search

unfoldedcircle / feature-and-bug-tracker

Feature and bug tracker repository for Unfolded Circle products
22 stars 0 forks source link

[bug] After remote has rebooted, the PIN for web-configurator is not visible (only dots) #216

Open atrus05 opened 7 months ago

atrus05 commented 7 months ago

Is there an existing issue for this?

Description

If I reboot the remote, you can no longer see the PIN code for the web-configurator on the remote.

How to Reproduce

  1. Make sure you can see the PIN on the remote in the Settings screen.
  2. Make sure the web-configurator is accessible.
  3. Reboot remote
  4. The web-configurator gets back online (that is good)
  5. But on the remote the PIN is not shown, and the only way to see it again is to generate a new PIN (that is bad)

Expected behavior

After reboot I would expect to see the PIN code, or at least be able to press the dots to see the PIN code. But at the moment I need to generate a new PIN.

System version

1.4.8

What part of the system affected by the problem?

UI

Additional context

This is a bit of a pain as all my CURL commands have to be edited. Often many times per day. Forcing me to get up from my computer, and walk to the Dock next to the TV to generate a new PIN. Are you all trying to get me fit or something ;)

zehnm commented 7 months ago

Not revealing the pin anymore after a restart has been a design decision and is a feature.

Once generated, the pin can no longer be retrieved from the system anymore. The pin is not stored in plain text. It is only shown in the UI as long as the device is not restarted.

Using the web-configurator credentials for external scripting access should be avoided, for the reasons you mentioned above. Also, access will be denied if the web-configurator is disabled in the UI (which could be intended or not).

Create an independent API-key instead:

  1. Create a new key with the current web-configurator pin in $PIN: 
    curl 'http://$IP/api/auth/api_keys' \
--header 'Content-Type: application/json' \
-u "web-configurator:$PIN" \
--data '{
"name": "curl access key",
"scopes": [
"admin"
]
}'
  2. Store the returned API key in api_key in a safe place. It cannot be retrieved anymore and is only shown once in the response message. Example response: 
    {
"name": "curl access key",
"api_key": "UYq_6Yv.ODE4ODRmY2Q0YThhNDRkYTk2ZWZjNGFmOWY3MmVlNjkuNWMxNDBkZjQxODlhNDdlYzkxNDQyZGY1YzA2YTMxY2U",
"active": true,
"scopes": [
    "admin"
]
}
  3. Use the API key as bearer token in your curl commands. Example: 
    curl 'http://$IP/api/system' \
--header 'Authorization: Bearer UYq_6Yv.ODE4ODRmY2Q0YThhNDRkYTk2ZWZjNGFmOWY3MmVlNjkuNWMxNDBkZjQxODlhNDdlYzkxNDQyZGY1YzA2YTMxY2U'

After I've updated the authentication documentation in the core-api repository I will close this ticket.