Closed ghost closed 4 years ago
Hi,
On your logs I found the error:
sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) FATAL: password authentication failed for user "faraday_postgresql"
FATAL: password authentication failed for user "faraday_postgresql"
It seems that you postgresql connection string is invalid. You will need to change the faraday_postgresql
password and change it on server.ini file.
Remember that the valid server.ini file is located at the HOME path of the user who executes faraday-server (in your case root).
For changing the password, open the sql shell and execute:
ALTER USER faraday_postgresql WITH PASSWORD 'new_password';
Hi again, actually i don't have anything under /root/ No .faraday/ directory.
But i'll try changing the password of faraday_postgresql
and let you know.
Thanks for now.
Hi, i'm here again.
Even changing password doesn't work.
Also, if the password was wrong before, i couldn't connect throught sudo faraday-manage sql-shell
the other times, right?
I've tried to change password to a simplier one, but got no luck.
Any other ideas/advice?
Hi,
If you can use sudo faraday-manage sql-shell
then the connection to the database is correct.
Can you try to connect using curl to the api?
curl -s 'http://SERVER_IP:5985/_api/login' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
--data-binary '{"email":"faraday","password": "changeme"}'
Faraday login api should return more information on the error.
So, it seems that via API it works because in response i get the auth token correctly, but in web ui still got the error.
Curl response:
{"meta":{"code":200},"response":{"user":{"authentication_token":"TOKEN","name":my-email","username":"faraday"}}}
@h0nus that's great news. Could you try to login into the webui usign chrome with the developer tools open? Can send send me the a console tab screenshot after login?
So, there are errors that i've noted by debugging with Fiddler4, but I just skipped them because i thought those were for the bad authentication. But here is the screen for you:
By looking at errors it seem that the application doesn't set the header/session properly? I'm only guessing, not sure tho.
Hi, 401 error are ok, since the frontend uses the api to know if the user is already authenticated. Could you check at the network tab is the login returned 200 ok? We are trying to reproduce the issue from our side.
Thanks!
Hi h0nus, We tried to reproduce the issue and we found that Werkzeug could be the cause of this login problem. Please run the following command to fix the issue:
pip install Werkzeug==0.16.0
Thanks!
Hi
i've used fiddler for a better view of request and response, but still nothing.
I've installed Werkzeug at the version you said, but sill got errors.
Here is the screen of login.
/_api/login
gives a 302 as response, redirecting to /_api/session
but without tokens or valid sessions.
Hi h0nus,
We reproduced the issue and reinstalling flask-login might fix it. Please run:
pip install Flask-Login==0.4.1
Thanks again!
Hi, thanks! It finally works! I don't know what caused this, but i'm glad now it's fixed! Now i'll test Netsparker plugin asap.
Please search the Wiki for a solution before posting a ticket. Use the “New Support Request” button to the right of the screen to submit a ticket for technical support.
Issue Type
Can't login on WEB UI
Faraday version
Paste the output of the ./faraday.py --version command
Component Name
If you know where the problem lays indicate it: WebGui
Steps to reproduce
I just did the normal installation from git: 1) git clone https://github.com/infobyte/faraday 2)
sudo apt install postgresql
2)cd faraday
3)sudo python (version 3.7.5) setup.py build && sudo python setup.py install
3) check if postegre is running and it is 4)sudo faraday-manage initdb
5)sudo faraday-server --bind_address 0.0.0.0
6) Went to Web UI but got error when logging in with faraday:generated_passwordThe server is running on Vagrant (latest) on latest version of virtualbox supported by vagrant.
I've tried may "fix" without luck like: ssh local tunnel:
ssh -L 5985:localhost:5985 vagrant@127.0.0.1 -p 2222
, not a chance reinstalling everyhing, not a chance dropping and recreating database, no luck changing faraday password withsudo faraday-manage change-password
I've also tried to drop faraday db, recreate it, then i've runsudo faraday-manage create-tables
andsudo faraday-manage create-superuser
but still no luck.Expected results
To log into Web UI
Debugging tracebacks (current results)
No error in logs nor in debug
If you need help on how to execute in debug mode click here for more information.
Please attach the result of:
Configuration files
Password are the generated ones
Reports/Extra data
I attached faraday_support.zip The errors given are because i've killed faraday server with killall becuase i didn't saw it was open in another shell.
OS
Provide information on your operating system. Example:
$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
if you need other data/info just ask!
Here the file faraday_support:
faraday_support.zip
Cheers!