Initial/default admin user cannot be accessed when using demo authentication type
#6398
Comments
|
yes it make sense to allow the admin user to be configured with an email. That said: "Demo mode" is not an intended way to run Unleash for other things than small Demo/hackathons. |
|
Thanks, while I don't entirely understand the infrastructure we have in place for our implementation of the Unleash server, I believe it's not publicly exposed and involves security mechanisms outside the application itself, so the demo mode is used as a simpler access method that does not require creating user accounts and managing permissions for users across multiple teams. |
|
An alternative solution to the problem described inis to change the input form of demo-login to not require email if the user input is simply "admin". |
Linking the response to this that I've made in the PR |
This PR introduces a configuration option (`authentication.demoAllowAdminLogin`) that allows you to log in as admin when using demo authentication. To do this, use the username `admin`. ## About the changes The `admin` user currently cannot be accessed in `demo` authentication mode, as the auth mode requires only an email to log in, and the admin user is not created with an email. This change allows for logging in as the admin user only if an `AUTH_DEMO_ALLOW_ADMIN_LOGIN` is set to `true` (or the corresponding `authDemoAllowAdminLogin` config is enabled). <!-- Does it close an issue? Multiple? --> Closes #6398 ### Important files [demo-authentication.ts](https://github.com/Unleash/unleash/compare/main...00Chaotic:unleash:feat/allow_admin_login_using_demo_auth?expand=1#diff-c166f00f0a8ca4425236b3bcba40a8a3bd07a98d067495a0a092eec26866c9f1R25) ## Discussion points Can continue discussion of [this comment](#6447 (comment)) in this PR. --------- Co-authored-by: Thomas Heartman <[email protected]>
github-project-automation
bot
moved this from Support rotation
to Done
in Issues and PRs
Describe the feature request
Add an email field for the default/initial admin user created on startup so that the user can be accessed even when using the
demoauthentication type (which only uses email, not username or password).Background
The configuration options mention that a default admin user is created on startup. If a custom username or password are specified, they will be used instead of the defaults.
When using the
demoauthentication type, only an email is required to sign in. However, as the admin user is only created with a username and password, and no email, this user cannot be accessed without going into the database and manually adding an email to the admin user.This effectively means there is no way to perform actions that require admin permissions (including creating new users) without manually making changes to the admin user database record.
Solution suggestions
Adding an email to the default admin user and an email field to the existing
initialAdminUserconfiguration options would allow for the admin user to be used in thedemoauthentication type.The text was updated successfully, but these errors were encountered: