Unable to set authAccounts #72
Comments
|
So when you enter a username and password at /admin/authenticate/login.html
and the username doesn't exist and the registerNotice permission for the
request is set to true (by default this would only be the case on
localhost), it will print a bunch of information to the terminal, including
the public key, which you then paste into the clientKeys hashmap.
- clientKeys - A hashmap of { [username]: { publicKey, cookieSalt } }
https://arlen22.github.io/tiddlyserver/docs/serverconfig.html#authaccounts
So it would look like this.
clientKeys: {
"username": { "publicKey": "base64string", "cookieSalt": "anystring" }
}
…On Sat, Sep 7, 2019 at 19:58 UjCbFwtBayFM ***@***.***> wrote:
Could you provide an example of authAccounts use ? I've been trying to
make it work and nothing seems to pass validation.
The closest thing I guess shoud work (if I understand documentation
correctly) is :
{
"tree": "./webroot",
"authAccounts": {
"permissions": {
"putsaver": true,
"writeErrors": true,
"upload": true,
"mkdir": true,
"websockets": true,
"registerNotice": true
},
"clientKeys": {"user": {"hash", "salt"}},
},
"bindInfo": {
"bindAddress": ["127.0.0.1"],
},
"putsaver": {
"backupFolder": "../backups"
},
"$schema": "./settings-2-1.schema.json"
}
Instead it throws an invalid character error between hash and salt.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#72?email_source=notifications&email_token=AADLMQHTFZOCOWJ7RUNFBPTQIQ5ZJA5CNFSM4IURUM62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HJ7L7FQ>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AADLMQGO7GFG3NWBNNSHBVLQIQ5ZJANCNFSM4IURUM6Q>
.
|
|
I've updated the docs page authAccounts section to make it slightly clearer.
…On Mon, Sep 9, 2019 at 12:59 PM Arlen Beiler ***@***.***> wrote:
So when you enter a username and password at
/admin/authenticate/login.html and the username doesn't exist and the
registerNotice permission for the request is set to true (by default this
would only be the case on localhost), it will print a bunch of information
to the terminal, including the public key, which you then paste into the
clientKeys hashmap.
- clientKeys - A hashmap of { [username]: { publicKey, cookieSalt } }
https://arlen22.github.io/tiddlyserver/docs/serverconfig.html#authaccounts
So it would look like this.
clientKeys: {
"username": { "publicKey": "base64string", "cookieSalt": "anystring" }
}
On Sat, Sep 7, 2019 at 19:58 UjCbFwtBayFM ***@***.***>
wrote:
> Could you provide an example of authAccounts use ? I've been trying to
> make it work and nothing seems to pass validation.
> The closest thing I guess shoud work (if I understand documentation
> correctly) is :
>
> {
> "tree": "./webroot",
>
> "authAccounts": {
> "permissions": {
> "putsaver": true,
> "writeErrors": true,
> "upload": true,
> "mkdir": true,
> "websockets": true,
> "registerNotice": true
> },
> "clientKeys": {"user": {"hash", "salt"}},
> },
>
> "bindInfo": {
> "bindAddress": ["127.0.0.1"],
> },
> "putsaver": {
> "backupFolder": "../backups"
> },
> "$schema": "./settings-2-1.schema.json"
> }
>
> Instead it throws an invalid character error between hash and salt.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#72?email_source=notifications&email_token=AADLMQHTFZOCOWJ7RUNFBPTQIQ5ZJA5CNFSM4IURUM62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HJ7L7FQ>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AADLMQGO7GFG3NWBNNSHBVLQIQ5ZJANCNFSM4IURUM6Q>
> .
>
|
|
okay I modified the file, taking out one of the 'trees' and seeing the part that states the key is the account id, which I took to be 'design team', I added an account id. The modified settings.json: "authAccounts": { "bindInfo": { "$schema": "./settings-2-1.schema.json" and the error : { |
|
I'm sorry I can't seem to edit my post above. So I just added a transfer: true key to the permissions section and the server starts. I cannot find any reference to this key or what it does, however. |
|
@digitalap3 Thanks for posting this question. Im having the same problem. I added transfer:true to the permissions section but was unclear what you were referring to with "the server starts". |
|
@digitalap3 That looks good, but you need to wrap the whole thing in a authAccounts key. This should be sufficient to get the server started. {
"authAccounts": {
"authAccountsKey1 or whatever you want to name it": {
"permissions": {
"putsaver": true,
"writeErrors": true,
"upload": true,
"mkdir": true,
"websockets": true,
"registerNotice": true,
"loginlink": true,
"transfer": true
},
"clientKeys": { }
}
}
} |
|
Here's a short video I made that demonstrates the login process. Let me know here if you have any further questions. https://youtu.be/UfAiyubP8nY |
|
Hi Arlen, thanks for your pointers. EDIT: When I try to add the "transfer": true property I get the following error: Also it might be important to mention that I'm running [email protected] and that I've just upgraded tiddlywiki to 5.1.22 by running Any help you might provide is most welcome. Thanks! |
|
Replace your folder path string, with this object: {
"$element": "folder",
"path": "your folder path string",
"$options": [
{"$element": "auth", "authList": ["av"] }
]
},The authList array contains the authAccounts keys that are allowed to access this folder. |
|
Many thanks Arlen22! It's working perfectly! Below is my final |
|
Thank you sooooo much @zevarela this helped more than youll ever know. :D |
|
I was having similar issues setting up authentication. This thread helped greatly, though it is rather finicky. I am not getting the following error when I visit my TiddlyWiki externally (via a reverse nginx proxy). I did not get this error before applying this authentication 🤔
I do not get the error when visiting via local host, though the permissions are the same. Any idea how I can fix this? Settings.json file: Also, must I apply the permissions to a top level group? Or is there some way I can simply set it to the entire server? I do not like that people can get to the landing page to see even the top level group without signing in 😞 |
|
Yes, you can make a group the top level, and then apply everything to that. "tree": {
"$element": "group",
"$children": {
"Personal": "tw/Personal",
"WikiFiles": "/home/pi/SyncThing/WikiFiles"
},
"$options": [{"$element": "auth", "authList": ["jmo"] } ]
}, |
|
The other problem is probably related to some kind of cookie or method related problem related to reverse proxy. Check for failed network requests. Normally TiddlyWiki is not affected by TiddlyServer in this way, but in this case it is possible. Are there any errors in the server or browser console? |
|
@ohare93 , also, it's better to open a new issue for a new or only partially related problem. It helps to keep things simpler and I still get notified the same. |
Could you provide an example of
authAccountsuse ? I've been trying to make it work and nothing seems to pass validation.The closest thing I guess shoud work (if I understand documentation correctly) is :
Instead it throws an invalid character error between hash and salt.
The text was updated successfully, but these errors were encountered: