analytics icon indicating copy to clipboard operation
analytics copied to clipboard

Published 20 hours ago verified publisher icon plausible

Admin email changing in self-hosted instance without authentication

Open ukutaht opened this issue 2 years ago • 2 comments

Discussed in https://github.com/plausible/analytics/discussions/1224

Originally posted by JokerQyou August 3, 2021

Past Issues Searched

  • [X] I have searched open and closed issues to make sure that the bug has not yet been reported

Issue is a Bug Report

  • [X] This is a bug report and not a feature request, nor asking for self-hosted support

Describe the bug

If a user self-hosted Plausible, and set admin email via environment variable ADMIN_USER_EMAIL, disabled authentication via DISABLE_AUTH, and later he modified his email via the web interface, then he will not be able to login after a logout. The following behavior was observed:

  • Navigating to myinstance.com/ would result in 500 error page.
  • Trying to navigate to myinstance.com/sites would redirect to /login, despite DISABLE_AUTH being set to true.

Upon further investigation, it seems that DISABLE_AUTH is handled by a plugin called auto_auth, which essentially logs the admin in by using the admin email and admin password. However, these values are retrieved from environment variable rather than from database. So only after a modification to the ADMIN_USER_EMAIL environment variable and a restart (recreation of the container), will the user be able to view the site list normally.

Expected behavior

The user should be able to view the site list page directly after changing his email address via web interface.

Screenshots

No response

Environment

- OS: Linux, but not relevant.
- Browser: Chrome
- Browser Version: 91

ukutaht avatar Aug 26 '21 06:08 ukutaht

up

hotrungnhan avatar Sep 16 '21 15:09 hotrungnhan

Planned for 1.4.0 coming in October or November.

ukutaht avatar Sep 17 '21 10:09 ukutaht

this is fixed in the latest release @ruslandoga?

metmarkosaric avatar Dec 15 '22 21:12 metmarkosaric

It's more like we've deprecated DISABLE_AUTH so users shouldn't run into this problem anymore.

ruslandoga avatar Dec 16 '22 02:12 ruslandoga

thanks @ruslandoga! i've closed this now as we don't want old/irrelevant/fixed issues to be open in this list here. could you please check the other self-hosting related open issues and either close them or let me know which are fine to be closed? thanks!

metmarkosaric avatar Dec 16 '22 07:12 metmarkosaric

i've tagged all that i see are related to self hosting here: https://github.com/plausible/analytics/issues?q=is%3Aissue+is%3Aopen+label%3Aself-hosting

metmarkosaric avatar Dec 16 '22 07:12 metmarkosaric