infobyte
Unable to login to UI
Hello,
I’ve set up a faraday server development version using the below steps. I can access the GUI but I am unable to login. It gets stuck at invalid user and password. I have also tried to change the password manually but that does not help either. Could you please help me on it?
Steps: (Ubuntu 18 Server)
sudo apt install postgresql python3.6
sudo apt-get install python3-venv -y
git clone https://github.com/infobyte/faraday
cd faraday
python3 -m venv .venv
source .venv/bin/activate
sudo apt install python3-pip -y
pip3 install service_identity
sudo apt-get install python-psycopg2 -y
sudo apt-get install libpq-dev -y
python3 setup.py develop
faraday-manage initdb
faraday-server
Thanks! BR, Ayush
Hi,
Can you try to execute:
- enable debug in server.ini and restart the server
- faraday-manage status-check
- faraday-manage support (this will generate a .zip with faraday-server logs)
For enabling debug at server.ini go to ~/.faraday/config/server.ini and add debug=true to the [server] section.
Thanks
Hi,
Can you try to execute:
* enable debug in server.ini and restart the server * faraday-manage status-check * faraday-manage support (this will generate a .zip with faraday-server logs)For enabling debug at server.ini go to ~/.faraday/config/server.ini and add
debug=trueto the[server]section.Thanks
Please find the attached logs. Thanks for your help.
Hi,
Did you try to install Faraday using the .deb packages for ubuntu? Here is out releases webpage. And here the install steps. Don't re-execute initdb.
From the logs I can see that the server is not running or there is some firewall issue. If you use the development installation steps, you will need to manually start the server.
When you executed the faraday-manage support was the server running?
Thanks!
Hi,
Did you try to install Faraday using the .deb packages for ubuntu? Here is out releases webpage. And here the install steps. Don't re-execute initdb.
From the logs I can see that the server is not running or there is some firewall issue. If you use the development installation steps, you will need to manually start the server.
When you executed the
faraday-manage supportwas the server running?Thanks!
Please find the attached support logs. I've now manually started faraday-server but still unable to login. I need the development version, using .deb packages it works fine.
Please help in setting up development version.
this is what I see in the psql_log.log could not change directory to "/root/faraday": Permission denied CREATE ROLE
Hi,
From the logs, everything seems to be working fine (the error on psql_log is normal). Did you try to use faraday-manage sql-shell and try to execute any query? for example like showing all the tables with \d?
Also, try to login using the API with the following curl command:
curl -s 'http://127.0.0.1:5985/_api/login' \
-H 'Origin: http://127.0.0.1:5985' -H 'Accept-Encoding: gzip, deflate, br' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-binary '{"email":"faraday","password": "changeme"}' \
--compressed -c cookie.txt
Make sure you change with the correct credentials on the --data-binary and with the URL 'http://127.0.0.1:5985/_api/login'.
You should see a json with the API token and the response with status code 200 (You could see a redirect).
For example:
{"meta":{"code":200},"response":{"user":{"authentication_token":"HIDE_ME","name":"[email protected]","username":"faraday"}}}
It does connect with API but cannot login with GUI. I can also list the tables with sql-shell.
curl -s 'http://127.0.0.1:5985/_api/login'
-H 'Origin: http://127.0.0.1:5985' -H 'Accept-Encoding: gzip, deflate, br'
-H 'Accept-Language: en-US,en;q=0.9'
-H 'Content-Type: application/json'
-H 'Accept: application/json, text/javascript, /; q=0.01'
-H 'Referer: http://127.0.0.1:5985/' -H 'X-Requested-With: XMLHttpRequest'
-H 'Connection: keep-alive'
--data-binary '{"email":"faraday","password": "ZcEu8kNUpQ85"}'
--compressed -c cookie.txt
{"meta":{"code":200},"response":{"user":{"authentication_token":"WyIxIiwiJDUkcm91bmRzPTUzNTAwMCRxSEdkRVFzSElOVXVNZjh1JENlTWtUOXpQcVRvV1A3c2VmYk9yeWRSdXQ0cVpuVzFZaTdHMnVhTU1YVzYiXQ.Xpakiw.8Rr5afIivT1I7bxV75DlAOD2GWA","name":null,"username":"faraday"}}}
Hi 26ayushagarwal!
