"unauthorized" on first account creation

[emainier]

I have installed from scratch on a minimal Raspbian install.

Everything seems to run correctly (device detection on startup...), except I can't create an account after installation through the default client. I have an "unauthorized" response from the user creation form instead of the standard OTP barcode response.

I have an error message in the safari console:

WebSocket network error: The operation couldn’t be completed. Connection refused

From the pi's console I have:

warning: [manage] wss 192.168.1.15 58516 /manage event=access, diagnostic=unauthorized, role=none, resource=manage, level=null
warning: [manage] wss 192.168.1.15 58516 /manage permanent=false, diagnostic=unknown api: /api/v1/user/prime/1/1, requestID=1, event=route
warning: [manage] wss 192.168.1.15 58516 /manage loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=58516, secure=true, clientSerialNo=46, event=access, diagnostic=unauthorized, role=, resource=, internalP=false
warning: [manage] wss 192.168.1.15 58516 /manage permanent=false, diagnostic=unauthorized, requestID=3, event=user creation

I run TheThingSystem on a Rpi and try to access it from my local network.

On startup the only thing that looks wrong is this:

notice: [steward] start uuid=2f402f80-da50-11e1-9b23-b827ebc1b345
info: [server] listening on wss://*:8888
info: [server] listening on wss://*:8887
info: [server] redirecting from http://*:80 to https://*:8888
info: [server] unable to listen on http://*:80 diagnostic=listen EADDRINUSE

This EADDRINUSE message. After some research nothing seems to listen on the port 80. And as I said it's a minimal raspbian install, so except Node, Bluez, TheThingSystem and some tools there is nothing running.

I tried on different browsers, try a complete reinstall from scratch, but the problem persists.

Have I missed something ? Thanks.

[aallan]

Authentication errors normally mean that you're either using http when you shouldn't, or https when you shouldn't…

If you're logged in locally—i.e. you've hooked a screen up to the Pi and the browser and the steward are on the same machine—then you should use http://127.0.0.1:8887.

Otherwise, if you're accessing the Pi running the steward over the LAN–i.e. the browser and the steward are on different machines—then you should use https://steward.local:8888.

The port 80 message is expected, for instance if I fire the steward up on my Mac laptop I get,

 info: [server] listening on wss://*:8888
  info: [server] listening on wss://*:8887
  info: [server] redirecting from http://*:80 to https://*:8888
  info: [server] unable to listen on http://*:80 diagnostic=listen EADDRINUSE {"local":{"address":"0.0.0.0","port":80}}

it's not associated with the problem.

[emainier]

I access the Pi from another computer on the same network.

I have just tried to access it using : https://steward.local:8888 instead of https://192.168.1.5:8888 as I was doing previously but I still have the same error.

Is there anything else that I could check ?

[mrose17]

hi. let's try this:

first, stop the steward, then:

    % cd steward
    % git pull
    % cd steward
    % rm db/users.db

please include the output of those four commands in your reply.

then restart the steward like this:

    # ./run.sh

and let it start up, then try to do the first account creation, include whatever the steward outputs for run.sh and let us know how it went.

thanks for your patience!

[emainier]

Hi, here are the commands I tried and the output. I have attached a screenshot of the error message I have on which you can see the url used to access TheThingSystem on my Rpi.

Let me know if you need anything else.

pi@steward:~$ cd steward
pi@steward:~/steward$ git pull
Already up-to-date.
pi@steward:~/steward$ cd steward

pi@steward:~/steward/steward$ sudo ./run.sh
[sudo] password for pi:
info: running on Linux Debian 7.4 ( 3.10-3-rpi armv6l)
info: using node v0.10.22
info: [devices] loading climate driver
debug: [climate] begin
info: [devices] loading gateway driver
info: [devices] loading indicator driver
info: [devices] loading lighting driver
info: [devices] loading media driver
debug: [media] begin
info: [devices] loading motive driver
debug: [motive] begin
info: [devices] loading presence driver
info: [devices] loading sensor driver
info: [devices] loading switch driver
info: [devices] loading wearable driver
debug: [wearable] begin
info: [climate] loading ecobee-control driver
info: [climate] loading flower-power-sensor driver
info: [climate] loading koubachi-sensor driver
info: [climate] loading nest-control driver
info: [climate] loading netatmo-sensor driver
info: [climate] loading oregon-scientific-sensor driver
info: [climate] loading plantlink-sensor driver
info: [climate] loading samsung-control driver
info: [climate] loading yoctopuce-meteo driver
info: [discovery] SSDP listening on http://0.0.0.0:1900
info: [gateway] loading automatic-cloud gateway
info: [gateway] loading ecobee-cloud gateway
info: [devices] failing ecobee-cloud gateway (continuing) diagnostic=Cannot find module 'ecobee-api'
info: [gateway] loading flower-power-cloud gateway
info: [gateway] loading insteon-9761 gateway
info: [gateway] loading koubachi-cloud gateway
info: [gateway] loading lockitron-cloud gateway
info: [gateway] loading nest-cloud gateway
info: [gateway] loading netatmo-cloud gateway
info: [gateway] loading openzwave-usb gateway
info: [gateway] loading plantlink-cloud gateway
info: [gateway] loading reelyactive-reel gateway
info: [gateway] loading rfxcom-usb gateway
info: [gateway] loading tesla-cloud gateway
info: [gateway] loading wink-cloud gateway
info: [gateway] loading yoctopuce-hub gateway
info: [discovery] reelyactive-reel driver listening on  udp://*:7018
info: [indicator] loading cassandra-nosql driver
info: [indicator] loading dweetio-sensor driver
info: [indicator] loading grovestreams-sensor driver
info: [indicator] loading mqtt-text driver
info: [indicator] loading nma-text driver
info: [indicator] loading prowl-text driver
info: [indicator] loading wink-dial driver
info: [indicator] loading wink-nimbus driver
info: [indicator] loading xively-sensor driver
info: [lighting] loading blink1-led driver
info: [lighting] loading blinkstick-led driver
info: [lighting] loading heroicrobotics driver
info: [lighting] loading hue driver
info: [lighting] loading insteon-led driver
info: [lighting] loading lifx-bulb driver
info: [lighting] loading robosmart-led driver
info: [lighting] loading tabu-lumen driver
info: [lighting] loading tcpi-led driver
*** WARNING *** The program 'node' uses the Apple Bonjour compatibility layer of Avahi.
*** WARNING *** Please fix your application to use the native API of Avahi!
*** WARNING *** For more information see <http://0pointer.de/avahi-compat?s=libdns_sd&e=node>
*** WARNING *** The program 'node' called 'DNSServiceRegister()' which is not supported (or only supported partially) in the Apple Bonjour     compatibility layer of Avahi.
*** WARNING *** Please fix your application to use the native API of Avahi!
*** WARNING *** For more information see <http://0pointer.de/avahi-compat?s=libdns_sd&e=node&f=DNSServiceRegister>
info: [lighting] loading yoctopuce-color driver
info: [lighting] loading yoctopuce-powercolor driver
info: [discovery] PixelPusher listening on udp://*:7331
info: [media] loading audio-sonos driver
info: [media] loading audio-upnp driver
info: [media] loading video-appletv driver
info: [media] loading video-chromecast driver
info: [media] loading video-roku driver
info: [motive] loading automatic-vehicle driver
info: [motive] loading lockitron-lock driver
info: [motive] loading tesla-model-s driver
info: [presence] loading fob driver
info: [presence] loading mobile-mqtt driver
info: [presence] loading reelyactive-tag driver
info: [switch] loading insteon-dimmer driver
info: [switch] loading insteon-onoff driver
info: [switch] loading wemo-onoff driver
info: [switch] loading wink-onoff driver
info: [switch] loading wink-pivot-power-genius driver
info: [switch] loading zwave-dimmer driver
info: [switch] loading zwave-onoff driver
info: [wearable] loading watch driver
notice: [steward] start uuid=2f402f80-da50-11e1-9b23-b827ebc1b345
info: [server] listening on wss://*:8888
info: [server] listening on wss://*:8887
info: [server] redirecting from http://*:80 to https://*:8888
info: [server] unable to listen on http://*:80 diagnostic=listen EADDRINUSE
info: [server] loading console route
info: [server] loading manage route
info: [server] loading oneshot route
info: [server] loading root route
info: [server] loading ble discovery
info: [server] loading mac discovery
info: [server] loading owl discovery
info: [server] loading portscan discovery
info: [server] loading ssdp discovery
info: [server] loading tsrp discovery
info: [discovery] OWL driver listening on multicast udp://224.192.32.19:22600
