search

kuzzleio / kuzzle

Open-source Back-end, self-hostable & ready to use - Real-time, storage, advanced search - Web, Apps, Mobile, IoT -
https://kuzzle.io
Apache License 2.0
1.43k stars 123 forks source link

Reset CLI command error #1281

Closed yroseau closed 5 years ago

yroseau commented 5 years ago

The command ./bin/kuzzle reset throws an exception. Tested with Kuzzle 1.4.x

root@kuzzle:/var/app# ./bin/kuzzle reset
[ℹ] You are about to reset Kuzzle configuration and users
[ℹ] This operation cannot be undone.

[❓] Are you sure? If so, please type "I am sure": I am sure
[ℹ] Processing...

{ Error: Forbidden action [null/null/admin/resetKuzzleData] for user -1
    at WSNode.<anonymous> (/var/app/node_modules/kuzzle-sdk/src/Kuzzle.js:854:17)
    at WSNode.g (events.js:292:16)
    at emitOne (events.js:96:13)
    at WSNode.emit (events.js:188:7)
    at WebSocket.client.onmessage (/var/app/node_modules/kuzzle-sdk/src/networkWrapper/wrappers/websocket.js:88:14)
    at WebSocket.onMessage (/var/app/node_modules/ws/lib/event-target.js:120:16)
    at emitOne (events.js:96:13)
    at WebSocket.emit (events.js:188:7)
    at Receiver.receiverOnMessage (/var/app/node_modules/ws/lib/websocket.js:719:20)
    at emitOne (events.js:96:13)
    at Receiver.emit (events.js:188:7)
    at Receiver.dataMessage (/var/app/node_modules/ws/lib/receiver.js:414:14)
    at Receiver.getData (/var/app/node_modules/ws/lib/receiver.js:346:17)
    at Receiver.startLoop (/var/app/node_modules/ws/lib/receiver.js:133:22)
    at Receiver._write (/var/app/node_modules/ws/lib/receiver.js:69:10)
    at doWrite (_stream_writable.js:333:12)
  cause: 
   { Error: Forbidden action [null/null/admin/resetKuzzleData] for user -1
       at WSNode.<anonymous> (/var/app/node_modules/kuzzle-sdk/src/Kuzzle.js:854:17)
       at WSNode.g (events.js:292:16)
       at emitOne (events.js:96:13)
       at WSNode.emit (events.js:188:7)
       at WebSocket.client.onmessage (/var/app/node_modules/kuzzle-sdk/src/networkWrapper/wrappers/websocket.js:88:14)
       at WebSocket.onMessage (/var/app/node_modules/ws/lib/event-target.js:120:16)
       at emitOne (events.js:96:13)
       at WebSocket.emit (events.js:188:7)
       at Receiver.receiverOnMessage (/var/app/node_modules/ws/lib/websocket.js:719:20)
       at emitOne (events.js:96:13)
       at Receiver.emit (events.js:188:7)
       at Receiver.dataMessage (/var/app/node_modules/ws/lib/receiver.js:414:14)
       at Receiver.getData (/var/app/node_modules/ws/lib/receiver.js:346:17)
       at Receiver.startLoop (/var/app/node_modules/ws/lib/receiver.js:133:22)
       at Receiver._write (/var/app/node_modules/ws/lib/receiver.js:69:10)
       at doWrite (_stream_writable.js:333:12) status: 403 },
  isOperational: true,
  status: 403 }
lethak commented 5 years ago

I find It curious that kuzzle is using role/profile enforcement from the command line, especially for the reset command where our data, including role & profile may not be in a consistent state.

scottinet commented 5 years ago

@yroseau > the error seems explicit to me, apart from the -1 user (anonymous) which, I concede, is not explicit. The error message should be improved a bit.

@lethak > The current CLI strategy is to use the Kuzzle API, as any other client would. So rights are indeed checked and, if no credentials are provided, the CLI is executed as the anonymous user. We did that as a security measure, as many other management tools do.

But you can provide a username and a password to the CLI (options -U <username> -P <password>) as stated by this usage help:

$ bin/kuzzle
Usage: kuzzle [options] [command]

Options:
  -V, --version              output the version number
  -p, --port <port>          Kuzzle port number
  -h, --host <host>          Kuzzle host
  -U, --username <username>  Admin username
  -P, --password <password>  Admin password
  -d, --debug                make errors more verbose
  -C, --noColors             do not use ANSI coloring
  -h, --help                 output usage information

Commands:
  createFirstAdmin           create the first administrator user
  clearCache                 clear internal caches in Redis
  reset [options]            reset all users, profiles, roles and documents validation specifications
  resetSecurity [options]    reset all users, profiles and roles
  resetDatabase [options]    remove all data stored on Kuzzle
  shutdown                   gracefully exits after processing remaining requests
  start [options]            start a Kuzzle instance
  dump                       create a dump of current state of kuzzle
  loadMappings <file>        load database mappings into Kuzzle
  loadFixtures <file>        load database fixtures into Kuzzle
  loadSecurities <file>      load roles, profiles and users into Kuzzle
lethak commented 5 years ago

I checked kuzzle reset --help but did not think global options where not showing.

Thanks for explaining.

scottinet commented 5 years ago

@lethak > I just checked it too, and this is a good point: global options should be added to command help messages.

I'll add a PR for this, thanks for the heads up :+1: