Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google authentication does not work / no other way to add a user? #204

Open
catweis opened this issue Feb 21, 2023 · 8 comments
Open

google authentication does not work / no other way to add a user? #204

catweis opened this issue Feb 21, 2023 · 8 comments

Comments

@catweis
Copy link

catweis commented Feb 21, 2023

After installation (current Distro, installation with docker compose), I need to log in. The proposed way is using the google-account. However, this does not work.
There is the "error 400". Based on the google page, there is a problem with the authentication solution used on the webpage?

Looking for other ways of adding users, I found in the documentation a solution with an add_user-file; which does not exist?
Do I have to write it? And if so, which fields are required?
@birm
Copy link
Member

birm commented Feb 22, 2023

It looks like I have some documentation to update.

The format for users in mongo is like

{
	"_id" : ObjectId("63a35103811aa405ae1e73a2"),
	"email" : "[email protected]",
	"userType" : "Admin",
	"userFilter" : "['**']"
}

You can add a user directly to mongo, or alternatively temporary disable security and go to /apps/signup/signup.html to add a user there.

If you're getting an issue from google itself, please let me know.

@catweis
Copy link
Author

catweis commented Feb 26, 2023

Thank you for your fast response.
Unfortunately, I do not know how to access mongo (within the docker container) and how to add then a user.
And the other user adding version from the documentation (with the adduser.json) does not work since there is no such file, and I do not know where to place it.

@birm
Copy link
Member

birm commented Feb 28, 2023

We had to remove the "easy" method of user addition due to some kubernetes/openshift constraints about our indexer container.

Anyway, to get a mongo shell, run docker exec -it ca-mongo mongo and use camic to get into the right database.

@psankhe28
Copy link

I added user according to the query given above but I am not able to login. Could you please suggest any solution to this? @birm

@birm
Copy link
Member

birm commented Mar 2, 2023

I neglected to mention the easiest way to add a user; either run develop.yml or disable security (temporarily or otherwise; see the environment variable in develop.yml under caracal) then simply add the user using the user sign up page (/apps/signup/signup.html)

The email should match the email from a google id token.

@catweis
Copy link
Author

catweis commented Mar 3, 2023

Thank you very much for your suggestions.
The version with the development.yml file works. But allowing everybody to add a user etc. does not seems fine to me.
Therefore, a more secure solution seems to be mandatory.

However, the other mentioned methods do not work for me:
#1 I can access the mongo database, but I have no clue how to add a user there. With db.addUser and your suggestions above, it does not work.
#2 I do not know how to disable the security temporarily. I am sorry.

Maybe the question at psankhe28: How did you add a user?

@psankhe28
Copy link

Thank you very much for your suggestions. The version with the development.yml file works. But allowing everybody to add a user etc. does not seems fine to me. Therefore, a more secure solution seems to be mandatory.

However, the other mentioned methods do not work for me: #1 I can access the mongo database, but I have no clue how to add a user there. With db.addUser and your suggestions above, it does not work. #2 I do not know how to disable the security temporarily. I am sorry.

Maybe the question at psankhe28: How did you add a user?

I tried by adding the user directly in mongo database. But its not working. Have you found any solution to this? @catweis

@CoToYo
Copy link

CoToYo commented Mar 31, 2023
edited
Loading

Hi! I am Tingyuan (Leon).
Thank you for previous discussion, it inspired me a lot.

By running develop.yml , I successfully sign up a temporary account.

I also tried the other two potential methods, however, as @catweis said, they do not work.

The followings are my tries on these two methods:

  • For the way of manually adding account in mongo database, I successfully added a new account data in the local database called 'camic'. But no matter how I restart or rebuild the service, it still shows that "User not added".
    image

Log:
image

  • For the way of temporarily disabling security check, I did not found develop.yml under Caracal, but I did found there were config related with security check in .env file that was copied and renamed from .env.example.
    image

I tried modifying both DISABLE_SEC and ALLOW_PUBLIC to value of true, and made sure configs in .env were run by re-executing setup_script.sh under Caracal, but it still did not worked.

In short, for now, it seems like running develop.yml is the only way to access the system.

I know it is very likely that there is something wrong with my operations, so I will be extremely happy if anyone could point me in the right direction! Thank you so much!

@CoToYo CoToYo mentioned this issue Apr 3, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@birm @catweis @CoToYo @psankhe28