search

fief-dev / fief

Users and authentication management SaaS
https://www.fief.dev
Other
574 stars 48 forks source link

Internal server error on freshly created `ghcr.io/fief-dev/fief:latest` #469

Closed m-danya closed 1 month ago

m-danya commented 1 month ago

Describe the bug

The freshly created Fief container from quickstart returns "Internal Server Error" on trying to login at http://localhost:8000/admin.

To Reproduce

Steps to reproduce the behavior:

Follow the quickstart guide (https://docs.fief.dev/getting-started/local-instance/):

m-danya ~$ docker run -it --rm ghcr.io/fief-dev/fief:latest fief quickstart --docker
/usr/local/lib/python3.12/site-packages/pydantic_settings/sources.py:604: UserWarning: directory "/run/secrets" does not exist
  warnings.warn(f'directory "{path}" does not exist')
User email: danila-mikh@ya.ru
User password: 
Repeat for confirmation: 
⚠️  Be sure to save the generated secrets somewhere safe for subsequent runs. Otherwise, you may lose access to the data.
docker run \
  --name fief-server \
  -p 8000:8000 \
  -d \
  -e "SECRET=XXX" \
  -e "FIEF_CLIENT_ID=XXX" \
  -e "FIEF_CLIENT_SECRET=XXX" \
  -e "ENCRYPTION_KEY=XXX=" \
  -e "PORT=8000" \
  -e "FIEF_DOMAIN=localhost:8000" \
  -e "FIEF_MAIN_USER_EMAIL=danila-mikh@ya.ru" \
  -e "FIEF_MAIN_USER_PASSWORD=danila-mikh@ya.ru" \
  -e "CSRF_COOKIE_SECURE=False" \
  -e "SESSION_DATA_COOKIE_SECURE=False" \
  -e "USER_LOCALE_COOKIE_SECURE=False" \
  -e "LOGIN_HINT_COOKIE_SECURE=False" \
  -e "LOGIN_SESSION_COOKIE_SECURE=False" \
  -e "REGISTRATION_SESSION_COOKIE_SECURE=False" \
  -e "SESSION_COOKIE_SECURE=False" \
  -e "FIEF_ADMIN_SESSION_COOKIE_SECURE=False" \
  ghcr.io/fief-dev/fief:latest
m-danya ~$ docker run \
  --name fief-server \
  -p 8000:8000 \
  -d \
  -e "SECRET=XXX" \
  -e "FIEF_CLIENT_ID=XXX" \
  -e "FIEF_CLIENT_SECRET=XXX" \
  -e "ENCRYPTION_KEY=XXX=" \
  -e "PORT=8000" \
  -e "FIEF_DOMAIN=localhost:8000" \
  -e "FIEF_MAIN_USER_EMAIL=danila-mikh@ya.ru" \
  -e "FIEF_MAIN_USER_PASSWORD=danila-mikh@ya.ru" \
  -e "CSRF_COOKIE_SECURE=False" \
  -e "SESSION_DATA_COOKIE_SECURE=False" \
  -e "USER_LOCALE_COOKIE_SECURE=False" \
  -e "LOGIN_HINT_COOKIE_SECURE=False" \
  -e "LOGIN_SESSION_COOKIE_SECURE=False" \
  -e "REGISTRATION_SESSION_COOKIE_SECURE=False" \
  -e "SESSION_COOKIE_SECURE=False" \
  -e "FIEF_ADMIN_SESSION_COOKIE_SECURE=False" \
  ghcr.io/fief-dev/fief:latest

5669f6b34b78562cd9d13ba8c9743853db54c55c6c2f5c62f81a9ce7e711efd8
m-danya ~$ docker run \
  --name fief-server \
  -p 8000:8000 \
  -d \
  -e "SECRET=XXX" \
  -e "FIEF_CLIENT_ID=XXX" \
  -e "FIEF_CLIENT_SECRET=XXX" \
  -e "ENCRYPTION_KEY=XXX=" \
  -e "PORT=8000" \
  -e "FIEF_DOMAIN=localhost:8000" \
  -e "FIEF_MAIN_USER_EMAIL=danila-mikh@ya.ru" \
  -e "FIEF_MAIN_USER_PASSWORD=danila-mikh@ya.ru" \
  -e "CSRF_COOKIE_SECURE=False" \
  -e "SESSION_DATA_COOKIE_SECURE=False" \
  -e "USER_LOCALE_COOKIE_SECURE=False" \
  -e "LOGIN_HINT_COOKIE_SECURE=False" \
  -e "LOGIN_SESSION_COOKIE_SECURE=False" \
  -e "REGISTRATION_SESSION_COOKIE_SECURE=False" \
  -e "SESSION_COOKIE_SECURE=False" \
  -e "FIEF_ADMIN_SESSION_COOKIE_SECURE=False" \
  ghcr.io/fief-dev/fief:latest

Try to login with specified credentials at http://localhost:8000/admin/. Get "Internal Server Error"

Expected behavior

Successful login

Configuration

Additional context

Here are the logs:

m-danya ~$ docker logs fief-server
2024-10-13 10:36:26,574 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2024-10-13 10:36:26,576 INFO supervisord started with pid 1
2024-10-13 10:36:27,581 INFO spawned: 'fief-server' with pid 7
2024-10-13 10:36:27,588 INFO spawned: 'fief-worker' with pid 8
2024-10-13 10:36:27,595 INFO spawned: 'redis' with pid 9
2024-10-13 10:36:28,623 INFO success: fief-server entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-10-13 10:36:28,623 INFO success: fief-worker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-10-13 10:36:28,623 INFO success: redis entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
/usr/local/lib/python3.12/site-packages/pydantic_settings/sources.py:604: UserWarning: directory "/run/secrets" does not exist
  warnings.warn(f'directory "{path}" does not exist')
/usr/local/lib/python3.12/site-packages/pydantic_settings/sources.py:604: UserWarning: directory "/run/secrets" does not exist
  warnings.warn(f'directory "{path}" does not exist')
INFO  [alembic.runtime.migration] Context impl SQLiteImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> 6c06c7d908a7, Initial migration
INFO  [alembic.runtime.migration] Running upgrade 6c06c7d908a7 -> 6d9fa141730c, Add AdminSessionToken and AdminAPIKey models
INFO  [alembic.runtime.migration] Running upgrade 6d9fa141730c -> a736fe95ec4f, Add unique constraint on OAuthAccount provider_id and account_id
[2024-10-13 10:36:29,867] [PID 8] [MainThread] [dramatiq.MainProcess] [INFO] Dramatiq '1.17.0' is booting up.
2024-10-13 10:36:29.840 | INFO     | fief.worker:<module>:19 - Fief Worker started - {"version": "0.29.0"}
2024-10-13 10:36:29.860 | INFO     | dramatiq.cli:worker_process:423 - Worker process is ready for action. - {}
[2024-10-13 10:36:29,868] [PID 21] [MainThread] [dramatiq.ForkProcess(1)] [INFO] Fork process 'dramatiq.middleware.prometheus:_run_exposition_server' is ready for action.
[2024-10-13 10:36:29,914] [PID 20] [MainThread] [dramatiq.ForkProcess(0)] [INFO] Fork process 'fief.scheduler:schedule' is ready for action.
[2024-10-13 10:36:29,917] [PID 20] [MainThread] [apscheduler.scheduler] [INFO] Adding job tentatively -- it will be properly scheduled when the scheduler starts
[2024-10-13 10:36:29,917] [PID 20] [MainThread] [apscheduler.scheduler] [INFO] Adding job tentatively -- it will be properly scheduled when the scheduler starts
[2024-10-13 10:36:29,921] [PID 20] [MainThread] [apscheduler.scheduler] [INFO] Added job "Actor.send" to job store "default"
[2024-10-13 10:36:29,921] [PID 20] [MainThread] [apscheduler.scheduler] [INFO] Added job "Actor.send" to job store "default"
[2024-10-13 10:36:29,921] [PID 20] [MainThread] [apscheduler.scheduler] [INFO] Scheduler started
2024-10-13 10:36:30.686 | INFO     | fief.logger:__call__:53 - USER_REGISTERED
2024-10-13 10:36:30.688 | DEBUG    | fief.tasks.base:send_task:51 - Send task
2024-10-13 10:36:30.695 | DEBUG    | fief.tasks.base:send_task:51 - Send task
2024-10-13 10:36:30.713 | INFO     | fief.logger:__call__:53 - OBJECT_CREATED
2024-10-13 10:36:30.713 | DEBUG    | fief.tasks.base:send_task:51 - Send task
Admin created
Admin API key not provided in settings. Skipping its creation.
2024-10-13 10:36:31.668 | INFO     | fief.tasks.base:__call__:90 - Start task - {"task": "on_after_register"}
2024-10-13 10:36:31.808 | INFO     | fief.tasks.base:__call__:92 - Done task - {"task": "on_after_register"}
2024-10-13 10:36:31.810 | INFO     | fief.tasks.base:__call__:90 - Start task - {"task": "trigger_webhooks"}
2024-10-13 10:36:31.819 | INFO     | fief.tasks.base:__call__:92 - Done task - {"task": "trigger_webhooks"}
2024-10-13 10:36:31.821 | INFO     | fief.tasks.base:__call__:90 - Start task - {"task": "trigger_webhooks"}
2024-10-13 10:36:31.826 | INFO     | fief.tasks.base:__call__:92 - Done task - {"task": "trigger_webhooks"}
2024-10-13 10:36:31.986 | DEBUG    | fief.dependencies.fief:<module>:34 - Uvicorn server is running without SSL
INFO:     Started server process [7]
INFO:     Waiting for application startup.
2024-10-13 10:36:32.993 | INFO     | fief.lifespan:lifespan:25 - Fief Server started - {"version": "0.29.0"}
2024-10-13 10:36:32.993 | WARNING  | fief.lifespan:lifespan:28 - Telemetry is enabled.
We will collect data to better understand how Fief is used and improve the project.
You can opt-out by setting the environment variable `TELEMETRY_ENABLED=false`.
Read more about Fief's telemetry here: https://docs.fief.dev/telemetry - {}
2024-10-13 10:36:33.402 | INFO     | fief.tasks.base:__call__:90 - Start task - {"task": "heartbeat"}
2024-10-13 10:36:33.677 | INFO     | fief.tasks.base:__call__:92 - Done task - {"task": "heartbeat"}
2024-10-13 10:36:35.427 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:60712 - "GET /admin HTTP/1.1" 308 - {}
2024-10-13 10:36:35.481 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:60712 - "GET /admin/ HTTP/1.1" 307 - {}
2024-10-13 10:36:35.510 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 127.0.0.1:56982 - "GET /.well-known/openid-configuration HTTP/1.1" 200 - {}
2024-10-13 10:36:35.511 | INFO     | httpx._client:_send_single_request:1786 - HTTP Request: GET http://localhost:8000/.well-known/openid-configuration "HTTP/1.1 200 OK" - {}
2024-10-13 10:36:35.512 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:60712 - "GET /admin/auth/login HTTP/1.1" 302 - {}
2024-10-13 10:36:35.551 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:60712 - "GET /authorize?response_type=code&client_id=ilPmGhewiZnu3fxQ2wGB6ns4cAM-KUcGtPAIj5m4ZAM&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fadmin%2Fauth%2Fcallback&scope=openid&screen=login HTTP/1.1" 302 - {}
2024-10-13 10:36:35.670 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:60712 - "GET /login HTTP/1.1" 200 - {}
2024-10-13 10:40:46.514 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:55380 - "POST /login HTTP/1.1" 302 - {}
2024-10-13 10:40:46.537 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:55380 - "GET /verify-request HTTP/1.1" 302 - {}
2024-10-13 10:40:46.576 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:55380 - "GET /consent HTTP/1.1" 302 - {}
2024-10-13 10:40:46.611 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 127.0.0.1:42864 - "POST /api/token HTTP/1.1" 400 - {}
2024-10-13 10:40:46.612 | INFO     | httpx._client:_send_single_request:1786 - HTTP Request: POST http://localhost:8000/api/token "HTTP/1.1 400 Bad Request" - {}
2024-10-13 10:40:46.613 | INFO     | uvicorn.protocols.http.httptools_impl:send:468 - 172.17.0.1:55380 - "GET /admin/auth/callback?code=mJmS2zUlB-oj2kcKzgHb58hxJuVkRpCZrbmqs92tQ-8 HTTP/1.1" 500 - {}
Exception in ASGI application
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/uvicorn/protocols/http/httptools_impl.py", line 401, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fastapi/applications.py", line 1054, in __call__
    await super().__call__(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 404, in _sentry_patched_asgi_app
    return await middleware(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 160, in _run_asgi3
    return await self._run_app(scope, receive, send, asgi_version=3)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 261, in _run_app
    raise exc from None
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 256, in _run_app
    return await self.app(
           ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/applications.py", line 113, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 195, in _create_span_call
    return await old_call(app, scope, new_receive, new_send, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/errors.py", line 187, in __call__
    raise exc
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/errors.py", line 165, in __call__
    await self.app(scope, receive, _send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 195, in _create_span_call
    return await old_call(app, scope, new_receive, new_send, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fief/middlewares/x_forwarded_host.py", line 26, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 160, in _run_asgi3
    return await self._run_app(scope, receive, send, asgi_version=3)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 175, in _run_app
    raise exc from None
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 171, in _run_app
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 293, in _sentry_exceptionmiddleware_call
    await old_call(self, scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 195, in _create_span_call
    return await old_call(app, scope, new_receive, new_send, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/exceptions.py", line 62, in __call__
    await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 62, in wrapped_app
    raise exc
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 51, in wrapped_app
    await app(scope, receive, sender)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 715, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 735, in app
    await route.handle(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 460, in handle
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/fastapi/applications.py", line 1054, in __call__
    await super().__call__(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 404, in _sentry_patched_asgi_app
    return await middleware(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 160, in _run_asgi3
    return await self._run_app(scope, receive, send, asgi_version=3)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 175, in _run_app