info: [discovery] SSDP listening on http://192.168.1.5:1900
info: [discovery] TSRP listening on multicast udp://224.0.9.1:22601
info: [discovery] UPnP listening on http://192.168.1.5:8886
info: [discovery] BLE stateChange state=poweredOn
info: [discovery] BLE undefined uuid=2cb43a19a2bf
info: [devices] found device/1 deviceID=1, deviceType=/device/presence/ble/fob
info: [discovery] mDNS Apple TV url=http://192.168.1.10:7000/
info: [discovery] UPnP D-Link DSL-2750B url=http://192.168.1.1:5431/
warning: [devices] no maker registered for DSL-2750B
info: [discovery] UPnP Philips hue (192.168.1.201) url=http://192.168.1.201:80/
info: [devices] found Apple TV deviceID=3, deviceType=/device/media/appletv/video
info: [devices] found Philips hue (192.168.1.201) deviceID=2, deviceType=Philips hue bridge 2012
info: [sensor] loading nest-smoke driver
info: [sensor] loading texas-instruments-sensortag driver
info: [sensor] loading wemo-motion driver
info: [sensor] loading wink-spotter driver
info: [sensor] loading yoctopuce-4-20mA-Rx driver
info: [sensor] loading yoctopuce-co2 driver
info: [sensor] loading yoctopuce-light driver
info: [sensor] loading yoctopuce-voc driver
info: [discovery] PORT starting scan
info: [discovery] PORT finished scan
error: [presence] device/1 device/1 event=connect, diagnostic=Transport endpoint is not connected
info: [presence] device/1 device/1 status=recent
info: [server] https 192.168.1.15 54707 / loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707, secure=true,     clientSerialNo=0, event=request, method=GET
info: [server] https 192.168.1.15 54707 / code=200, type=text/html, octets=189
info: [server] https 192.168.1.15 54707 /d3/index.html loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707,     secure=true, clientSerialNo=1, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/index.html code=200, type=text/html, octets=11452
info: [server] https 192.168.1.15 54707 /d3/d3.v2.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707,     secure=true, clientSerialNo=2, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/d3.v2.js code=200, type=application/javascript, octets=239674
info: [server] https 192.168.1.15 54708 /d3/d3.steward.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54708,     secure=true, clientSerialNo=3, event=request, method=GET
info: [server] https 192.168.1.15 54709 /d3/steward.api.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54709,     secure=true, clientSerialNo=4, event=request, method=GET
info: [server] https 192.168.1.15 54710 /d3/onactors.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54710,     secure=true, clientSerialNo=5, event=request, method=GET
info: [server] https 192.168.1.15 54711 /d3/master.css loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54711,     secure=true, clientSerialNo=6, event=request, method=GET
info: [server] https 192.168.1.15 54712 /d3/popover.css loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54712,     secure=true, clientSerialNo=7, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/login.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707,     secure=true, clientSerialNo=8, event=request, method=GET
info: [server] https 192.168.1.15 54708 /d3/d3.steward.js code=200, type=application/javascript, octets=26538
info: [server] https 192.168.1.15 54709 /d3/steward.api.js code=200, type=application/javascript, octets=8853
info: [server] https 192.168.1.15 54710 /d3/onactors.js code=200, type=application/javascript, octets=10018
info: [server] https 192.168.1.15 54711 /d3/master.css code=200, type=text/css, octets=19947
info: [server] https 192.168.1.15 54712 /d3/popover.css code=200, type=text/css, octets=11251
info: [server] https 192.168.1.15 54707 /d3/login.js code=200, type=application/javascript, octets=35279
info: [server] https 192.168.1.15 54710 /d3/drilldown.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54710,     secure=true, clientSerialNo=9, event=request, method=GET
info: [server] https 192.168.1.15 54709 /d3/apprentices.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54709,     secure=true, clientSerialNo=10, event=request, method=GET
info: [server] https 192.168.1.15 54712 /d3/voice.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54712,     secure=true, clientSerialNo=11, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/popover.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707,     secure=true, clientSerialNo=12, event=request, method=GET
info: [server] https 192.168.1.15 54711 /d3/colorpicker.min.js loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15,     remotePort=54711, secure=true, clientSerialNo=13, event=request, method=GET
info: [server] https 192.168.1.15 54710 /d3/drilldown.js code=200, type=application/javascript, octets=89557
info: [server] https 192.168.1.15 54707 /d3/popover.js code=200, type=application/javascript, octets=71023
info: [server] https 192.168.1.15 54712 /d3/voice.js code=200, type=application/javascript, octets=55023
info: [server] https 192.168.1.15 54709 /d3/apprentices.js code=200, type=application/javascript, octets=35908
info: [server] https 192.168.1.15 54711 /d3/colorpicker.min.js code=200, type=application/javascript, octets=8021
info: [server] https 192.168.1.15 54707 /d3/images/thing.sys.logo.black.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15,     remotePort=54707, secure=true, clientSerialNo=14, event=request, method=GET
info: [server] https 192.168.1.15 54708 /d3/roadgeek2005v2-complete/Roadgeek%202005%20Series%20D.otf loopback=false, subnet=true, local=true,     remoteAddress=192.168.1.15, remotePort=54708, secure=true, clientSerialNo=15, event=request, method=GET
info: [server] wss 192.168.1.15 54713 /manage loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54713, secure=true,     clientSerialNo=16, event=connection
info: [server] https 192.168.1.15 54707 /d3/images/thing.sys.logo.black.svg code=200, type=image/svg+xml, octets=8363
info: [server] https 192.168.1.15 54708 /d3/roadgeek2005v2-complete/Roadgeek%202005%20Series%20D.otf code=200, type=application/x-font-otf,     octets=24184
info: [server] https 192.168.1.15 54709 /d3/popovers/assets/create-account-only.svg loopback=false, subnet=true, local=true, remoteAddress=192.168    .1.15, remotePort=54709, secure=true, clientSerialNo=17, event=request, method=GET
info: [server] https 192.168.1.15 54710 /d3/popovers/assets/developer-mode.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1.    15, remotePort=54710, secure=true, clientSerialNo=18, event=request, method=GET
info: [server] https 192.168.1.15 54711 /d3/popovers/assets/window.form.short.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1    .15, remotePort=54711, secure=true, clientSerialNo=19, event=request, method=GET
info: [server] https 192.168.1.15 54709 /d3/popovers/assets/create-account-only.svg code=200, type=image/svg+xml, octets=8485
info: [server] https 192.168.1.15 54710 /d3/popovers/assets/developer-mode.svg code=200, type=image/svg+xml, octets=8623
info: [server] https 192.168.1.15 54711 /d3/popovers/assets/window.form.short.svg code=200, type=image/svg+xml, octets=2438
info: [server] https 192.168.1.15 54707 /client.html loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54707,     secure=true, clientSerialNo=20, event=request, method=GET
info: [server] https 192.168.1.15 54707 /client.html code=200, type=text/html, octets=29464
info: [server] wss 192.168.1.15 54713 /manage loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54713, secure=true,     clientSerialNo=16, event=close, code=1000, message=
info: [server] https 192.168.1.15 54707 /d3/popovers/assets/window.form.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15,     remotePort=54707, secure=true, clientSerialNo=21, event=request, method=GET
info: [server] https 192.168.1.15 54708 /qrcode.png loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54708,     secure=true, clientSerialNo=22, event=request, method=GET
info: [server] https 192.168.1.15 54709 /d3/popovers/assets/create.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15,     remotePort=54709, secure=true, clientSerialNo=23, event=request, method=GET
info: [server] https 192.168.1.15 54710 /d3/popovers/assets/test.svg loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15,     remotePort=54710, secure=true, clientSerialNo=24, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/popovers/assets/window.form.svg code=200, type=image/svg+xml, octets=2427
info: [server] https 192.168.1.15 54708 /qrcode.png code=200, type=image/png, octets=100
info: [server] https 192.168.1.15 54709 /d3/popovers/assets/create.svg code=200, type=image/svg+xml, octets=6199
info: [server] https 192.168.1.15 54710 /d3/popovers/assets/test.svg code=200, type=image/svg+xml, octets=5741
info: [server] https 192.168.1.15 54707 /d3/popovers/assets/back-to-client-login.svg loopback=false, subnet=true, local=true, remoteAddress=192.    168.1.15, remotePort=54707, secure=true, clientSerialNo=25, event=request, method=GET
info: [server] https 192.168.1.15 54707 /d3/popovers/assets/back-to-client-login.svg code=200, type=image/svg+xml, octets=9375
info: [server] wss 192.168.1.15 54717 /manage loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54717, secure=true,     clientSerialNo=26, event=connection
warning: [manage] wss 192.168.1.15 54717 /manage event=access, diagnostic=unauthorized, role=none, resource=manage, level=null
warning: [manage] wss 192.168.1.15 54717 /manage permanent=false, diagnostic=unknown api: /api/v1/user/prime/1/1, requestID=1, event=route
warning: [manage] wss 192.168.1.15 54717 /manage loopback=false, subnet=true, local=true, remoteAddress=192.168.1.15, remotePort=54717,     secure=true, clientSerialNo=26, event=access, diagnostic=unauthorized, role=, resource=, internalP=false
warning: [manage] wss 192.168.1.15 54717 /manage permanent=false, diagnostic=unauthorized, requestID=3, event=user creation
warning: [manage] wss 192.168.1.15 54766 /manage event=access, diagnostic=unauthorized, role=none, resource=manage, level=null
warning: [manage] wss 192.168.1.15 54766 /manage permanent=false, diagnostic=unknown api: /api/v1/user/prime/1/1, requestID=1, event=route

