deislabs / bindle

Bindle: Object Storage for Collections
Apache License 2.0
263 stars 36 forks source link

Basic auth login issue #302

Open vdice opened 2 years ago

vdice commented 2 years ago

I'm having trouble logging in with basic auth. Tested with latest commit on main (as of writing: d62d537bb096fb8ce25cabb731471b7a500d7e10) and most recent v0.8.0 tag.

However, I may be missing something. Here's my flow:

  1. Generate htpassword file, start bindle server
    
    $ echo ${PASSWORD} | htpasswd -cBi ./htpassword admin
    Adding password for user admin

$ AUTH_MODE='--htpasswd-file ./htpassword' make serve cargo run --features cli --bin bindle-server -- --directory /Users/vdice/.bindle/bindles --address 127.0.0.1:8080 --htpasswd-file ./htpassword Finished dev [unoptimized + debuginfo] target(s) in 0.07s Running target/debug/bindle-server --directory /Users/vdice/.bindle/bindles --address '127.0.0.1:8080' --htpasswd-file ./htpassword 2022-02-04T17:59:10.224917Z WARN bindle_server: No config file loaded error=failed to read TOML file /Users/vdice/Library/Application Support/bindle/server.toml: No such file or directory (os error 2) 2022-02-04T17:59:10.224995Z WARN bindle_server: No keyring.toml found. Using default keyring. 2022-02-04T17:59:10.225172Z INFO bindle_server: Using verification strategy of GreedyVerification 2022-02-04T17:59:10.225505Z INFO bindle_server: Starting server at 127.0.0.1:8080, and serving bindles from /Users/vdice/.bindle/bindles 2022-02-04T17:59:10.225520Z INFO bindle_server: Using FileProvider 2022-02-04T17:59:10.225528Z INFO bindle_server: Auth mode: HTTP Basic Auth 2022-02-04T17:59:10.225677Z DEBUG bindle::provider::file: Creating new file provider path=/Users/vdice/.bindle/bindles cache_size=50 2022-02-04T17:59:10.225755Z DEBUG bindle::provider::file: warming index 2022-02-04T17:59:10.225768Z INFO bindle::provider::file: Beginning index warm path=/Users/vdice/.bindle/bindles 2022-02-04T17:59:10.225965Z INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/26a53c8670e4bbcb1ec1adbb0f87b6a28a363636835e67d7ebd4f7cba6db3753/invoice.toml 2022-02-04T17:59:10.242246Z INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/9952d6c87384a10846abdb9cd8a84796bb36b3d12140144f3b59b1d77cba4811/invoice.toml 2022-02-04T17:59:10.257905Z INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/59ec977e4fcca995e928e61bb4f25869a058f85479a6b63ea0e4d61e2794b4c1/invoice.toml 2022-02-04T17:59:10.273870Z INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/c809013db4f25a514a3d9dea69edbe10c81a75e625cab979f238e35ead864ed0/invoice.toml 2022-02-04T17:59:10.289691Z INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/912a4ee7f7401408279eb3c646591ecb33953c7cffc01086df50ee891e2c4911/invoice.toml 2022-02-04T17:59:10.305543Z DEBUG bindle::provider::file: Warmed index total_indexed=5 2022-02-04T17:59:10.305658Z DEBUG bindle::server: No TLS config found, starting server in HTTP mode


2. Attempt to login:

$ BINDLE_URL="http://127.0.0.1:8080/v1" BINDLE_HTTP_USER="admin" BINDLE_HTTP_PASSWORD="${PASSWORD}" bindle login Error contacting server: The request could not be handled by the server. Verify your Bindle server URL


3. Bindle server logs:

2022-02-04T18:00:09.483206Z INFO request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: warp::filters::trace: processing request 2022-02-04T18:00:09.483632Z ERROR request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::handlers::v1: Unable to parse device auth url error=RelativeUrlWithoutBase 2022-02-04T18:00:09.483725Z DEBUG request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::reply: Parsed accept header into list accept_value=application/toml accept_items=["application/toml"] 2022-02-04T18:00:09.483784Z DEBUG request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::reply: Selected a best-fit MIME best_fit=application/toml 2022-02-04T18:00:09.483865Z INFO request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: warp::filters::trace: finished processing with success status=400

thomastaylor312 commented 2 years ago

This looks like it is somehow hitting the oauth flow code for some reason

2022-02-04T18:00:09.483632Z ERROR request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::handlers::v1: Unable to parse device auth url error=RelativeUrlWithoutBase
thomastaylor312 commented 2 years ago

Oh @vdice because it is HTTP basic auth, you don't need to bindle login. You can just set the user and password and be good to go

thomastaylor312 commented 2 years ago

I think the solution here is:

vdice commented 2 years ago

Ah, I see. Thanks @thomastaylor312. Path forward sgtm.

vdice commented 2 years ago

@thomastaylor312 could the login flow w/ basic auth also create a session token with the provided un/pw so that it doesn't need to be passed in on further actions again? a la oidc? Or is this an anti-pattern w/ basic auth?

thomastaylor312 commented 2 years ago

I think that could work! You'd store it just like an OIDC token. We should probably capture that in another issue if you want to go that way

vdice commented 2 years ago

Oops, there are actually a few items needed to resolve this issue, as mentioned in https://github.com/deislabs/bindle/issues/302#issuecomment-1030246302