Cannot create user with "ngsi users create"

dkastl commented 1 year ago

Checklist

[x] I have run the latest release.
[ ] I have inspeced the status of docker containers.
[ ] I have run the sanity check described in after-installation.md.
[x] I have inspected all error messages.
[x] I have inspected the log files in the /var/log/fiware directory.
[x] I have run the make collect command.

Describe the bug

I'm trying to create a user as described in https://fi-bb.letsfiware.jp/examples/keyrock/ , which returns an error:

ngsi users create --host keyrock --username user001 --email user001@example.com --password 1234
usersCreate003 error 400 Bad Request {"error":{"message":"Invalid email","code":400,"title":"Bad Request"}}

However, the following works:

Create a user through the Keyrock web UI
List, update and delete a user with NSGI GO

So the only command that does not work is create and the email address doesn't appear to be wrong.

Your system environment

Date: Fri Jan 27 05:36:08 UTC 2023
Version: 0.20.0
Hash: 17816b305d1f5c9b1c87f06760780c86e233c27a44d0a53e8dc7f9a3b8ec98ba  lets-fiware.sh
git-hash: 
0bf725a6696c627377e746ed3b47021e21b298ab
f52e9e04dc63511f5dd8fe96540ef488d0b722b9
949d81e25ef0308e6e31391faec642ba08f8e3f9
App list: KEYROCK CYGNUS WIRECLOUD NGSIPROXY NODE_RED IOTAGENT_JSON IOTAGENT_HTTP MOSQUITTO 
Install: completed
Docker containers: 
make[1]: Entering directory '/srv/fiware-big-bang'
sudo /usr/local/bin/docker-compose ps
             Name                            Command                   State                                                        Ports                                                
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
fiware-big-bang_cygnus_1          /cygnus-entrypoint.sh            Up (healthy)     5050/tcp, 5080/tcp                                                                                   
fiware-big-bang_elasticsearch_1   /docker-entrypoint.sh elas ...   Up               9200/tcp, 9300/tcp                                                                                   
fiware-big-bang_iotagent-json_1   docker-entrypoint.sh node  ...   Up (healthy)     4041/tcp, 7896/tcp                                                                                   
fiware-big-bang_keyrock_1         docker-entrypoint.sh npm start   Up (healthy)     3000/tcp                                                                                             
fiware-big-bang_memcached_1       docker-entrypoint.sh memca ...   Up               11211/tcp                                                                                            
fiware-big-bang_mintaka_1         java -cp @/app/jib-classpa ...   Up               8080/tcp, 8443/tcp                                                                                   
fiware-big-bang_mongo_1           docker-entrypoint.sh --noj ...   Up               27017/tcp                                                                                            
fiware-big-bang_mosquitto_1       /docker-entrypoint.sh /usr ...   Up               1883/tcp                                                                                             
fiware-big-bang_nginx_1           /docker-entrypoint.sh ngin ...   Up               0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp,                              
                                                                                    0.0.0.0:8883->8883/tcp,:::8883->8883/tcp                                                             
fiware-big-bang_ngsiproxy_1       docker/entrypoint.sh             Up                                                                                                                    
fiware-big-bang_node-red001_1     npm --no-update-notifier - ...   Up (healthy)     1880/tcp                                                                                             
fiware-big-bang_node-red002_1     npm --no-update-notifier - ...   Up (healthy)     1880/tcp                                                                                             
fiware-big-bang_node-red003_1     npm --no-update-notifier - ...   Up (healthy)     1880/tcp                                                                                             
fiware-big-bang_orion-ld_1        orionld -fg -multiservice  ...   Up               1026/tcp                                                                                             
fiware-big-bang_postfix_1         docker-entrypoint.sh             Up               25/tcp                                                                                               
fiware-big-bang_postgres_1        docker-entrypoint.sh postgres    Up               5432/tcp                                                                                             
fiware-big-bang_timescale-db_1    docker-entrypoint.sh postg ...   Up (healthy)     5432/tcp                                                                                             
fiware-big-bang_tokenproxy_1      docker-entrypoint.sh             Up               1029/tcp                                                                                             
fiware-big-bang_wilma_1           docker-entrypoint.sh npm start   Up (unhealthy)   1027/tcp                                                                                             
fiware-big-bang_wirecloud_1       /docker-entrypoint.sh            Up (healthy)     8000/tcp                                                                                             
make[1]: Leaving directory '/srv/fiware-big-bang'
Keyrock: 
{"keyrock":{"version":"8.1.0","release_date":"2021-07-22","uptime":"14:27:42.5","git_hash":"https://github.com/ging/fiware-idm/releases/tag/8.1.0","doc":"https://fiware-idm.readthedocs.io/en/8.1.0/","api":{"version":"v1","link":"https://keyrock.xxxxxxxx/v1"}}}

To Reproduce Steps to reproduce the behavior:

Configure the server host
List existing users
Create a new user

Expected behavior

A new user is created.

