Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to login to WebUI #188

Open
pkreuzt opened this issue May 9, 2023 · 9 comments
Open

Unable to login to WebUI #188

pkreuzt opened this issue May 9, 2023 · 9 comments
Assignees
@WangYihang
Labels
bug Something isn't working

Comments

@pkreuzt
Copy link

pkreuzt commented May 9, 2023

After successful registration, trying to log in returns to login page every time without advancing further. On Platypus console it shows this as web browser tries to authenticate:

2023/05/09 21:20:24 Notify client connected from: 127.0.0.1:50856
2023/05/09 21:20:39 Notify client disconnected from: 127.0.0.1:50856

DB file exists and is populated. Relevant portion of config file:

restful:
  host: "127.0.0.1"
  port: 7331
  # `enable: true` means starting RESTful Server when Platypus starts.
  enable: true
  JWTRefreshKey: "cc"
  JWTAccessKey: "cc"
  RefreshExpireTime: 864000
  AccessExpireTime: 1200
  DBFile: "gorm.db"
@t101804
Copy link

t101804 commented Sep 25, 2023

After successful registration, trying to log in returns to login page every time without advancing further. On Platypus console it shows this as web browser tries to authenticate:

2023/05/09 21:20:24 Notify client connected from: 127.0.0.1:50856
2023/05/09 21:20:39 Notify client disconnected from: 127.0.0.1:50856

DB file exists and is populated. Relevant portion of config file:

restful:
  host: "127.0.0.1"
  port: 7331
  # `enable: true` means starting RESTful Server when Platypus starts.
  enable: true
  JWTRefreshKey: "cc"
  JWTAccessKey: "cc"
  RefreshExpireTime: 864000
  AccessExpireTime: 1200
  DBFile: "gorm.db"

any fix?

@WangYihang WangYihang self-assigned this Sep 18, 2024
@WangYihang WangYihang added the bug Something isn't working label Sep 18, 2024
@WangYihang
Copy link
Owner

Thanks for reporting, I will check it out soon.

@taomujian
Copy link

我也遇到了这个问题,找到原因了,问题是浏览器一直无法设置登录成功后返回Cookie中的refresh,原因是配置文件中7331端口对应的ip是127.0.0.1,返回Cookie中的refresh中domain的值是家庭宽带的公网IP地址,这个地址和127.0.0.1不一样,导致浏览器无法设置对应的Cookie,后端验证账号和密码成功后返回Cookie中的refresh时可以把domain的值改为配置文件中7331端口对应的ip,而不是公网IP地址,在internal/context/server.go文件中第104行修改。

@taomujian
Copy link

可以改为Conf.RestfulConf.Domain = Conf.RestfulConf.Host

@WangYihang
Copy link
Owner

感谢反馈,如果愿意的话,欢迎提交 Pull Request,您的贡献将会被添加到 README 中的致谢列表里。

@taomujian
Copy link

我看了下,发现2年前chengzhao.chen提交的新增rbac和用户模块可以在公网上使用相关功能被你9.16号的commit覆盖掉了,我修改的地方是基于9.16之前的代码,现在是不要这块功能了嘛?

@WangYihang
Copy link
Owner

这部分计划重构一下,RBAC 对于这个项目的意义并不是很大,个人认为“基于 Token 的认证”已足够防止未授权访问。

@taomujian
Copy link

好的,那我就先不pull了。现在代码并没有给Web页面加上验证,只要对外开放,貌似都能访问,个人认为RBAC意义还是很大的,Web服务能很好的进行多人之间的协同,通过***等资产引擎能搜到一些没有验证的Platypus服务,能直接看到里面的一些信息。

@WangYihang
Copy link
Owner

非常感谢您的建议!

通过***等资产引擎能搜到一些没有验证的Platypus服务,能直接看到里面的一些信息。

啊真的吗?我原本以为这个工具只有在 CTF AWD 里有人用 /捂脸

确实,最开始这个工具只是设计作为一个命令行程序,即用户需要将 Platypus 部署在一台具有公网 IP 的服务器上,通过命令行和服务器进行交互。

后来为了方便管理,添加了 Web 界面,默认情况下,Web 界面应该仅监听在 127.0.0.1,且没有任何认证。

目前这个工具还有很多不足的地方,我之前在文档里写过一个 Roadmap(比如:服务端与控制端分离、控制端跨平台、通过 Web UI 对 Session 进行管理(如:上传、下载、编辑文件)、对用户操作进行记录)。

但是由于最近一两年较忙,且这个项目如果继续的话其实就变成“主机管理工具(如:jumpserver)”了,因此一直搁置。

如果有兄弟感兴趣的话,可以一起想办法把这个项目盘活。

目前看起来添加一个有效的身份认证机制比较紧迫,有一些比较 Fancy 的功能我本地有一些概念验证,但一直没有时间合并。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WangYihang WangYihang

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pkreuzt @WangYihang @taomujian @t101804