Authentication Issues (development branch)

[zfouts]

First off, I understand using the development branch (or develop tag with docker) isn't supported in any way shape or form. I have not had the time to investigate the code to see what has changed between deployments from ~2 weeks ago to ~5 days ago.

I'm using docker image ofsm/ofsm:develop to get the latest version of factorio. Upon pulling a new version of this image I can no longer authenticate to the UI. I've tried both a working sqlite db from another server, and I've tried removing it. Same result.

Here's the current image:

ofsm/ofsm                                       develop                           63632186780e        40 hours ago        51.9MB

Here's how I am launching:

version: '2'
services:
  factorio:
    image: ofsm/ofsm:develop
    ports:
     - "192.168.1.57:80:80/tcp"
     - "34197:34197/udp"
    volumes:
     - /data/factorio-server-manager/saves:/opt/factorio/saves
     - /data/factorio-server-manager/config:/opt/factorio/config
     - /data/factorio-server-manager/mods:/opt/factorio/mods
     - /data/factorio-server-manager/fsm-data:/opt/fsm-data

Here's my data structure (pre-launch):

.
├── config
│   ├── server-adminlist.json
│   └── server-settings.json
├── docker-compose.yml
├── fsm-data
├── mods
│   ├── even-distribution_1.0.7.zip
│   ├── mod-list.json
│   ├── mod-settings.dat
│   └── sonaxaton-infinite-resources_0.4.7.zip
└── saves

4 directories, 7 files

Post launch

tree
.
├── config
│   ├── server-adminlist.json
│   └── server-settings.json
├── docker-compose.yml
├── fsm-data
│   ├── conf.json
│   └── sqlite.db
├── mods
│   ├── even-distribution_1.0.7.zip
│   ├── mod-list.json
│   ├── mod-settings.dat
│   └── sonaxaton-infinite-resources_0.4.7.zip
└── saves

Here's the output from docker compose:

Starting factorio-server-manager_factorio_1 ... done
Attaching to factorio-server-manager_factorio_1
factorio_1  |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
factorio_1  |                                  Dload  Upload   Total   Spent    Left  Speed
100   447  100   447    0     0    626      0 --:--:-- --:--:-- --:--:--   626
100 48.5M  100 48.5M    0     0  27.5M      0  0:00:01  0:00:01 --:--:-- 80.4M
factorio_1  | 2021/01/29 17:15:52 CookieEncryptionKey invalid or empty, create new random one
factorio_1  | 2021/01/29 17:15:52 Rcon password default one or empty, generated new one:
factorio_1  | 2021/01/29 17:15:52 Password: XVlBzgbaiCMRAjWwhTHctcuA
factorio_1  | /opt/fsm/mod_packs
factorio_1  | 2021/01/29 17:15:52 Loaded Factorio settings from /opt/factorio/config/server-settings.json
factorio_1  | 2021/01/29 17:15:52 Created default admin user. Please change it's password as soon as possible.
factorio_1  | 2021/01/29 17:15:52 Username: admin
factorio_1  | 2021/01/29 17:15:52 Password: XhyyYsBIqrZvakMbZoMDwpMO
factorio_1  | 2021/01/29 17:15:52 Starting server on: 0.0.0.0:80

Screenshot is attached of chrome in incognito for sake of cookies, and output of terminal showing that it's succeeding a login, but not actually

[knoxfighter]

Reloading the page after that error message (when it was successful in the backend), will load the correct page.

[knoxfighter]

To reproduce: Change the cookieencryptionkey and try to login.

[zfouts]

Reloading the page after that error message (when it was successful in the backend), will load the correct page.

I've tried - refreshing just results in receiving the login page again

To reproduce: Change the cookieencryptionkey and try to login.

I've changed, based on my looking at the code, I set COOKIE_ENCRYPTION_KEY I also modified fsm-data/conf.json with a new random string, received same result.

Any other suggestions?

