MC admin password is blank on clean install
rcarmo opened this issue · 15 comments
The login page states that the default password is "admin", but the field is actually blank and there are no instructions as to how to insert a properly salted password:
piku@piku-paas-242952:~/.node-red$ sqlite3 mission-control.sqlite
SQLite version 3.31.1 2020-01-27 19:55:54
Enter ".help" for usage hints.
sqlite> select * from admins;
1|admin|||||||*|*|2022-08-07 12:37:18.707 +00:00|2022-08-07 12:37:18.707 +00:00
sqlite>
This is done on purpose to allow an easy discovery of the feature.
There's still no on-boarding flow, after the first login, to change the password, but it's easy: go to "admins" page, click "edit" button on the only admin and change the password.
It uses the same salt on Node-RED (settings.js -> credentialSecret
).
I'll write some instructions (about env variables and stuff like this)
You missed the point: there is no way to do a first login with the password like that. I only discovered the field was empty after trying to login with admin/admin
...
Yes admin/admin only works when the password is blank (and only if there's only one admin user with a blank password), were you able to log in with admin/admin?
Checking...
It's working to me, if you try to delete (or rename) the mission-control.sqlite file, are you able to login? it should create a blank one
Also, I've checked the HTTP requests and everything seems OK - I see a POST going to /mc/login
with username=admin&password=admin
, it is handled correctly and I get a 302 back into the login page (I have Node-RED behind nginx
, and can trace everything inside the box).
I'm sure it doesn't depend on the flow.json, perhaps it's a particular configuration of the settings.js, can you share it (removing all sensitive information) -> guido.bellomo@gmail.com
I have the dashboard on /
, otherwise no other configs - I use the same file everywhere, it is here:
https://github.com/piku/deploy-node-red/blob/main/settings.js
Ok, I was able to reproduce, on it
Ok for some strange reason is due to this in settings.js
httpAdminRoot: '/admin',
Comment it out and it works, latest version of node-red works on /admin by default, I'll work on a fix.
Thanks for the feedback and for reporting
I think I've a fix, need some time for proper testing, I'll merge later tomorrow.
Thanks for the feedback 🖖
This is fixed in 1.0.5
Will upgrade in the next couple of days, thanks