fly launched but cant change password
Closed this issue · 12 comments
Deploying as per https://oss.medama.io/deployment/fly
fly launch --from https://github.com/medama-io/example-fly-io
All deploys fine and quick but then I cant login as admin to create a new password...
flytest % fly launch --from https://github.com/medama-io/example-fly-io
Launching from git repo https://github.com/medama-io/example-fly-io
Cloning into '.'...
remote: Enumerating objects: 11, done.
remote: Counting objects: 100% (11/11), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 11 (delta 1), reused 7 (delta 1), pack-reused 0 (from 0)
Receiving objects: 100% (11/11), done.
Resolving deltas: 100% (1/1), done.
An existing fly.toml file was found
? Would you like to copy its configuration to the new app? Yes
Using build strategies '[the "ghcr.io/medama-io/medama:latest" docker image]'. Remove [build] from fly.toml to force a rescan
Creating app in /Users/apple/workspace/go/src/junk/flytest
We're about to launch your app on Fly.io. Here's what you're getting:
Organization: Gerard Webb (fly launch defaults to the personal org)
Name: flytest-red-flower-2241 (generated)
Region: Ashburn, Virginia (US) (from your fly.toml)
App Machines: shared-cpu-1x, 512MB RAM (from your fly.toml)
Postgres: <none> (not requested)
Redis: <none> (not requested)
Tigris: <none> (not requested)
? Do you want to tweak these settings before proceeding? No
Created app 'flytest-red-flower-2241' in organization 'personal'
Admin URL: https://fly.io/apps/flytest-red-flower-2241
Hostname: flytest-red-flower-2241.fly.dev
Wrote config file fly.toml
Validating /Users/apple/workspace/go/src/junk/flytest/fly.toml
✓ Configuration is valid
==> Building image
Searching for image 'ghcr.io/medama-io/medama:latest' remotely...
image found: img_g72wp096w00gpyxk
Watch your deployment at https://fly.io/apps/flytest-red-flower-2241/monitoring
Provisioning ips for flytest-red-flower-2241
Dedicated ipv6: 2a09:8280:1::41:3d17:0
Shared ipv4: 66.241.124.109
Add a dedicated ipv4 with: fly ips allocate-v4
Creating a 1 GB volume named 'medama_db' for process group 'app'. Use 'fly vol extend' to increase its size
This deployment will:
* create 1 "app" machine
No machines in group app, launching a new machine
WARNING The app is not listening on the expected address and will not be reachable by fly-proxy.
You can fix this by configuring your app to listen on the following addresses:
- 0.0.0.0:8080
Found these processes inside the machine with open listening sockets:
PROCESS | ADDRESSES
-----------------*---------------------------------------
/.fly/hallpass | [fdaa:0:34bc:a7b:306:66e1:2603:2]:22
Finished launching new machines
-------
✔ Machine d890d65f6324d8 [app] update finished: success
-------
Checking DNS configuration for flytest-red-flower-2241.fly.dev
Visit your newly deployed app at https://flytest-red-flower-2241.fly.dev/
I tried to wrk out how to pick a version to see if the older version did not have this bug.
Could not find any docs on that
fly launch --from https://github.com/medama-io/example-fly-io@v0.4.4
Launching from git repo https://github.com/medama-io/example-fly-io@v0.4.4
Cloning into '.'...
remote: Repository not found.
fatal: repository 'https://github.com/medama-io/example-fly-io@v0.4.4/' not found
Error: exit status 128
Were you able to login with CHANGE_ME_ON_FIRST_LOGIN
on first login? Was that successful?
Or is this after you changed the password on your analytics dashboard, and now it doesn't work anymore?
are you saying the “ CHANGE_ME_ON_FIRST_LOGIN “ is the default password ?
Yes. It is intentionally kept very annoying so there is a very low chance the user doesn't forget to update it.
OK works.
I copy passed it and left a " " ( space at the end, which also failed. Maybe think about stripping white spaces around the password passed in too. but not a biggy :)
will close this, as it was user training failure :)
One idea. After they login with that password, force a password change screen; MUCH more secure.
Otherwise, devs are going to be leaving servers with "CHANGE_ME_ON_FIRST_LOGIN" as the password.
Will close for now. Can make a new Issue if we think this is a good idea.
will close this, as it was user training failure :)
I'll add this to my personal backlog so there's no need to make a new issue for it, but some clear pictures which show the login page and password in the documentation to accompany the setup guide should help with this 👍
After they login with that password, force a password change screen; MUCH more secure.
When first designing this, that was what I thought. But I didn't like the idea of adding a new column just for this setting. However, after #113, it should be very very easy to add this as a login check since settings are stored in a JSON blob, so it's definitely a low priority QOL change that's worth adding to the backlog. Noted 👍
Nice one ☝️
I am doing all auth with passkeys btw with golang .
let me know if it’s usefull
it syncs between the users devices and is more secure because the server has nothing basically if hacked.
let me know if it’s usefull
I wouldn't be against a PR implementing this, but I don't think I'll ever personally implement this as I would be more focused on other features.
Nah I can’t afford the time .
here is the code though : https://github.com/egregors/passkey
It can work with a Proxy ( caddy, etc ) or built in to a goalng project.
Its still going to change though..