    raise exc from None
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/asgi.py", line 171, in _run_app
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/applications.py", line 113, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 195, in _create_span_call
    return await old_call(app, scope, new_receive, new_send, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/errors.py", line 187, in __call__
    raise exc
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/errors.py", line 165, in __call__
    await self.app(scope, receive, _send)
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/sessions.py", line 85, in __call__
    await self.app(scope, receive, send_wrapper)
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/gzip.py", line 20, in __call__
    await responder(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/gzip.py", line 39, in __call__
    await self.app(scope, receive, self.send_with_gzip)
  File "/usr/local/lib/python3.12/site-packages/fief/middlewares/csrf.py", line 23, in __call__
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/fief/middlewares/security_headers.py", line 17, in __call__
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 293, in _sentry_exceptionmiddleware_call
    await old_call(self, scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/starlette.py", line 195, in _create_span_call
    return await old_call(app, scope, new_receive, new_send, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/starlette/middleware/exceptions.py", line 62, in __call__
    await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 62, in wrapped_app
    raise exc
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 51, in wrapped_app
    await app(scope, receive, sender)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 715, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 735, in app
    await route.handle(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 288, in handle
    await self.app(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 76, in app
    await wrap_app_handling_exceptions(app, request)(scope, receive, send)
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 62, in wrapped_app
    raise exc
  File "/usr/local/lib/python3.12/site-packages/starlette/_exception_handler.py", line 51, in wrapped_app
    await app(scope, receive, sender)
  File "/usr/local/lib/python3.12/site-packages/starlette/routing.py", line 73, in app
    response = await f(request)
               ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fastapi/routing.py", line 301, in app
    raw_response = await run_endpoint_function(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fastapi/routing.py", line 212, in run_endpoint_function
    return await dependant.call(**values)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fief/apps/dashboard/routers/auth.py", line 43, in callback
    tokens, userinfo = await fief.auth_callback(
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fief_client/client.py", line 1006, in auth_callback
    token_response = await self._auth_exchange_token(
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/fief_client/client.py", line 1351, in _auth_exchange_token
    self._handle_request_error(response)
  File "/usr/local/lib/python3.12/site-packages/fief_client/client.py", line 492, in _handle_request_error
    raise FiefRequestError(response.status_code, response.text)
fief_client.client.FiefRequestError: [400] - {"error":"invalid_grant"}
fief-bailiff[bot] commented 1 month ago

Hail, @m-danya 👋

I've noticed you shared secret values: SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY, SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY, SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY. Those are highly sensitive and you should keep them secret.

For your security, I've taken the liberty to replace them with dummy values.

fief-bailiff[bot] commented 1 month ago

Hail, @m-danya 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

star-fief

Want to support us?

Subscribe to one of our paid plan to help us continue our work and receive exclusive information and benefits! Starts at $5/month 🪙

Subscribe

Farewell!
m-danya commented 1 month ago

Note: This issue is not present on ghcr.io/fief-dev/fief:0.28.9 image (compared to ghcr.io/fief-dev/fief:latest)

frankie567 commented 1 month ago

Hi @m-danya, thank you for the report! I've identified the issue, will issue a fix shortly :)

m-danya commented 1 month ago

@frankie567 BTW, when the credentials leak is detected by bot, your bot should also encourage user to click this button (or do it automatically):

image

Otherwise the credentials are still available in edits history :)

frankie567 commented 3 weeks ago

Good advice, @m-danya, thanks! TBH, I didn't even know this featured existed 😄