Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth system seems broken? #1491

Open
1 of 2 tasks
arladmin opened this issue Mar 2, 2025 · 1 comment
Open
1 of 2 tasks

Auth system seems broken? #1491

arladmin opened this issue Mar 2, 2025 · 1 comment

Comments

@arladmin
Copy link

arladmin commented Mar 2, 2025
edited
Loading

Describe the current behavior

In my newly set up instance, i'm seeing that the instance is actually open to public access, via 2 methods, both undesirable.

  1. Anyone can visit the instance URL and start creating Documents
  2. As soon as one tries the Sign-In option, the 'Default User', set via the env variables, gets signed in. Even without asking for any password authentication!
  3. Even the admin panel is publicly accessible!

Surely, i'm missing some major knowledge here, as to how to properly deploy Grist?

Steps to reproduce

^

Describe the expected behavior

  1. The instance home page should only show the Login/Signup section. Nothing else should be accessible.
  2. The default (admin) user should never get automatically signed in.
  3. The admin panel should never be accessible without an admin's authentication.

Where have you encountered this bug?

Instance information (when self-hosting only)

docker-compose.yml 

services:
  grist:
    image: gristlabs/grist
    container_name: grist
    environment:
      - PORT
      - DEBUG
      - APP_HOME_URL
#      - APP_HOME_INTERNAL_URL
      - ALLOWED_WEBHOOK_DOMAINS
      - GRIST_DOMAIN
      - GRIST_EXTERNAL_ATTACHMENTS_MODE
      - GRIST_LIST_PUBLIC_SITES
      - GRIST_SINGLE_ORG
      - GRIST_DEFAULT_EMAIL
      - GRIST_MAX_UPLOAD_ATTACHMENT_MB
      - GRIST_MAX_UPLOAD_IMPORT_MB
      - GRIST_ORG_IN_PATH
      - GRIST_PAGE_TITLE_SUFFIX
      - GRIST_ANON_PLAYGROUND
      - GRIST_FORCE_LOGIN
      - GRIST_THROTTLE_CPU
      - GRIST_TELEMETRY_LEVEL
      - PYTHON_VERSION
      - PYTHON_VERSION_ON_CREATION
      - REDIS_URL
      - TYPEORM_DATABASE
      - TYPEORM_HOST
      - TYPEORM_LOGGING
      - TYPEORM_PASSWORD
      - TYPEORM_PORT
      - TYPEORM_TYPE
      - TYPEORM_USERNAME
      - GRIST_BOOT_KEY
      - GRIST_SESSION_SECRET
      - GRIST_OFFER_ALL_LANGUAGES
    volumes:
      - ../files/grist-data:/persist
    ports:
      - 3388:8080

  • Grist instance:

    • Version: 1.4.2
    • URL (if it's OK for you to share it): -/-
    • Installation mode: docker compose
    • Architecture: default

  • Browser name, version and platforms on which you could reproduce the bug: Chrome, v133.0.6943.142

  • Link to browser console log if relevant:

  • Link to server log if relevant:
@fflorent
Copy link
Collaborator

fflorent commented Mar 2, 2025
edited
Loading

Hello @arladmin,

You seem to have no authentication method configured. You should choose between OIDC, SAML, or authentication through a header (you need to be careful on this one). You may take a look at https://support.getgrist.com for more information to configure that.

If you look for a version that works with an authentication using Dex out of the box, you may take a look at grist-omnibus.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fflorent @arladmin