search

passbolt / passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
https://passbolt.com
GNU Affero General Public License v3.0
4.63k stars 305 forks source link

DATASOURCES_DEFAULT_PASSWORD_FILE not working with passbolt register_user #491

Open FabienYt opened 1 year ago

FabienYt commented 1 year ago

What you did

I would like to create first admin user (as described in the documentation):

$ docker exec passbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data

I used secret for database password (DATASOURCES_DEFAULT_PASSWORD_FILE)

What happened

The new user cannot be created because the script cannot find the database password:

2023-08-06 20:38:44 error: [Cake\Database\Exception\MissingConnectionException] Connection to Postgres could not be established: SQLSTATE[08006] [7] connection to server at "passbolt-postgres" (172.22.0.2), port 5432 failed: fe_sendauth: no password supplied in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 133 Caused by: [PDOException] SQLSTATE[08006] [7] connection to server at "passbolt-postgres" (172.22.0.2), port 5432 failed: fe_sendauth: no password supplied in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 121 2023-08-06 20:38:44 error: Could not connect to Database.

What you expected to happen

If I use DATASOURCES_DEFAULT_PASSWORD instead of DATASOURCES_DEFAULT_PASSWORD_FILE, everything works. After user creation (with DATASOURCES_DEFAULT_PASSWORD), everything works with DATASOURCES_DEFAULT_PASSWORD_FILE variable.

BrettMerrick commented 11 months ago

I have the same issue. If you connect to the container, only the _FILE environment variables are available. I overcame this by populating the relevant variables in the container before running the command as follows:

docker exec -ti passbolt-container-name bash

su -s /bin/bash www-data

export DATASOURCES_DEFAULT_PASSWORD=$(cat ${DATASOURCES_DEFAULT_PASSWORD_FILE})

/usr/share/php/passbolt/bin/cake \
                                passbolt register_user \
                                -u <your@email.com> \
                                -f <yourname> \
                                -l <surname> \
                                -r admin

You'll need to repeat the export for each of the _FILE environment variables you have used.

I am concerned that there are other passbolt cli commands that don't expand the _FILE variables, so I would prefer to see the codebase handle this correctly. But this will let you get underway.