dashy
dashy copied to clipboard
Lissy93
[BUG] basic auth does not enable unless `enableGuestAccess: true`
Environment
Self-Hosted (Docker)
System
No response
Version
2.1.1
Describe the problem
Problem
Dashy basic authentication does not enable when adding the block below to the conf.yml
appConfig:
auth:
users:
- user: myadmin
hash: <sha256hash>
To make basic auth function with dashy you have to add the enableGuestAccess: true. If guest Access is false then basic auth functions properly.
Additional info
No response
Please tick the boxes
- [X] You have explained the issue clearly, and included all relevant info
- [X] You are using a supported version of Dashy
- [X] You've checked that this issue hasn't already been raised
- [X] You've checked the docs and troubleshooting guide
- [X] You agree to the code of conduct
If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated
I can confirm that behavior, but in the docker image 'lissy93/dashy:2.1.0' this does not happen.
我可以确认该行为,但在 docker 图像 'lissy93/dashy:2.1.0' 中不会发生这种情况。
I upgraded to version 2.1.1 and solved this problem
can you copy/past your config file ? I'm under V-2.1.1, basic auth seems not working for me guest user can edit frontend and no auth window prompted :(
i also tryed : enableGuestAccess: false and true, same no auh prompted :s
- No auth with Docker 2.1.1 IMG
docker run -p 4000:80 -v /root/conf.yml:/app/public/conf.yml lissy93/dashy:latest
- No auth downloaded and compiled from sources
guest user can access to the config
npm -version
9.1.2
node --version
v16.18.1
cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
pageInfo:
title: network.local
description: network.local Front Dashboard
navLinks:
- title: GitHub
path: https://github.com/Lissy93/dashy
- title: Documentation
path: https://dashy.to/docs
appConfig:
auth:
enableGuestAccess: false
users:
- user: myuser
hash: SHA256EXAMPLESTRINGFORPASSWORD
type: admin
sections:
- name: Getting Started
icon: fas fa-rocket
items:
- title: Dashy Live
description: Development a project management links for Dashy
icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png
url: https://live.dashy.to/
target: newtab
id: 0_1481_dashylive
- title: GitHub
description: Source Code, Issues and Pull Requests
url: https://github.com/lissy93/dashy
icon: favicon
id: 1_1481_github
- title: Docs
description: Configuring & Usage Documentation
provider: Dashy.to
icon: far fa-book
url: https://dashy.to/docs
id: 2_1481_docs
- title: Showcase
description: See how others are using Dashy
url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md
icon: far fa-grin-hearts
id: 3_1481_showcase
- title: Config Guide
description: See full list of configuration options
url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md
icon: fas fa-wrench
id: 4_1481_configguide
- title: Support
description: Get help with Dashy, raise a bug, or get in contact
url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md
icon: far fa-hands-helping
id: 5_1481_support
Hello,
I have the same issue ... and this is really bad ...
To have the login working, i have to set the variable : enableGuestAccess: true
The login screen is coming back ... as a guest i'm not able to see anything on the dashboard (icons) ... but i'm able to drive though the setup file.
Very bad situation :(
I have a fresh install with this problem. Login is never shown if you don't enable guest access.
I confirm the same behavior and concur this is a very serious issue. It exposes SO much information that I'm having to shut dashy down until I can implement something to prevent exposing unwanted internal site information to users that shouldn't have it.
Also anyone with guest access can copy the password hashes of all users which immediately grants the guest full access to any account, including admin accounts. Dashy is 100% compromised at this point.
Also anyone with guest access can copy the password hashes of all users which immediately grants the guest full access to any account, including admin accounts. Dashy is 100% compromised at this point.
I agree, the guest can see the config file.
While it is strange that auth doesn't show up if enableGuestAccess isn't set to true, you can prevent guests from editing (actually even seeing) your config by adding disableConfigurationForNonAdmin: true in your appConfig section.
Example appConfig:
appConfig:
disableConfigurationForNonAdmin: true
auth:
enableGuestAccess: true
users:
- user: USERNAME
hash: SHA256_HASH_GOES_HERE
type: admin
Hope this helps!
Thanks @mitchnemirov ... that's a good mitigation solution. I was curious to understand where you found this info ... and it also helped me figuring out the up-to-date documentation is located on git and not on the website !
This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
I'm facing the same issue. While the solution @mitchnemirov proposed does work for the moment, I'd be better if the login prompt appears, without guest access being enabled.
See https://github.com/Lissy93/dashy/issues/1290#issuecomment-1884249018 for a full explanation/semi solution
For notifications: @ceramey1997 @15064187978 @CristianT @Keskejefaislamoi @top-cg @rubenmate @gemorgan @mitchnemirov @techsolo12 @hubortje Sorry if you didn't want to be pinged, but I figure you probably did - or you wouldn't have participated in the issue
Hi I have tested in it in the new release and can confirm I don't experience this problem anymore. This problems seems to be related to dashy not automatically rebuilding on changes, see #1479 and https://github.com/Lissy93/dashy/issues/1290#issuecomment-1884249018 A new release has just been published, which should fix this issue, so please upgrade to the latest version. If this is not the case just respond back to this ticket and I'll reopen this issue. Thanks and have a nice day.
I still get this problem in the new release even if I manually click rebuild. So far I've never seen the login screen.
I still get this problem in the new release even if I manually click rebuild. So far I've never seen the login screen.
Dashy should now automatically rebuild, can you share your conf.yml? But of course remove or change your password hash.
mmm ... it fails to rebuild the app :(
@top-cg
Can you be more exact? just with it "fails" we really cannot help you.
Please share the log, browser dev console and describe what's the error. If dashy is not working at all and it has nothing to do with auth, please create a new issue: https://github.com/Lissy93/dashy/issues/new/choose
Sorry ... The report was indeed far to be derailed. I will try to take for time asap to document with print screen
Hello! So basic auth still does not work. After adding nessesary lines to config.yaml, dashy doesnt ask for auth and also not letting me safe config to file because i am not logged in as admin.
appConfig:
theme: colorful
layout: auto
iconSize: large
language: en
auth:
enableGuestAccess: false
users:
- user: xxxxxx
hash: yyyyy
type: admin
Sorry ... The report was indeed far to be derailed. I will try to take for time asap to document with print screen
Can you describe how you "enable" auth, so it does not work?
Because for me it does indeed work.
Okay I think I partially solved that whole auth mistery. (@Lissy93 FYI) There were mutiple problems which were understood to be a single issue.
Docker was not automatically rebuilding the app-> even tough the config was saved, it was not built and applied --> FIXED
Adding a user via GUI: When adding user with hash and then hitting the save below the application config, then trying to click save to disk, the button is just greyed out and it is not possible to click it, therefore the auth is never saved nor applied.
Adding the following part below appConfig enables auth for a user test with password test and type admin. This has been tested from me and Lissy on mutiple different systems and is confirmed to work.
appConfig:
auth:
users:
- user: test
hash: 9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08
type: admin
@artemdanielov Can you confirm you have pulled the latest image with docker pull lissy93/dashy:latest and are running version 2.1.2 ? Could you share your docker log? sudo docker logs dashy replace dashy with the name of the dashy container, you can see the name with sudo docker ps. After pulling the new image make sure to redeploy the container.
This could also be done very easily, however this will update all your docker containers:
sudo docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once
@LonginusL33T How are you activating auth? Through the GUI or through then conf.yml? Are you running the latest version of dashy? Look above for how to check and update.
@CrazyWolf13 actually if i pull "latest" it pulls 2.1.1 (or 0, dont remember), so i pulled 2.1.2 specifically. I am using docker on qnap, so dont know how to do all this commands, but version is 2.1.2 freshly rebuild.
And i am adding auth through conf.yaml. Basically it is turning auth ON, but it is not asking me for credentials and i cant log in as admin, therefore it is not letting me save to file using gui: