Closed aboje closed 4 years ago
@aboje the username/password is only used for some new features that are still under development. It wasn't ment to limit access to the current views. Would you want all views of PSO eXplorer to be protected by a password? We could see if that could be a configurable option if that's something that is valuable?
@dnix101 Authentication is definitely needed in this app.
Hi @aboje and @mscbpi,
I've updated the 0.5.6-devel build to provide the authentication for all pages. At this point this functionality is disabled by default, but you can block anonymous access using the credentials.anonymousAccess=false
option.
to install you can use:
helm install pso-explorer pso-explorer/pso-explorer --devel -n psox --set credentials.anonymousAccess=false
or to upgrade you can use:
helm upgrade pso-explorer pso-explorer/pso-explorer --devel -n psox --set credentials.anonymousAccess=false
Would you be willing to test and let me know if this is what you're looking for?
@dnix101
It asks for a password but I can't login (wrong credentials). I hashed the password as documented. You may also have a login page that does not contain the menu.
The default credentials are pureuser
for username and password. Can you use that to test possibly?
@mscbpi Tested some more, not sure what is going wrong from your side. If I hash the password as follows:
htpasswd -bnBC 10 "" mycustompassword | tr -d ':\n'
I am afterwards able to login with the user pureuser
and password mycustompassword
.
I did see an issue when you update the password using helm upgrade
and the pod is not restarted. Sometimes php is not able to access the mounted secrets (file not found). I was able to solve this by scaling the deployment to 0 and then back to 1. After this everything worked fine.
Let me know if that works for you too?
I add to add single quotes when hashing the password that contains special characters. As a feature request, I would say the login page should be blank (apart from username/password fields).
Thanks
@mscbpi that makes sense, I hadn't tested with special characters. I've updates the remarks for the values.yaml to include single quotes for the htpasswd example. I've also updated the devel image to only show the username/password fields until authenticated. Would you be willing to test again?
@dnix101 Yep, that's better !
Tested successfully. Thanks for the quick fixes.
We are not presented with any type of authentication window when we enter the pso-explorer URL. The dashboard displays to anyone. I supplied my own values file during the helm installation. This file containers username & password entries. I verified that the pso-explorer-secret has username & password entries. I am using k8s ingress (via nginx ingress-controller) to access the PSO-explorer application.