[knoxfighter]

Those messages where mostly for myself to keep track of whats going on. More or less ignore them until i found a real solution. Error message in frontend: DOMException: An attempt was made to use an object that is not, or is no longer, usable

[knoxfighter]

@zfouts I think i found a solution. Please test it by running the branch fix-auth-exception. It is also available as docker image: ofsm/ofsm:fix-auth-exception.

[zfouts]

I opened up chrome's console, logged in again using the fix-auth-exception version:

When logging in with the correct password, the following is returned from path /login

{"ID":0,"CreatedAt":"0001-01-01T00:00:00Z","UpdatedAt":"0001-01-01T00:00:00Z","DeletedAt":null,"username":"admin","password":"","role":"","email":""}

However looking at requests via web developer console in chrome /status returns the following

Could not read username from sessioncookie

I copied the request that Chrome sends to the login (different password than previous, as I've wiped it a few times testing):

  -H 'Accept: application/json, text/plain, */*' \
  -H 'Referer: http://192.168.1.57/login' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36' \
  -H 'Content-Type: application/json' \
  --data-raw '{"username":"admin","password":"zFSwSfKwPyWvqupkQdLCeLps"}' \
  --compressed

Here's the output of the curl command, same as chrome:

{"ID":0,"CreatedAt":"0001-01-01T00:00:00Z","UpdatedAt":"0001-01-01T00:00:00Z","DeletedAt":null,"username":"admin","password":"","role":"","email":""}

[knoxfighter]

That is normal behaviour. /status is checking if your already logged in, if that is the case it will, it will move you to the correct overlay. If yoour not logged in nothing will happen. Also, when you are on any other page and /status is returning, that you are not logged in, then you will be moved to the login page.

If the login and the redirect work correctly on that branch, i fixed your issue :)

[BobWhite2017]

I see the same issue on the develop branch. Switched to the fix-auth-exception branch and it still occurs.

[knoxfighter]

I need more information to fix this issue. Please open your browser console (F12) and go to tab "Console". After that error occured, rightclick into the console and save/copy all visible output. Then you can send me that output and i can hopefully figure out, whats going on. I also added a little bit more output, so pull the image again.

[zfouts]

Pulled new image

Output from login

Request Method: POST
Status Code: 200 OK
Remote Address: 192.168.1.57:80
Referrer Policy: strict-origin-when-cross-origin
Content-Length: 150
Content-Type: application/json;charset=UTF-8
Date: Sun, 31 Jan 2021 01:42:56 GMT
Set-Cookie: authentication=MTYxMjA1NzM3NnxEdi1CQkFFQ180SUFBUkFCRUFBQUpfLUNBQUVHYzNSeWFXNW5EQW9BQ0hWelpYSnVZVzFsQm5OMGNtbHVad3dIQUFWaFpHMXBiZz09fJPNVExzrhZiOBFa-CQSqsmQwIIE2rZrwT4RlZ1OKSPe; Path=/; Secure
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 58
Content-Type: application/json
Host: 192.168.1.57
Origin: http://192.168.1.57
Referer: http://192.168.1.57/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36
{username: "admin", password: "zFSwSfKwPyWvqupkQdLCeLps"}
password: "zFSwSfKwPyWvqupkQdLCeLps"
username: "admin"

Attached text file for the other log 192.168.1.57-1612057347371_output_new_image.log

[knoxfighter]

I can now finally reproduce this reliable. It seems to be only a problem in chromium based browsers, like google chrome. Firefox works fine (which i work with)

[knoxfighter]

More discoveries: This is the cause, when using Secure: true on an http (no ssl) connection. Google Chrome will reject those cookies silently (not sure what ff does, cause i only tested it on localhost).

[knoxfighter]

ok, you can now change that in the conf.json. Just download the newest docker container and add "secure": false to the config.

Please tell me if that is working for you now :)

[BobWhite2017]

That did fix the issue. Thank you!

[zfouts]

Confirmed! Working now with the new image

[knoxfighter]

Fixed in 0.10.0. Add "secure": false to conf.json to enable using sessioncookies without SSL/TLS.