[BUG] basic auth does not enable unless enableGuestAccess: true

[ceramey1997]

Environment

Self-Hosted (Docker)

System

No response

Version

2.1.1

Describe the problem

Problem

Dashy basic authentication does not enable when adding the block below to the conf.yml

appConfig:
    auth:
        users:
        - user: myadmin
          hash: <sha256hash>

To make basic auth function with dashy you have to add the enableGuestAccess: true. If guest Access is false then basic auth functions properly.

Additional info

No response

Please tick the boxes

• You have explained the issue clearly, and included all relevant info
• You are using a supported version of Dashy
• You've checked that this issue hasn't already been raised
• You've checked the docs and troubleshooting guide
• You agree to the code of conduct

[liss-bot]

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

[15064187978]

Hello, can you help me?

[CristianT]

I can confirm that behavior, but in the docker image 'lissy93/dashy:2.1.0' this does not happen.

[15064187978]

我可以确认该行为，但在 docker 图像 'lissy93/dashy:2.1.0' 中不会发生这种情况。

I upgraded to version 2.1.1 and solved this problem

[Keskejefaislamoi]

can you copy/past your config file ? I'm under V-2.1.1, basic auth seems not working for me
guest user can edit frontend and no auth window prompted :(

i also tryed : enableGuestAccess: false and true, same no auh prompted :s

• No auth with Docker 2.1.1 IMG

docker run -p 4000:80 -v /root/conf.yml:/app/public/conf.yml lissy93/dashy:latest

• No auth downloaded and compiled from sources

guest user can access to the config

npm -version
9.1.2
node --version
v16.18.1

cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"

pageInfo:
  title: network.local
  description: network.local Front Dashboard
  navLinks:
    - title: GitHub
      path: https://github.com/Lissy93/dashy
    - title: Documentation
      path: https://dashy.to/docs
appConfig:
  auth:
    enableGuestAccess: false
    users:
    - user: myuser
      hash: SHA256EXAMPLESTRINGFORPASSWORD
      type: admin
sections:
  - name: Getting Started
    icon: fas fa-rocket
    items:
      - title: Dashy Live
        description: Development a project management links for Dashy
        icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png
        url: https://live.dashy.to/
        target: newtab
        id: 0_1481_dashylive
      - title: GitHub
        description: Source Code, Issues and Pull Requests
        url: https://github.com/lissy93/dashy
        icon: favicon
        id: 1_1481_github
      - title: Docs
        description: Configuring & Usage Documentation
        provider: Dashy.to
        icon: far fa-book
        url: https://dashy.to/docs
        id: 2_1481_docs
      - title: Showcase
        description: See how others are using Dashy
        url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md
        icon: far fa-grin-hearts
        id: 3_1481_showcase
      - title: Config Guide
        description: See full list of configuration options
        url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md
        icon: fas fa-wrench
        id: 4_1481_configguide
      - title: Support
        description: Get help with Dashy, raise a bug, or get in contact
        url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md
        icon: far fa-hands-helping
        id: 5_1481_support

[top-cg]

Hello,
I have the same issue ... and this is really bad ...
To have the login working, i have to set the variable : enableGuestAccess: true
The login screen is coming back ... as a guest i'm not able to see anything on the dashboard (icons) ... but i'm able to drive though the setup file.

Very bad situation :(

[rubenmate]

I have a fresh install with this problem. Login is never shown if you don't enable guest access.

[gemorgan]

I confirm the same behavior and concur this is a very serious issue. It exposes SO much information that I'm having to shut dashy down until I can implement something to prevent exposing unwanted internal site information to users that shouldn't have it.

[gemorgan]

Also anyone with guest access can copy the password hashes of all users which immediately grants the guest full access to any account, including admin accounts. Dashy is 100% compromised at this point.

[top-cg]

Also anyone with guest access can copy the password hashes of all users which immediately grants the guest full access to any account, including admin accounts. Dashy is 100% compromised at this point.

I agree, the guest can see the config file.

[mitchnemirov]

While it is strange that auth doesn't show up if enableGuestAccess isn't set to true, you can prevent guests from editing (actually even seeing) your config by adding disableConfigurationForNonAdmin: true in your appConfig section.

Example appConfig:

appConfig:
  disableConfigurationForNonAdmin: true
  auth:
    enableGuestAccess: true
    users:
    - user: USERNAME
      hash: SHA256_HASH_GOES_HERE
      type: admin

Hope this helps!

[top-cg]

Thanks @mitchnemirov ... that's a good mitigation solution.
I was curious to understand where you found this info ... and it also helped me figuring out the up-to-date documentation is located on git and not on the website !

[TheRealGramdalf]

I was also getting this issue on my end, what made the difference for me was a combination of fixing some schema errors, destroying the container, and making sure to clear my browsers' cookies.

Essentially I believe the problem is partly with some system state that got left behind, so it seems to work on new installations but fails when upgrading from existing installations

[Lissy93]

Does this work if you manually edit conf.yml?
And like TheRealGramdalf said, clearing browser data may help too, as if you're logged in, that state will be saved locally (alternatively, just try in Incognito mode)

[LonginusL33T]

Okay I think I partially solved that whole auth mistery. (@Lissy93 FYI) There were mutiple problems which were understood to be a single issue.

Docker was not automatically rebuilding the app-> even tough the config was saved, it was not built and applied --> FIXED

Adding a user via GUI: When adding user with hash and then hitting the save below the application config, then trying to click save to disk, the button is just greyed out and it is not possible to click it, therefore the auth is never saved nor applied.

Adding the following part below appConfig enables auth for a user test with password test and type admin. This has been tested from me and Lissy on mutiple different systems and is confirmed to work.

appConfig:

  auth:
    users:
    - user: test
      hash: 9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08
      type: admin

@artemdanielov Can you confirm you have pulled the latest image with docker pull lissy93/dashy:latest and are running version 2.1.2 ? Could you share your docker log? sudo docker logs dashy replace dashy with the name of the dashy container, you can see the name with sudo docker ps. After pulling the new image make sure to redeploy the container.

This could also be done very easily, however this will update all your docker containers: sudo docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once

@LonginusL33T How are you activating auth? Through the GUI or through then conf.yml? Are you running the latest version of dashy? Look above for how to check and update.

When I save the changes through the GUI, the users array becomes empty whether I rebuild it manually or not

[artemdanielov]

opedning it in another browser or in incognito mode does not help. still - dashy is not asking for auth, but displaying notice at config save: "You cannot write changes to disk because you are not logged in as an administrator"

[TheRealGramdalf]

opedning it in another browser or in incognito mode does not help. still - dashy is not asking for auth, but displaying notice at config save: "You cannot write changes to disk because you are not logged in as an administrator"

I had this as well; try fixing any schema errors (shown in the browser console, typically ctrl + shift + i, or the dashy logs) which should trigger a rebuild. It should work after that.

On a more technical note, I believe the issue may be partly with rebuilding on startup - I'm not sure if it triggers properly or not (I'd have to double check with my instance).
Regardless of whether that works fine or not, I think it would be a good idea to add the option to have a "build cache" of sorts - it should be as simple as a bind mount/volume in /var/dist/public (or whatever the exact path is) - this currently fails because upon a rebuild, dashy attempts to rm -rf /var/dist/public - which fails, since /var/dist/public is a bind mount (and cannot be deleted, only unmounted). Changing this to rm -rf /var/dist/public/* should be all that's needed, though a mechanism to detect if the config has changed while offline (and trigger accordingly) would make sense in my mind.

[artemdanielov]

try fixing any schema errors (shown in the browser console, typically ctrl + shift + i

doesnt look like i have any relevant errors:

[TheRealGramdalf]

doesnt look like i have any relevant errors

Try changing anything in the conf.yml - could be as simple as adding a trailing / to a URL. Just something that triggers an automatic rebuild (not a manually triggered one)

[artemdanielov]

did it - same issue. i also rebuild the container - same, it does not asks for auth(
i also cleared all browser local storage and cache
additionally, for some reason, it shows this in consolу (cant check for updates):

[artemdanielov]

After enabling "guest access" the login button appears and i can log in as admin.
So it looks like there is definatle some issues here, because i did everything suggested and nothing seems to solve the problem.

[top-cg]

Hello,
I was able to change my setup and uncheck the option to provide guest access ... and it worked.

I was confuse at the begining because once this parameter was updated, asking the app to rebuild was ending in a fail.
I suppose the app rebuilt herself in the background ... and it worked.
I now have to log to access the app ... and no more guest access on the login page.

[Lissy93]

This should now be fixed in #1542 and released in 3.0.1

[liss-bot]

Hello! Looks like additional info is required for this issue to be addressed. Don't forget to provide this within the next few days to keep your ticket open.

[liss-bot]

Issue closed due to no response from user.