ago

I can add to this problem as well. I have installed fresh install yesterday in docker with auth enabled (guestmode disabled). And when I open the site up it shows dashboard firstly, not the login page. But when I create something and save it locally (I am only allowed to save it locally), after that I refresh the page and then the site forces you to the login page, but if I delete the cache, dashboard opens up first again before the login page. I tried with guestmode enabled, it does the same thing (opens dashboard firstly before the login page).

rechner commented 1 year ago

I'm having similar authentication problems, with any mechanism. If I enable keycloak with or without guest mode, I'm shown the dashboard and a log-out button without every being prompted to log in, and when I click the log-out button, this appears in the console:

maximemoreillon commented 1 year ago

I am also experiencing authentication issues: Even though enableGuestAccess is set to false, I can access my dashboard using a Chrome in incognito mode. It seems to indicate my dashboard is now publicly accessible. Also, I can't find the login button anymore on the UI.

I rolled back to a snapshot of the Dashy container image I took 5 months ago, using the same conf.yml file, and authentication works as expected.

HaJanDo commented 1 year ago

I'm having similar authentication problems, with any mechanism. If I enable keycloak with or without guest mode, I'm shown the dashboard and a log-out button without every being prompted to log in, and when I click the log-out button, this appears in the console:

I can also confirm when using the docker image for 2.1.1, a perfectly functioning conf.yml from 2.1.0 will not work for keycloak authentication - actually I did not even notice up until today. I sent the dashboard to someone else and they asked me why the do not need to log in to see elements (so it shows it as if you are already logged in and presents every link to the public!). I rolled back to 2.1.0 and it instantly worked again.

As a test I started cutting everything out of my conf.yml but I never succeeded in getting keycloak running with 2.1.1.

I noticed there were already issuses opened for this: #1019 #1063 #990

liss-bot commented 1 year ago

This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

liss-bot commented 1 year ago

This issue was automatically closed because it has been stalled for over 6 weeks with no activity.

TheRealGramdalf commented 9 months ago

See https://github.com/Lissy93/dashy/issues/1290#issuecomment-1884249018 for a potential fix/explanation

For notifications: @HaJanDo @maximemoreillon @d34vbd5 @malordin @SiDaS1998 @rechner Sorry if you didn't want to be pinged, but I figure you probably did - or you wouldn't have participated in the issue

Lissy93 / dashy