We reproduced the issue and reinstalling flask-login and Werkzeug might fix it.Please run:
pip install Flask-Login==0.4.1 pip install Werkzeug==0.16.0
Thanks!
Hi, We are going to do a release next week and we will include this fix. The pip command should fix the login issue. Thanks!
Got the same issue since this week too, worked before, now i'm getting invalid login and the change-password does not looks like working. Data are written into the database but the credentials for the UI are different from the initdb credentials. In my case can't login from the api either
Yes it says change is successful but the new password doesn't work too. Also try to connect to sql-shell and the value looks like it changed but still not my password. Faraday-manage can contact the database whereas the faraday-server app. Getting some warning saying Flask writing in_memory
No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage
/home/vagrant/.local/lib/python3.9/site-packages/flask_sqlalchemy/__init__.py:851: UserWarning: Neither SQLALCHEMY_DATABASE_URI nor SQLALCHEMY_BINDS is set. Defaulting SQLALCHEMY_DATABASE_URI to "sqlite:///:memory:".
warnings.warn(
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
This script will create a new postgres user and save faraday-server settings (server.ini).
Creating database faraday
Saving database credentials file in /home/vagrant/.faraday/config/server.ini
Creating tables
INFO [alembic.runtime.migration] Context impl PostgresqlImpl.
INFO [alembic.runtime.migration] Will assume transactional DDL.
INFO [alembic.runtime.migration] Running stamp_revision -> 99a740945c44
Admin user created with
username: faraday
password: whatever
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2022-09-08T20:01:18+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5266] [migration.py:204 - __init__()] Context impl PostgresqlImpl.
2022-09-08T20:01:18+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5266] [migration.py:207 - __init__()] Will assume transactional DDL.
2022-09-08T20:01:18+0000 - faraday.start_server - WARNING {MainThread} [pid:5266] [start_server.py:53 - check_postgresql()] No workspaces found
2022-09-08T20:01:18+0000 - faraday.server.web - INFO {MainThread} [pid:5266] [web.py:87 - __init__()] Starting web server at http://0.0.0.0:8080/
2022-09-08T20:01:18+0000 - faraday.server.threads.reports_processor - INFO {ReportsManager-Thread} [pid:5266] [reports_processor.py:100 - run()] Reports Manager Thread [Start]
2022-09-08T20:01:18+0000 - faraday.server.threads.ping_home - INFO {PingHomeThread} [pid:5266] [ping_home.py:18 - run()] Ping Home Thread [Start]
2022-09-08T20:01:18+0000 - faraday.server.web - INFO {MainThread} [pid:5266] [web.py:155 - run()] Starting webserver with 2 threads.
2022-09-08T20:01:18+0000 - faraday.server.web - INFO {MainThread} [pid:5266] [web.py:105 - __build_websockets_resource()] Starting websocket server at port 9000 with bind address 0.0.0.0.
2022-09-08T20:01:18+0000 - faraday.server.web - INFO {MainThread} [pid:5266] [web.py:164 - run()] Faraday Server is ready
2022-09-08T20:04:33+0000 - faraday.server.app - WARNING {PoolThread-twisted.internet.reactor-0} [pid:5266] [app.py:487 - validate()] Invalid Login - User [faraday] from IP [10.0.0.247] at [2022-09-08 20:04:33.303820]
Faraday-server launched using a openrc service:
#!/sbin/openrc-run
command="/home/vagrant/.local/bin/faraday-server"
command_args="--bind 0.0.0.0 --port 8080"
command_background="yes"
command_user="vagrant"
pidfile="/home/vagrant/faraday.pid"
output_log="/home/vagrant/faraday.log"
error_log="/home/vagrant/faraday.err"
rc_verbose="yes"
~$ faraday-server -v
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2022-09-08T20:08:11+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5576] [migration.py:204 - __init__()] Context impl PostgresqlImpl.
2022-09-08T20:08:11+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5576] [migration.py:207 - __init__()] Will assume transactional DDL.
