basic auth not working as expected

[rvalle]

Additional information:

• OS: Linux
• IPFS Cluster version: 0.14.0+gitf7e6f4a26c01c4e06afade6007c08b50bf534661 (latest docker)
• Installation method: docker

Describe the bug:

basic authentication is not working as described in documentation or as discussed in other issues here:

adding to service.json

    "restapi": {
      "http_listen_multiaddress": "/ip4/0.0.0.0/tcp/9094",
      ...
      "basic_auth_credentials": {
        "theuser": "thepass"
       },
       ...

and also running:

/data/ipfs-cluster # ipfs-cluster-ctl --basic-auth "theuser:thepass" --force-http pin ls
An error occurred:
  Code: 401
  Message: Unauthorized

Is behaving as if the username password validation was implemented in a different way.

Any idea of what could be going on?

[welcome]

Thank you for submitting your first issue to this repository! A maintainer will be here shortly to triage and review.
In the meantime, please double-check that you have provided all the necessary information to make this process easy! Any information that can help save additional round trips is useful! We currently aim to give initial feedback within two business days. If this does not happen, feel free to leave a comment.
Please keep an eye on how this issue will be labeled, as labels give an overview of priorities, assignments and additional actions requested by the maintainers:

• "Priority" labels will show how urgent this is for the team.
• "Status" labels will show if this is ready to be worked on, blocked, or in progress.
• "Need" labels will indicate if additional input or analysis is required.

Finally, remember to use https://discuss.ipfs.io if you just need general support.

[rvalle]

I think the issue is related to CLUSTER_RESTAPI_BASICAUTHCREDENTIALS

I think the format of this variable is not clear, according to the documentation that would be a json object

CLUSTER_RESTAPI_BASICAUTHCREDENTIALS="{'user':'pass'}"

But I dont think this is working.

Also I misunderstood that environment functionality looks like it is used to generate the service.json file AND will also override the service.json, thus, all my testing modifying the service.json didn't work, I guess.

[rvalle]

just in case something falls into the same issue:

CLUSTER_RESTAPI_BASICAUTHCREDENTIALS="user:pass" 

does work.
the environment variable will be used to gernerate the service.json file, but while the environment variable is present it will take precedence, thus, editing the service.json will not make any difference.

[hsanjuan]

Yes, I was just writing that. Afaik, this is not documented. Did you find any place where this was written?

CLUSTER_RESTAPI_BASICAUTHCREDENTIALS="{'user':'pass'}"

[rvalle]

thanks @hsanjuan

No, I guessed it from the Documentation, it mentions that the content is a JSON object. In my case I did set it from ansible with {{credentials | to_json}}

Now I wonder if I can pass several username/passwords, as it seems to be allowed in the service.json file

[hsanjuan]

Yes, comma-separated as user1:pass1,user2:pass2.

[rvalle]

@hsanjuan thanks