PureStorage-OpenConnect / pso-explorer

PSO Explorer Helm Chart
Apache License 2.0
12 stars 0 forks source link

Not prompting for username/password #16

Closed aboje closed 4 years ago

aboje commented 4 years ago

We are not presented with any type of authentication window when we enter the pso-explorer URL. The dashboard displays to anyone. I supplied my own values file during the helm installation. This file containers username & password entries. I verified that the pso-explorer-secret has username & password entries. I am using k8s ingress (via nginx ingress-controller) to access the PSO-explorer application.

rdeenik commented 4 years ago

@aboje the username/password is only used for some new features that are still under development. It wasn't ment to limit access to the current views. Would you want all views of PSO eXplorer to be protected by a password? We could see if that could be a configurable option if that's something that is valuable?

mscbpi commented 4 years ago

@dnix101 Authentication is definitely needed in this app.

rdeenik commented 4 years ago

Hi @aboje and @mscbpi, I've updated the 0.5.6-devel build to provide the authentication for all pages. At this point this functionality is disabled by default, but you can block anonymous access using the credentials.anonymousAccess=false option.

to install you can use:

helm install pso-explorer pso-explorer/pso-explorer --devel -n psox --set credentials.anonymousAccess=false

or to upgrade you can use:

helm upgrade pso-explorer pso-explorer/pso-explorer --devel -n psox --set credentials.anonymousAccess=false

Would you be willing to test and let me know if this is what you're looking for?

mscbpi commented 4 years ago

@dnix101

It asks for a password but I can't login (wrong credentials). I hashed the password as documented. You may also have a login page that does not contain the menu.

rdeenik commented 4 years ago

The default credentials are pureuser for username and password. Can you use that to test possibly?

rdeenik commented 4 years ago

@mscbpi Tested some more, not sure what is going wrong from your side. If I hash the password as follows:

htpasswd -bnBC 10 "" mycustompassword | tr -d ':\n'

I am afterwards able to login with the user pureuser and password mycustompassword.

I did see an issue when you update the password using helm upgrade and the pod is not restarted. Sometimes php is not able to access the mounted secrets (file not found). I was able to solve this by scaling the deployment to 0 and then back to 1. After this everything worked fine.

Let me know if that works for you too?

mscbpi commented 4 years ago

I add to add single quotes when hashing the password that contains special characters. As a feature request, I would say the login page should be blank (apart from username/password fields).

Thanks

rdeenik commented 4 years ago

@mscbpi that makes sense, I hadn't tested with special characters. I've updates the remarks for the values.yaml to include single quotes for the htpasswd example. I've also updated the devel image to only show the username/password fields until authenticated. Would you be willing to test again?

mscbpi commented 4 years ago

@dnix101 Yep, that's better !

aboje commented 4 years ago

Tested successfully. Thanks for the quick fixes.