Distro icon indicating copy to clipboard operation
Distro copied to clipboard

Published 20 hours ago verified publisher icon camicroscope

google authentication does not work / no other way to add a user?

Open catweis opened this issue 2 years ago • 8 comments

After installation (current Distro, installation with docker compose), I need to log in. The proposed way is using the google-account. However, this does not work. There is the "error 400". Based on the google page, there is a problem with the authentication solution used on the webpage?

Looking for other ways of adding users, I found in the documentation a solution with an add_user-file; which does not exist? Do I have to write it? And if so, which fields are required?

catweis avatar Feb 21 '23 09:02 catweis

It looks like I have some documentation to update.

The format for users in mongo is like

{
	"_id" : ObjectId("63a35103811aa405ae1e73a2"),
	"email" : "[email protected]",
	"userType" : "Admin",
	"userFilter" : "['**']"
}

You can add a user directly to mongo, or alternatively temporary disable security and go to /apps/signup/signup.html to add a user there.

If you're getting an issue from google itself, please let me know.

birm avatar Feb 22 '23 17:02 birm

Thank you for your fast response. Unfortunately, I do not know how to access mongo (within the docker container) and how to add then a user. And the other user adding version from the documentation (with the adduser.json) does not work since there is no such file, and I do not know where to place it.

catweis avatar Feb 26 '23 07:02 catweis

We had to remove the "easy" method of user addition due to some kubernetes/openshift constraints about our indexer container.

Anyway, to get a mongo shell, run docker exec -it ca-mongo mongo and use camic to get into the right database.

birm avatar Feb 28 '23 07:02 birm

I added user according to the query given above but I am not able to login. Could you please suggest any solution to this? @birm

psankhe28 avatar Mar 01 '23 16:03 psankhe28

I neglected to mention the easiest way to add a user; either run develop.yml or disable security (temporarily or otherwise; see the environment variable in develop.yml under caracal) then simply add the user using the user sign up page (/apps/signup/signup.html)

The email should match the email from a google id token.

birm avatar Mar 02 '23 18:03 birm

Thank you very much for your suggestions. The version with the development.yml file works. But allowing everybody to add a user etc. does not seems fine to me. Therefore, a more secure solution seems to be mandatory.

However, the other mentioned methods do not work for me: #1 I can access the mongo database, but I have no clue how to add a user there. With db.addUser and your suggestions above, it does not work. #2 I do not know how to disable the security temporarily. I am sorry.

Maybe the question at psankhe28: How did you add a user?

catweis avatar Mar 03 '23 11:03 catweis

Thank you very much for your suggestions. The version with the development.yml file works. But allowing everybody to add a user etc. does not seems fine to me. Therefore, a more secure solution seems to be mandatory.

However, the other mentioned methods do not work for me: #1 I can access the mongo database, but I have no clue how to add a user there. With db.addUser and your suggestions above, it does not work. #2 I do not know how to disable the security temporarily. I am sorry.

Maybe the question at psankhe28: How did you add a user?

I tried by adding the user directly in mongo database. But its not working. Have you found any solution to this? @catweis

psankhe28 avatar Mar 04 '23 18:03 psankhe28

Hi! I am Tingyuan (Leon). Thank you for previous discussion, it inspired me a lot.

By running develop.yml , I successfully sign up a temporary account.

I also tried the other two potential methods, however, as @catweis said, they do not work.

The followings are my tries on these two methods:

  • For the way of manually adding account in mongo database, I successfully added a new account data in the local database called 'camic'. But no matter how I restart or rebuild the service, it still shows that "User not added". image

Log: image

  • For the way of temporarily disabling security check, I did not found develop.yml under Caracal, but I did found there were config related with security check in .env file that was copied and renamed from .env.example. image

I tried modifying both DISABLE_SEC and ALLOW_PUBLIC to value of true, and made sure configs in .env were run by re-executing setup_script.sh under Caracal, but it still did not worked.

In short, for now, it seems like running develop.yml is the only way to access the system.

I know it is very likely that there is something wrong with my operations, so I will be extremely happy if anyone could point me in the right direction! Thank you so much!

CoToYo avatar Mar 31 '23 05:03 CoToYo