breakfix: authdbctl connect runtime error

[dczysz]

Describe the issue

I'm trying to connect to a Caddy container from my host machine, but I'm stuck on this error coming from net/http. I noticed your README has the password field commented out, but that didn't seem to make a difference. So maybe I have something else configured incorrectly?

config.yml:

---
base_url: "https://localhost"
username: "webadmin"
password: "<redacted>"
realm: "local"

Error:

$ ./authdbctl.exe -c config.yml --debug connect
{"level":"debug","time":"2022-03-30T09:26:30.013-0600","msg":"token file does not exist","path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt"}
{"level":"debug","time":"2022-03-30T09:26:30.014-0600","msg":"runtime configuration","config_path":"config.yml","base_url":"https://localhost","token_path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt","username":"webadmin","realm":"local"}
{"level":"debug","time":"2022-03-30T09:26:30.039-0600","msg":"request redirected","redirect_url":"/auth?redirect_url=https%3A%2F%2Flocalhost%2Flogin"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x38 pc=0xfea438]

goroutine 1 [running]:
net/http.(*Response).Cookies(...)
        C:/Program Files/Go/src/net/http/response.go:126
main.connect(0xc000049b40)
        C:/Users/dczysz/dev/go-authcrunch/cmd/authdbctl/connect.go:67 +0x5f8
github.com/urfave/cli/v2.(*Command).Run(0xc00014ea20, 0xc000026980)
        C:/Users/dczysz/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:163 +0x64a
github.com/urfave/cli/v2.(*App).RunContext(0xc000166680, {0x110f2f0, 0xc000014050}, {0xc00010e000, 0x5, 0x8})
        C:/Users/dczysz/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:313 +0x81e
github.com/urfave/cli/v2.(*App).Run(...)
        C:/Users/dczysz/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:224
main.main()
        C:/Users/dczysz/dev/go-authcrunch/cmd/authdbctl/main.go:108 +0x45

Go version:

$ go version
go version go1.17.3 windows/amd64

Installation steps taken:
I'm not too familiar with Go but this seemed to do the job so I'm guessing this part isn't the issue.

git clone https://github.com/greenpau/go-authcrunch.git
cd go-authcrunch/cmd/authdbctl
go build

[dczysz]

Caddy version in case it's useful:

$ /usr/bin/caddy version
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

$ caddy list-modules -versions
...
http.authentication.providers.authorize v1.3.24
http.handlers.authp v1.4.39
http.handlers.trace v1.1.8

  Non-standard modules: 3

Edit: Hmm just realized this is still using authp instead of caddy-security, maybe that's my issue.

[greenpau]

Edit: Hmm just realized this is still using authp instead of caddy-security, maybe that's my issue.

@dczysz, this is the issue you don't have enable admin api in authp

                authentication portal myportal {
                        enable admin api
                }

[greenpau]

@dczysz , at the same time, there is a bug with error handling which needs to be fixed:

go-authcrunch/cmd/authdbctl/connect.go

Lines 63 to 73 in dc55c40

	if redirectURL != "" {
	wr.logger.Debug("request redirected", zap.String("redirect_url", redirectURL))
	req, _ := http.NewRequest(http.MethodGet, redirectURL, nil)
	respBody, resp, err = wr.browser.Do(req)
	for _, cookie := range resp.Cookies() {
	if cookie.Name == wr.config.CookieName {
	wr.config.token = cookie.Value
	}
	}
	}

I need to check error here.

[dczysz]

this is the issue you don't have enable admin api in authp

Ah that makes sense. I'll give that a try then.

[dczysz]

Is this the error you're talking about or is this something else? Never mind, you probably mean not catching the previous error. This is where I'm stuck at now, but I don't see a reason for why it couldn't get the token.

$ ./authdbctl.exe --debug connect
{"level":"debug","time":"2022-03-30T11:16:50.212-0600","msg":"token file does not exist","path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt"}
{"level":"debug","time":"2022-03-30T11:16:50.212-0600","msg":"runtime configuration","config_path":"~/.config/authdbctl/config.yaml","base_url":"https://localhost","token_path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt","username":"webadmin","realm":"local"}
{"level":"debug","time":"2022-03-30T11:16:50.235-0600","msg":"logged in successfully"}
2022/03/30 11:16:50 failed to obtain auth token

I can back off for a bit if you'd like so I'm not bombarding you with issues if it's still WIP 😄

[greenpau]

@dczysz , please try with the latest release and see what the error is.

[greenpau]

@dczysz , also, you might be also interested in this latest feature https://github.com/authp/authp.github.io/issues/14. In short, you can set environment variables prior to starting a new server and the identity store's admin user will have username, email, and/or password according to what it finds in:

• AUTHP_ADMIN_USER
• AUTHP_ADMIN_EMAIL
• AUTHP_ADMIN_SECRET

[dczysz]

@dczysz , please try with the latest release and see what the error is.

Hmm, with v1.0.23 I'm still getting the same output as before ending with failed to obtain token.

you can set environment variables prior to starting a new server and the identity store's admin user will have username, email, and/or password according to what it finds

This is a great feature, thanks!

[greenpau]

Hmm, with v1.0.23 I'm still getting the same output as before ending with failed to obtain token.

@dczysz , please add --debug flag and paste the logs.

authdbctl --debug ...

[dczysz]

$ cmd/authdbctl/authdbctl.exe --debug connect
{"level":"debug","time":"2022-04-11T10:25:45.411-0600","msg":"token file does not exist","path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt"}
{"level":"debug","time":"2022-04-11T10:25:45.411-0600","msg":"runtime configuration","config_path":"~/.config/authdbctl/config.yaml","base_url":"https://localhost","token_path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt","username":"webadmin","realm":"local"}
{"level":"debug","time":"2022-04-11T10:25:45.437-0600","msg":"logged in successfully"}
2022/04/11 10:25:45 failed to obtain auth token

$ cmd/authdbctl/authdbctl.exe --version
authdbctl 1.0.23, branch: main, commit: v1.0.22-8-gd4c2857

[greenpau]

2022/04/11 10:25:45 failed to obtain auth token

@dczysz , 👍

[greenpau]

"config_path":"~/.config/authdbctl/config.yaml"

@dczysz , how is it working with the above config path on Windows? where ~ might not be interpreted correctly.

[dczysz]

That might be it... If I put an invalid password in my config.yml I still get the same logs, including logged in successfully. So it seems like it's not reading my config file at all maybe. What does logged in successfully refer to then?

[greenpau]

What does logged in successfully refer to then?

@dczysz , it is a bug :-)

Please try passing config path with

./authdbctl.exe -c config.yml

Thank you for troubleshooting 👍

[dczysz]

I'm getting the same output when providing the config file with -c: logged in successfully followed by failed to obtain auth token.

PS C:\Users\dczysz\.config\authdbctl> C:\Users\dczysz\dev\test\go-authcrunch\cmd\authdbctl\authdbctl.exe -c config.yml --debug connect
{"level":"debug","time":"2022-04-11T10:55:31.434-0600","msg":"token file does not exist","path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt"}
{"level":"debug","time":"2022-04-11T10:55:31.435-0600","msg":"runtime configuration","config_path":"config.yml","base_url":"https://localhost","token_path":"C:\\Users\\dczysz\\.config\\authdbctl\\token.jwt","username":"webadmin","realm":"local"}
{"level":"debug","time":"2022-04-11T10:55:31.459-0600","msg":"logged in successfully"}
2022/04/11 10:55:31 failed to obtain auth token

Thank you for troubleshooting 👍

No problem! Glad to help with something that'll eventually make my life a bit easier 😄

[dczysz]

I just noticed the readme also mentions a config.json. Should I be using that instead of YAML?

[greenpau]

I just noticed the readme also mentions a config.json. Should I be using that instead of YAML?

It could be both. Just need to add the ability to load JSON.

[greenpau]

@dczysz , FYI, added user provisioning (plaintext or hashed) inside Caddyfile. https://github.com/authp/authp.github.io/issues/20#issue-1230086997

[dczysz]

Oh awesome. We just started using the new environment variable for the webadmin password but I think I like this more, using the hash instead seems better. Thanks for pointing this out!