-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Credential Decryption fails on local Project open #2868
Comments
When I try to recreate this, whilst the Open Existing Project dialog could handle the scenario better, I am able to open up the project settings dialog and set the credentials key to get it working. Will experiment some more, but as is stands, I can't recreate everything you are reporting. I will also look at improving the workflow of opening a project that has been manually cloned, rather than cloned by Node-RED. |
Strange... did you try on a fresh NodeRed install ? Many Thanks for looking into it - much appreciated! |
The secret is generated and saved in the The issue can be solved by either:
|
@truongminh that is not the case for Projects. The credentialSecret used by projects is provided by the user - not generated - and is stored in @promd where you say:
I have pushed a fix for that part - 85e05b7 - so the Open Project dialog will close and you can click the 'Setup credentials' link in the notification. Where you say:
Which 'same screen' are you referring to? I still haven't been able to recreate this path - for me, setting the correct credential key works. |
I think I have some details about the OP's "same screen". I got a similar problem when I tried to edit the encryption key in the project settings. When I try to edit, by filling out the existing key (as typed, and as found in the
I looked with the Chrome debugger what was happening, and if a recent change in node-red/packages/node_modules/@node-red/editor-client/src/js/ui/projects/projectSettings.js Lines 1131 to 1136 in 74b547b
I'm not quite sure that I have the good elements selected, but I tried to go to the element when clicking the
Is checking for the visibility of an input the good way to go in order to know if a user wants to edit or reset the key? In the HTML sample down below, the inputs right after the "Current key" and "New key" are always hidden. Is it this property that the <label for="">Current key</label><input type="hidden" class="red-ui-typedInput" value="" /> <label for="">New key</label><input type="hidden" class="red-ui-typedInput" value="" /> <div class="red-ui-settings-row">
<label></label>
<span style="color: rgb(102, 102, 102); height: auto;" class="uneditable-input">
<i class="user-settings-credentials-state-icon fa fa-lock"></i> <span class="user-settings-credentials-state">Encryption enabled</span>
<div style="margin-top: 10px;">
<div style="margin: 20px 0px 10px 5px; display: none;">Set the encryption key</div>
<div style="margin: 20px 0px 10px 5px; display: none;">Change the encryption key</div>
<div style="margin: 20px 0px 10px 5px;">Reset the encryption key</div>
<div class="red-ui-settings-row red-ui-settings-row-credentials" style="display: none;">
<label for="">Current key</label><input type="hidden" class="red-ui-typedInput" value="" />
<div class="red-ui-typedInput-container">
<button class="red-ui-typedInput-type-select disabled" tabindex="0">
<i class="red-ui-typedInput-icon fa fa-caret-down" style="display: none;"></i>
<span class="red-ui-typedInput-type-label"><i class="red-ui-typedInput-icon fa fa-lock" style="min-width: 13px; margin-right: 4px;"></i></span>
</button>
<div class="red-ui-typedInput-input-wrap" style=""><input class="red-ui-typedInput-input" type="password" style="margin-right: 0px; margin-left: 0px;" /></div>
<div class="red-ui-typedInput-value-label" style="flex-grow: 0; pointer-events: none; background: none;">
<div style="position: absolute; right: 6px; top: 6px; pointer-events: all;">
<button type="button" class="red-ui-button red-ui-button-small" style="width: 20px;"><i class="fa fa-eye" style="margin-left: -2px;"></i></button>
</div>
</div>
<input type="hidden" value="cred" />
<button tabindex="0" class="red-ui-typedInput-option-trigger" style="display: none;">
<span class="red-ui-typedInput-option-label"></span><span class="red-ui-typedInput-option-caret"><i class="red-ui-typedInput-icon fa fa-caret-down"></i></span>
</button>
<button tabindex="0" class="red-ui-typedInput-option-expand" style="display: none;"><i class="red-ui-typedInput-icon fa fa-ellipsis-h"></i></button>
</div>
</div>
<div class="red-ui-settings-row red-ui-settings-row-credentials">
<label for="">New key</label><input type="hidden" class="red-ui-typedInput" value="" />
<div class="red-ui-typedInput-container">
<button class="red-ui-typedInput-type-select disabled" tabindex="0">
<i class="red-ui-typedInput-icon fa fa-caret-down" style="display: none;"></i>
<span class="red-ui-typedInput-type-label"><i class="red-ui-typedInput-icon fa fa-lock" style="min-width: 13px; margin-right: 4px;"></i></span>
</button>
<div class="red-ui-typedInput-input-wrap" style=""><input class="red-ui-typedInput-input" type="password" style="margin-right: 0px; margin-left: 0px;" /></div>
<div class="red-ui-typedInput-value-label" style="flex-grow: 0; pointer-events: none; background: none;">
<div style="position: absolute; right: 6px; top: 6px; pointer-events: all;">
<button type="button" class="red-ui-button red-ui-button-small" style="width: 20px;"><i class="fa fa-eye" style="margin-left: -2px;"></i></button>
</div>
</div>
<input type="hidden" value="cred" />
<button tabindex="0" class="red-ui-typedInput-option-trigger" style="display: none;">
<span class="red-ui-typedInput-option-label"></span><span class="red-ui-typedInput-option-caret"><i class="red-ui-typedInput-icon fa fa-caret-down"></i></span>
</button>
<button tabindex="0" class="red-ui-typedInput-option-expand" style="display: none;"><i class="red-ui-typedInput-icon fa fa-ellipsis-h"></i></button>
</div>
</div>
<div class="form-tips form-warning" style="margin: 10px;"><i class="fa fa-warning"></i>This will delete all existing credentials</div>
</div>
</span>
<span class="button-group" style="margin-left: -72px; vertical-align: top;">
<button type="button" class="red-ui-button selected" style="vertical-align: top; width: 36px; margin-bottom: 10px;"><i class="fa fa-trash-o"></i></button>
<button type="button" class="red-ui-button" style="border-top-right-radius: 4px; border-bottom-right-radius: 4px; vertical-align: top; width: 36px; margin-bottom: 10px;"><i class="fa fa-pencil"></i></button>
</span>
</div> I'm not familiar enough to know how to fix, but I tried my best to locate and understand the bug. |
I tried different releases and specific commits, and found that this is a regression introduced at commit 1cd10f0. Releases 1.2.1 to 1.2.3 and commit bed1d31 were ok, release 1.2.5 to 1.3.1 are broken, i.e. can't change the project credential key (release 1.2.4 didn't really exist). The commit that introduced the regression, 1cd10f0, enabled the TypedInput-cred input for the projectSettings.js, but the root cause should be in the TypedInput-cred implementation or style, not directly in the projectSettings.js. If I could get some help with the good way to go replace the following condition, I could create a PR for it. For now, I still didn't figure out what should be checked instead. node-red/packages/node_modules/@node-red/editor-client/src/js/ui/projects/projectSettings.js Lines 1131 to 1136 in 74b547b
|
@echoix I've pushed a fix for the regression you had identified. Rather than check the visibility of the input (which, in the case of a typedInput, is always hidden), we can check the visibility of the row it is in. |
In case it might be of use, this is my current solution:
{
"projects": {
"$PROJECTNAME": {
"credentialSecret": "$PROJECTSECRET"
}
},
"activeProject": "$PROJECTNAME"
}
#!/bin/bash
# cd into this sh file directory
cd "$(dirname "$0")"
CONTAINERID=$1
PROJECTNAME=$2
! test -z "$CONTAINERID"; TESTCONTAINERID=$?
! test -z "$PROJECTNAME"; TESTPROJECTNAME=$?
#if both are missing, then loop every node-red container
if (test -z "$CONTAINERID" ) && (test -z "$PROJECTNAME" )
then
for CONTAINERID in $(docker ps -q -f "label=com.docker.compose.project=node-red")
do
CONTAINERNAME=$(docker ps --filter Id=$CONTAINERID --format "{{.Names}}")
PROJECTNAME=$CONTAINERNAME
echo "Processing $PROJECTNAME secret..."
./add_secret.sh $CONTAINERID $PROJECTNAME
done
#if one of them are missing, then prompt help
elif [ $TESTCONTAINERID -ne $TESTPROJECTNAME ]
then
echo "Usage: $0 CONTAINERID PROJECTNAME"
echo " CONTAINERID should be the ID of the docker container"
echo " running the nodered application"
echo " PROJECTNAME should be the exact name of the project"
echo "If both parameters are missing, it will run it for"
echo "each container within the docker compose 'node-red' project."
#if both parameters are present, check the project secret is correctly copied.
else
PROJECTSECRET=$(docker exec -it $CONTAINERID cat /data/.config.projects.json | jsonpointer /projects/$PROJECTNAME/credentialSecret /dev/stdin)
if [ -z "$PROJECTSECRET" ]
then
echo " Credential secret for project $PROJECTNAME is missing."
echo " Secret for project $PROJECTNAME (no prompt): "
read -s PROJECTSECRET
export PROJECTSECRET PROJECTNAME
tmpfile=$(mktemp)
cat ./data/.config.projects.template.json | envsubst > $tmpfile
docker cp $tmpfile $CONTAINERID:/data/.config.projects.json
docker restart $CONTAINERID
else
echo " Secret already present"
fi
fi I would still prefer that upon starting the container for the first time, it detects the active project, or at least writing the secret upon clicking "open an existing project" over the dashboard as mentioned in my previous post. edit: |
copying "flows.json", ".config.projects.json" and "flows_cred.json" works for me. |
Scenario: Trying to prepare a deployable image using NodeRed Projects. Not all consumers of the image have access to the Project repositories.
What are the steps to reproduce?
What happens?
What do you expect to happen?
Please tell us about your environment:
The text was updated successfully, but these errors were encountered: