MC admin password is blank on clean install

Question

MC admin password is blank on clean install

rcarmo opened this issue 2 years ago · 15 comments

The login page states that the default password is "admin", but the field is actually blank and there are no instructions as to how to insert a properly salted password:

piku@piku-paas-242952:~/.node-red$ sqlite3 mission-control.sqlite 
SQLite version 3.31.1 2020-01-27 19:55:54
Enter ".help" for usage hints.
sqlite> select * from admins;
1|admin|||||||*|*|2022-08-07 12:37:18.707 +00:00|2022-08-07 12:37:18.707 +00:00
sqlite>

Answer 1 · 2022-08-07T19:28:35.000Z

This is done on purpose to allow an easy discovery of the feature.

There's still no on-boarding flow, after the first login, to change the password, but it's easy: go to "admins" page, click "edit" button on the only admin and change the password.

It uses the same salt on Node-RED (settings.js -> credentialSecret).

I'll write some instructions (about env variables and stuff like this)

Answer 2 · 2022-08-07T19:30:01.000Z

You missed the point: there is no way to do a first login with the password like that. I only discovered the field was empty after trying to login with admin/admin...

Answer 3 · 2022-08-07T19:33:06.000Z

Yes admin/admin only works when the password is blank (and only if there's only one admin user with a blank password), were you able to log in with admin/admin?

Answer 4 · 2022-08-07T19:34:58.000Z

No, I wasn’t. I have not been able to login a single time onto a new install of 1.0.4, either with Safari or Edge.

…

On 7 Aug 2022, at 20:33, Guidone ***@***.***> wrote: Yes admin/admin only works when the password is blank (and only if there's only one admin user with a blank password), were you able to log in with admin/admin? — Reply to this email directly, view it on GitHub <#558 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAC7322IDDKKSFSTQGWEBDTVYAFP3ANCNFSM552NMFHA>. You are receiving this because you authored the thread.

Answer 5 · 2022-08-07T19:35:53.000Z

Checking...

Answer 6 · 2022-08-07T19:42:39.000Z

It's working to me, if you try to delete (or rename) the mission-control.sqlite file, are you able to login? it should create a blank one

Answer 7 · 2022-08-07T19:47:09.000Z

I tried that before diving into the sqlite file and filing the issue, with and without restarting Node-RED.

Everything seems to be installed correctly, and the version numbers pan out:

Answer 8 · 2022-08-07T19:50:31.000Z

Also, I've checked the HTTP requests and everything seems OK - I see a POST going to /mc/login with username=admin&password=admin, it is handled correctly and I get a 302 back into the login page (I have Node-RED behind nginx, and can trace everything inside the box).

Answer 9 · 2022-08-07T19:51:08.000Z

I'm sure it doesn't depend on the flow.json, perhaps it's a particular configuration of the settings.js, can you share it (removing all sensitive information) -> guido.bellomo@gmail.com

Answer 10 · 2022-08-07T19:52:38.000Z

I have the dashboard on /, otherwise no other configs - I use the same file everywhere, it is here:

https://github.com/piku/deploy-node-red/blob/main/settings.js

Answer 11 · 2022-08-07T19:58:08.000Z

Ok, I was able to reproduce, on it

Answer 12 · 2022-08-07T20:25:49.000Z

Ok for some strange reason is due to this in settings.js

httpAdminRoot: '/admin',

Comment it out and it works, latest version of node-red works on /admin by default, I'll work on a fix.

Thanks for the feedback and for reporting

Answer 13 · 2022-08-07T21:21:22.000Z

I think I've a fix, need some time for proper testing, I'll merge later tomorrow.

Thanks for the feedback 🖖

Answer 14 · 2022-08-09T06:05:29.000Z

This is fixed in 1.0.5

Answer 15 · 2022-08-09T22:37:56.000Z

Will upgrade in the next couple of days, thanks