2022-09-08T20:08:11+0000 - faraday.start_server - WARNING {MainThread} [pid:5576] [start_server.py:53 - check_postgresql()] No workspaces found
Faraday v4.0.4
alembic==1.8.1
anyascii==0.3.1
apispec==4.7.1
apispec-webframeworks==0.5.2
appdirs==1.4.4
asn1crypto==1.4.0
attrs==20.3.0
autobahn==22.7.1
Automat==20.2.0
bcrypt==3.2.0
beautifulsoup4==4.11.1
bidict==0.22.0
bleach==4.1.0
blinker==1.5
CacheControl==0.12.6
cached-property==1.5.2
certifi==2020.12.5
cffi==1.14.5
chardet==4.0.0
cli-helpers==2.2.1
click==8.1.3
cloud-init==21.2
colorama==0.4.4
commonmark==0.9.1
configobj==5.0.6
constantly==15.1.0
contextlib2==0.6.0
cryptography==36.0.2
Deprecated==1.2.13
distlib==0.3.1
distro==1.5.0
dnspython==2.2.1
docker==5.0.0
docker-compose==1.28.0
docker-pycreds==0.4.0
dockerpty==0.4.1
docopt==0.6.2
email-validator==1.2.1
faraday-agent-parameters-types==1.0.4
faraday-plugins==1.7.0
faradaysec==4.0.4
filedepot==0.8.0
filteralchemy-fork==0.1.0
Flask==2.1.3
Flask-Classful==0.14.2
Flask-KVSession-fork==0.6.4
Flask-Limiter==2.6.2
Flask-Login==0.6.1
Flask-Mail==0.9.1
Flask-Principal==0.4.0
Flask-Security-Too==5.0.1
Flask-SocketIO==5.3.0
Flask-SQLAlchemy==2.5.1
Flask-WTF==1.0.1
greenlet==1.1.3
html2text==2020.1.16
html5lib==1.1
hyperlink==21.0.0
idna==3.2
importlib-metadata==4.12.0
incremental==21.3.0
ipaddress==1.0.23
itsdangerous==2.1.2
Jinja2==3.0.1
jsonpatch==1.32
jsonpointer==2.1
jsonschema==3.2.0
limits==2.7.0
lockfile==0.12.2
lxml==4.9.1
Mako==1.2.2
MarkupSafe==2.0.1
marshmallow==3.12.2
marshmallow-sqlalchemy==0.28.0
msgpack==1.0.2
nplusone==1.0.0
ordered-set==4.0.2
packaging==21.3
paramiko==2.7.2
passlib==1.7.4
pendulum==2.1.2
pep517==0.10.0
pgcli==3.4.1
pgspecial==1.13.1
Pillow==9.2.0
progress==1.5
prompt-toolkit==3.0.31
psycopg2==2.9.3
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycparser==2.20
Pygments==2.13.0
PyJWT==2.4.0
PyNaCl==1.4.0
pyOpenSSL==22.0.0
pyotp==2.6.0
pyparsing==2.4.7
pyrsistent==0.17.3
PySocks==1.7.1
python-dateutil==2.8.2
python-dotenv==0.17.1
python-engineio==4.3.4
python-socketio==5.7.1
pytz==2022.2.1
pytzdata==2020.1
PyYAML==5.4.1
requests==2.25.1
retrying==1.3.3
rich==12.5.1
service-identity==21.1.0
setproctitle==1.3.2
simplejson==3.17.6
simplekv==0.14.1
six==1.15.0
soupsieve==2.3.2.post1
SQLAlchemy==1.3.24
sqlparse==0.4.2
syslog-rfc5424-formatter==1.2.3
tabulate==0.8.10
texttable==1.6.3
toml==0.10.2
tqdm==4.64.1
Twisted==22.8.0
txaio==22.2.1
typing-extensions==4.3.0
urllib3==1.26.5
wcwidth==0.2.5
webargs==8.2.0
webencodings==0.5.1
websocket-client==0.58.0
Werkzeug==2.0.1
wrapt==1.14.1
WTForms==3.0.1
zipp==3.8.1
zope.interface==5.4.0
@Dr4s1l we have some problems with dependencies, We can't use fixed versions in requirement because of kali. thats why I recommend using docker
@Dr4s1l the best thing you can do if you don't want to use docker is to use our deb/rpm versions. That use nix that freeze the dependencies, you can download it from here https://github.com/infobyte/faraday/releases/tag/v4.0.4
@Dr4s1l what? Ok now I'm lost
Can you try with a very simple password? change-password has no limit so you can use 1234 if you want. And try again
wget https://github.com/infobyte/faraday/releases/download/v4.0.4/faraday-server_amd64.deb && dpkg -i faraday-server_amd64.deb
faraday-manage change-password --username faraday --password sL22g9UqxkiP
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
Password changed succesfully
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2022-09-08T21:08:37+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5267] [migration.py:204 - __init__()] Context impl PostgresqlImpl.
2022-09-08T21:08:37+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5267] [migration.py:207 - __init__()] Will assume transactional DDL.
2022-09-08T21:08:37+0000 - faraday.start_server - WARNING {MainThread} [pid:5267] [start_server.py:53 - check_postgresql()] No workspaces found
2022-09-08T21:08:37+0000 - faraday.server.web - INFO {MainThread} [pid:5267] [web.py:87 - __init__()] Starting web server at http://0.0.0.0:8080/
2022-09-08T21:08:37+0000 - faraday.server.threads.reports_processor - INFO {ReportsManager-Thread} [pid:5267] [reports_processor.py:100 - run()] Reports Manager Thread [Start]
2022-09-08T21:08:37+0000 - faraday.server.threads.ping_home - INFO {PingHomeThread} [pid:5267] [ping_home.py:18 - run()] Ping Home Thread [Start]
2022-09-08T21:08:37+0000 - faraday.server.web - INFO {MainThread} [pid:5267] [web.py:155 - run()] Starting webserver with 2 threads.
2022-09-08T21:08:37+0000 - faraday.server.web - INFO {MainThread} [pid:5267] [web.py:105 - __build_websockets_resource()] Starting websocket server at port 9000 with bind address 0.0.0.0.
2022-09-08T21:08:37+0000 - faraday.server.web - INFO {MainThread} [pid:5267] [web.py:164 - run()] Faraday Server is ready
2022-09-08T21:09:44+0000 - faraday.server.app - WARNING {PoolThread-twisted.internet.reactor-0} [pid:5267] [app.py:487 - validate()] Invalid Login - User [faraday] from IP [10.0.0.247] at [2022-09-08 21:09:44.410098]
2022-09-08T21:10:30+0000 - faraday.server.app - WARNING {PoolThread-twisted.internet.reactor-0} [pid:5267] [app.py:487 - validate()] Invalid Login - User [faraday] from IP [10.0.0.247] at [2022-09-08 21:10:30.214879]
2022-09-08T21:10:36+0000 - faraday.server.app - WARNING {PoolThread-twisted.internet.reactor-0} [pid:5267] [app.py:487 - validate()] Invalid Login - User [faraday] from IP [10.0.0.247] at [2022-09-08 21:10:36.452527]
/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2022-09-08T21:11:36+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5533] [migration.py:204 - __init__()] Context impl PostgresqlImpl.
2022-09-08T21:11:36+0000 - alembic.runtime.migration - INFO {MainThread} [pid:5533] [migration.py:207 - __init__()] Will assume transactional DDL.
2022-09-08T21:11:36+0000 - faraday.start_server - WARNING {MainThread} [pid:5533] [start_server.py:53 - check_postgresql()] No workspaces found
Faraday v4.0.4
@Dr4s1l you are installing the deb but you are still using the code version "/home/vagrant/.local/lib/python3.9/site-packages/flask_limiter/extension.py:317"
If it was the code installed by the deb that path would be different
@Dr4s1l if installed with the deb to start faraday user sudo systemctl restart faraday-server.service
No systemd on alpine but I have hardcoded the full path into a openrc service, should do the job, waiting for deployment ending
ok We don't test on alpine so I can't guarantee you anything. We test the deb on debian and ubuntu
with full path you mean /opt/faraday/bin/faraday-server?
thats is where the deb install the launcher
Yes
8 sept. 2022 23:29:44 Nicolas Rebagliati @.***>:
with full path you mean /opt/faraday/bin/faraday-server? thats is where the deb install the launcher
— Reply to this email directly, view it on GitHub[https://github.com/infobyte/faraday/issues/394#issuecomment-1241253211], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ACZMZDL6TNLG4ERTZKRTB4LV5JLEPANCNFSM4MHAXEPA]. You are receiving this because you were mentioned.[Image de pistage][https://github.com/notifications/beacon/ACZMZDK6WUBNVB5SZ62PN53V5JLEPA5CNFSM4MHAXEPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOJH6AKWY.gif]