fly launched but cant change password

[gedw99]

Deploying as per https://oss.medama.io/deployment/fly

fly launch --from https://github.com/medama-io/example-fly-io

All deploys fine and quick but then I cant login as admin to create a new password...

flytest % fly launch --from https://github.com/medama-io/example-fly-io
Launching from git repo https://github.com/medama-io/example-fly-io
Cloning into '.'...
remote: Enumerating objects: 11, done.
remote: Counting objects: 100% (11/11), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 11 (delta 1), reused 7 (delta 1), pack-reused 0 (from 0)
Receiving objects: 100% (11/11), done.
Resolving deltas: 100% (1/1), done.
An existing fly.toml file was found
? Would you like to copy its configuration to the new app? Yes
Using build strategies '[the "ghcr.io/medama-io/medama:latest" docker image]'. Remove [build] from fly.toml to force a rescan
Creating app in /Users/apple/workspace/go/src/junk/flytest
We're about to launch your app on Fly.io. Here's what you're getting:

Organization: Gerard Webb              (fly launch defaults to the personal org)
Name:         flytest-red-flower-2241  (generated)
Region:       Ashburn, Virginia (US)   (from your fly.toml)
App Machines: shared-cpu-1x, 512MB RAM (from your fly.toml)
Postgres:     <none>                   (not requested)
Redis:        <none>                   (not requested)
Tigris:       <none>                   (not requested)

? Do you want to tweak these settings before proceeding? No
Created app 'flytest-red-flower-2241' in organization 'personal'
Admin URL: https://fly.io/apps/flytest-red-flower-2241
Hostname: flytest-red-flower-2241.fly.dev
Wrote config file fly.toml
Validating /Users/apple/workspace/go/src/junk/flytest/fly.toml
✓ Configuration is valid
==> Building image
Searching for image 'ghcr.io/medama-io/medama:latest' remotely...
image found: img_g72wp096w00gpyxk

Watch your deployment at https://fly.io/apps/flytest-red-flower-2241/monitoring

Provisioning ips for flytest-red-flower-2241
  Dedicated ipv6: 2a09:8280:1::41:3d17:0
  Shared ipv4: 66.241.124.109
  Add a dedicated ipv4 with: fly ips allocate-v4

Creating a 1 GB volume named 'medama_db' for process group 'app'. Use 'fly vol extend' to increase its size
This deployment will:
 * create 1 "app" machine

No machines in group app, launching a new machine

WARNING The app is not listening on the expected address and will not be reachable by fly-proxy.
You can fix this by configuring your app to listen on the following addresses:
  - 0.0.0.0:8080
Found these processes inside the machine with open listening sockets:
  PROCESS        | ADDRESSES                             
-----------------*---------------------------------------
  /.fly/hallpass | [fdaa:0:34bc:a7b:306:66e1:2603:2]:22  

Finished launching new machines
-------
 ✔ Machine d890d65f6324d8 [app] update finished: success
-------
Checking DNS configuration for flytest-red-flower-2241.fly.dev

Visit your newly deployed app at https://flytest-red-flower-2241.fly.dev/

[gedw99]

I tried to wrk out how to pick a version to see if the older version did not have this bug.

Could not find any docs on that

fly launch --from https://github.com/medama-io/example-fly-io@v0.4.4
Launching from git repo https://github.com/medama-io/example-fly-io@v0.4.4
Cloning into '.'...
remote: Repository not found.
fatal: repository 'https://github.com/medama-io/example-fly-io@v0.4.4/' not found
Error: exit status 128

[ayuhito]

Were you able to login with CHANGE_ME_ON_FIRST_LOGIN on first login? Was that successful?

Or is this after you changed the password on your analytics dashboard, and now it doesn't work anymore?

[gedw99]

are you saying the “ CHANGE_ME_ON_FIRST_LOGIN “ is the default password ?

[ayuhito]

Yes. It is intentionally kept very annoying so there is a very low chance the user doesn't forget to update it.

[gedw99]

OK works.

I copy passed it and left a " " ( space at the end, which also failed. Maybe think about stripping white spaces around the password passed in too. but not a biggy :)

will close this, as it was user training failure :)

[gedw99]

One idea. After they login with that password, force a password change screen; MUCH more secure. Otherwise, devs are going to be leaving servers with "CHANGE_ME_ON_FIRST_LOGIN" as the password.

[gedw99]

Will close for now. Can make a new Issue if we think this is a good idea.

[ayuhito]

will close this, as it was user training failure :)

I'll add this to my personal backlog so there's no need to make a new issue for it, but some clear pictures which show the login page and password in the documentation to accompany the setup guide should help with this 👍

After they login with that password, force a password change screen; MUCH more secure.

When first designing this, that was what I thought. But I didn't like the idea of adding a new column just for this setting. However, after #113, it should be very very easy to add this as a login check since settings are stored in a JSON blob, so it's definitely a low priority QOL change that's worth adding to the backlog. Noted 👍

[gedw99]

Nice one ☝️

[gedw99]

I am doing all auth with passkeys btw with golang .

let me know if it’s usefull

it syncs between the users devices and is more secure because the server has nothing basically if hacked.

[ayuhito]

let me know if it’s usefull

I wouldn't be against a PR implementing this, but I don't think I'll ever personally implement this as I would be more focused on other features.

[gedw99]

Nah I can’t afford the time .

here is the code though : https://github.com/egregors/passkey

It can work with a Proxy ( caddy, etc ) or built in to a goalng project.

Its still going to change though..