search

greenpau / caddy-security

πŸ” Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. πŸ’Ž Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. πŸ’Ž Authorization with JWT/PASETO tokens. πŸ”
https://authcrunch.com/
Apache License 2.0
1.32k stars 69 forks source link

breakfix: Local Registration request hanging #138

Open adamsdavis572 opened 1 year ago

adamsdavis572 commented 1 year ago

Describe the issue

When using the web UI to register a local user the Registration page submit is not returning or timing out, it simply hangs mid request with no error. Eventually it the page request times out Configuration

`(ssl) { tls xxxxxxxxx@gmail.com }

{

debug

order authenticate before respond order authorize before basicauth

security {

credentials xxxx {
  username xxxxxxxxxx
  password xxxxxxxxxx
}

messaging email provider gmail-smtp-server {
  address smtp.google.com:587
  protocol smtp
  #passwordless
  sender xxxx "My Auth Portal"
  credentials xxxx
  bcc xxxxxxxxx@gmail.com
}

local identity store localdb {
  realm local
  path /auth_local/users.json
}

user registration localdbRegistry {
  dropbox /auth_local/registrations.json
  title "User Registration"
  code "NY2020"
  #require accept terms
  #require domain mx
  admin email xxxxxxxxx@gmail.com
  email provider gmail-smtp-server
  identity store localdb
}

authentication portal myportal {
  crypto default token lifetime 3600
  crypto key sign-verify xxxx
  enable identity store localdb
  cookie domain xxxx.xxxx
  ui {
    links {
      "My Identity" "/whoami" icon "las la-user"
    }
  }
  transform user {
    match origin local
    action add role authp/user
    ui link "Portal Settings" /settings icon "las la-cog"
  } 
}

authorization policy users_policy {
  set auth url https://auth.xxxx.xxxx/
  allow roles authp/admin authp/user
  crypto key verify xxxxxxxxxx
  acl rule {
    comment allow users
    match role authp/user
    allow stop log info
  }
  acl rule {
    comment default deny
    match any
    deny log warn
  }
}

} }

auth.xxxx.xxxx { import ssl route { authenticate with myportal }

}

homarr.xxxx.xxxx { import ssl

route { authorize with users_policy reverse_proxy http://xxxx:7575 } }`

Version Information

admin.api.load v2.5.1
admin.api.metrics v2.5.1
admin.api.pki v2.5.1
admin.api.reverse_proxy v2.5.1
caddy.adapters.caddyfile v2.5.1
caddy.config_loaders.http v2.5.1
caddy.listeners.http_redirect v2.5.1
caddy.listeners.tls v2.5.1
caddy.logging.encoders.console v2.5.1
caddy.logging.encoders.filter v2.5.1
caddy.logging.encoders.filter.cookie v2.5.1
caddy.logging.encoders.filter.delete v2.5.1
caddy.logging.encoders.filter.hash v2.5.1
caddy.logging.encoders.filter.ip_mask v2.5.1
caddy.logging.encoders.filter.query v2.5.1
caddy.logging.encoders.filter.regexp v2.5.1
caddy.logging.encoders.filter.rename v2.5.1
caddy.logging.encoders.filter.replace v2.5.1
caddy.logging.encoders.json v2.5.1
caddy.logging.writers.discard v2.5.1
caddy.logging.writers.file v2.5.1
caddy.logging.writers.net v2.5.1
caddy.logging.writers.stderr v2.5.1
caddy.logging.writers.stdout v2.5.1
caddy.storage.file_system v2.5.1
http v2.5.1
http.authentication.hashes.bcrypt v2.5.1
http.authentication.hashes.scrypt v2.5.1
http.authentication.providers.http_basic v2.5.1
http.encoders.gzip v2.5.1
http.encoders.zstd v2.5.1
http.handlers.acme_server v2.5.1
http.handlers.authentication v2.5.1
http.handlers.copy_response v2.5.1
http.handlers.copy_response_headers v2.5.1
http.handlers.encode v2.5.1
http.handlers.error v2.5.1
http.handlers.file_server v2.5.1
http.handlers.headers v2.5.1
http.handlers.map v2.5.1
http.handlers.metrics v2.5.1
http.handlers.push v2.5.1
http.handlers.request_body v2.5.1
http.handlers.reverse_proxy v2.5.1
http.handlers.rewrite v2.5.1
http.handlers.static_response v2.5.1
http.handlers.subroute v2.5.1
http.handlers.templates v2.5.1
http.handlers.tracing v2.5.1
http.handlers.vars v2.5.1
http.matchers.expression v2.5.1
http.matchers.file v2.5.1
http.matchers.header v2.5.1
http.matchers.header_regexp v2.5.1
http.matchers.host v2.5.1
http.matchers.method v2.5.1
http.matchers.not v2.5.1
http.matchers.path v2.5.1
http.matchers.path_regexp v2.5.1
http.matchers.protocol v2.5.1
http.matchers.query v2.5.1
http.matchers.remote_ip v2.5.1
http.matchers.vars v2.5.1
http.matchers.vars_regexp v2.5.1
http.precompressed.br v2.5.1
http.precompressed.gzip v2.5.1
http.precompressed.zstd v2.5.1
http.reverse_proxy.selection_policies.cookie v2.5.1
http.reverse_proxy.selection_policies.first v2.5.1
http.reverse_proxy.selection_policies.header v2.5.1
http.reverse_proxy.selection_policies.ip_hash v2.5.1
http.reverse_proxy.selection_policies.least_conn v2.5.1
http.reverse_proxy.selection_policies.random v2.5.1
http.reverse_proxy.selection_policies.random_choose v2.5.1
http.reverse_proxy.selection_policies.round_robin v2.5.1
http.reverse_proxy.selection_policies.uri_hash v2.5.1
http.reverse_proxy.transport.fastcgi v2.5.1
http.reverse_proxy.transport.http v2.5.1
http.reverse_proxy.upstreams.a v2.5.1
http.reverse_proxy.upstreams.srv v2.5.1
pki v2.5.1
tls v2.5.1
tls.certificates.automate v2.5.1
tls.certificates.load_files v2.5.1
tls.certificates.load_folders v2.5.1
tls.certificates.load_pem v2.5.1
tls.certificates.load_storage v2.5.1
tls.get_certificate.http v2.5.1
tls.get_certificate.tailscale v2.5.1
tls.handshake_match.remote_ip v2.5.1
tls.handshake_match.sni v2.5.1
tls.issuance.acme v2.5.1
tls.issuance.internal v2.5.1
tls.issuance.zerossl v2.5.1
tls.stek.distributed v2.5.1
tls.stek.standard v2.5.1

  Standard modules: 96

http.authentication.providers.authorizer v1.1.14
http.handlers.authenticator v1.1.14
security v1.1.14

  Non-standard modules: 3

  Unknown modules: 0

Expected behavior

Registration submitted successfully and entry found in registrations.json

Additional context

This is being run in a docker container created with the following docker filer

`FROM caddy:2.5.1-builder AS builder

RUN xcaddy build \ --with github.com/greenpau/caddy-security

FROM caddy:2.5.1

COPY --from=builder /usr/bin/caddy /usr/bin/caddy`

adamsdavis572 commented 1 year ago

Hi Paul - do you have any pointers here? the project is superb and id like to keep using it.

greenpau commented 1 year ago

@adamsdavis1976 , on vacation. Will follow up when i get back.

adamsdavis572 commented 1 year ago

@greenpau sorry to bug you but have you had any time to look at this? or iff you have any pointers im happy to look myself

Dleewee commented 1 year ago

I was running into the same behavior - in my case was tied to failure to send SMTP. I had port 587 outbound blocked on the system firewall. I opened that port, rebooted, removed registration.json and now registration process is successful.