Server (please complete the following information):

OS and OS version: Ubuntu 22.04
Docker version: 20.10.23, build 7155243
Docker-compose version: 1.29.2, build 5becea4c

Additional context

There was no log output in /var/log/fiware/keyrock.log when making the request.

ngsi version --host keyrock --pretty
{
  "keyrock": {
    "version": "8.1.0",
    "release_date": "2021-07-22",
    "uptime": "14:34:07.4",
    "git_hash": "https://github.com/ging/fiware-idm/releases/tag/8.1.0",
    "doc": "https://fiware-idm.readthedocs.io/en/8.1.0/",
    "api": {
      "version": "v1",
      "link": "https://keyrock.xxxxxxxxxxxxxxxx/v1"
    }
  }
}

fisuda commented 1 year ago

usersCreate003 error 400 Bad Request {"error":{"message":"Invalid email","code":400,"title":"Bad Request"}}

This error is a respose from your Keyrock instance. The error message of NGSI Go has a prefix like usersCreate003. A prefix consists of a Go lang function name and a position in the funciton. In this case, the function name is usersCreate. The position is 3rd. See here .

https://github.com/lets-fiware/ngsi-go/blob/1af5d5c69c3fb86187a303a322c589f58c4a1940/internal/keyrock/users.go#L132-L154

Could you try replacing exmaple.com with your domain?

ubuntu@fi-bb:~$ ngsi users create --host keyrock.letsfiware.jp --username user001 --email user001@example.com --password 1234
usersCreate003 error 400 Bad Request {"error":{"message":"Invalid email","code":400,"title":"Bad Request"}}

ubuntu@fi-bb:~$ ngsi users create --host keyrock.letsfiware.jp --username user001 --email user001@letsfiware.jp --password 1234
368401c5-49d6-4624-90ee-e66d0a73d8b3

ubuntu@fi-bb:~$ ngsi users list
368401c5-49d6-4624-90ee-e66d0a73d8b3
admin

If you want to add a user with the example.com domain, add exmaple.com to config/keyrock/whitelist.txt and restart your Keyrock instance. The FIWARE Big bang sets up a Keyrock instance with whitelist as the email list type. See here.

ubuntu@fi-bb:~$ cat config/keyrock/whitelist.txt
letsfiware.jp
example.com

ubuntu@fi-bb:~$ ngsi users create --username user001 --email user001@example.com --password 1234 --host keyrock.letsfiware.jp
4201c1fd-52d3-4bd7-abfd-94319266549e

ubuntu@fi-bb:~$ ngsi users get --uid 4201c1fd-52d3-4bd7-abfd-94319266549e -P
{
  "user": {
    "scope": [],
    "id": "4201c1fd-52d3-4bd7-abfd-94319266549e",
    "username": "user001",
    "email": "user001@example.com",
    "enabled": true,
    "admin": false,
    "image": "default",
    "gravatar": false,
    "date_password": "2023-01-27T07:50:05.000Z",
    "description": null,
    "website": null
  }
}

dkastl commented 1 year ago

Thanks a lot!

This indeed works with an email address using the same (sub-) domain that was used for the setup. To mention whitelist.txt in this context in the documentation is a good idea. It seems the whitelist does not apply when adding users through the UI. Not sure this is a bug or a feature ;-)

But it may affect self-registration, which also didn't work. Will need to try again.

fisuda commented 1 year ago

Normally, Keyrock should be setup with Mail Transfer Agent. After registing a new user on UI of Keyrock, a user will receive an email to active an account from Keyrock. Before doing that, a use can not log in keyrock. Probably, when a domain of an email does not found in a whitelist, Keyrock will not send a use to an email. But this topic is not about FIWARE Bing Bang. Please read Keyrock documentation or source code.

fisuda commented 1 year ago

Merged PR #237

lets-fiware / FIWARE-Big-Bang

Cannot create user with "ngsi users create" #235