[ae9f]

Creating the very first account on a brand new steward requires unauthenticated (http: and :8887) access to client.html. The D3 client does that now with 'the latest' when you click "Create Account" with no accounts previously created. Authentication is still required to create additional accounts in subsequent sessions, as before. The fix has been tested on desktop and RPi stewards.

[emainier]

I have updated to the latest and tested but it's not working any better.

When I try to browse to http://steward.local:8887, am redirected to https://192.168.1.5:8888 which is my Rpi IP address.

If I try to fill the form to create the first user I am redirected to 127.0.0.1, that comes from the if condition testing if I reached the steward from the address "steward.local", because I have been redirected to the IP address, the test fails.

Is there a reason why I am redirected from the ".local" address to the IP address ? If I try to browse to the steward using "https://steward.local:8888" the "steward.local" is not replaced by the local address.

[ae9f]

Well, I'm stumped at the moment. Safari doesn't redirect http://steward.local:8887 to a secure connection to the RPi's IP address, but Chrome and Firefox do. I'll dig some more. @aallan - any ideas?

[emainier]

My Safari does it too. I have tested on Chrome and Safari and had the issue on both.

[ae9f]

Perhaps some kind of caching situation? I just quit and relaunched Chrome, and when attempting to create an RPi first account from the d3 client (https://steward.local:8888/d3/index.html), the desired http://steward.local:8887/client.html URL stayed in the address field this time, allowing normal first account creation (and providing a button back to the d3 client as expected).

[emainier]

Here is what I have tried:

• Clear the cache.
• Try in a private navigation session.
• Try from a fresh install of Firefox which wasn't installed on my computer previously.
• Try with Safari from another computer that had never accessed the Pi before.

I am stil redirected from "steward.local" to the IP address of my Rpi when I click on the "Create Account" button. So it doesn't seem to be a cache issue.

Both of the computer are running Mac Os 10.9.

[ae9f]

Sounds like you're trying the right stuff (I'm running Mavericks here, too). I'll assume your fresh FF install had no extensions, so that would rule out an extension conflict. If you can't reach http://steward.local:8887/client.html (even manually, rather than through d3), that would seem to prevent you from ever generating a first account for the RPi steward. And that gets into steward innards outside my area. Hoping other curators can chime in here.

[mrose17]

let me suggest one thing.

kill the steward rm steward/steward/db/users.db reset your browser, etc. start the steward

and then try again.

[emainier]

I tried to remove the db/users.db file, and I still have the issue.

If I try to reach "http://steward.local:8887/client.html" directly I am also redirected to the IP address.

[ae9f]

The redirection is at the core of the problem, but I haven't a clue why it's happening to your setup. Has anyone else experienced this with their RPis?

[aallan]

Haven't seen heard of anything like it.

@emainier Perhaps you could try and experiment to try and figure out whether it's your OS installation, or whether it's your local network, that's the problem.

Could you drop a copy of the latest RPi disk image onto a spare SD Card and boot the steward from a known environment. If you can't get the disk image to work it's a network problem, if it works without a problem, then there is something weird going on with your OS configuration.

[emainier]

I have just reinstalled TheThingSystem using the 1.6 disk image. And everything is working fine. It was definitely something wrong with my setup. I couldn't find what was wrong. I will try to investigate more on that and let you know.

Thank you for your help.