kopia / kopia

Cross-platform backup tool for Windows, macOS & Linux with fast, incremental backups, client-side end-to-end encryption, compression and data deduplication. CLI and GUI included.
https://kopia.io
Apache License 2.0
7.79k stars 393 forks source link

Security - Authentication resolves user name incorectly #1632

Closed talios closed 1 year ago

talios commented 2 years ago

I have a user in my backup - kopia@nasbox - and somehow badly pasted the user in the HTTP AUTH Challenge from the web UI as kopia@nasbox@nasbox with the required password, and successfully managed to login.

Everything in the UI appears to run as expected, expect for showing up "local snapshots" as it's a different user - but looking at all snapshots shows the currently running server snapshot.

jkowalski commented 2 years ago

Can you describe how you started the server and what are the users configured? I have a suspicion that kopia will treat kopia@anything same as kopia which is the regular UI user, but wanted to double check.

talios commented 2 years ago

It's a docker container started with /app/kopia server start --insecure --address=0.0.0.0:51515 --server-username kopia@nasbox

I have two users in the repository:

amrk@laptop
kopia@nasbox

(hostnames changed tho). And the password used is the one associated with the kopia@nasbox user.