New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Double login prompt - first in browser, second in popup. #3435
Comments
Can you include your |
edit, sorry, here's the uncommented portion of my
Running Caddy server V2 with this in my config:
I'm pretty sure this has been working fine until recently, but I haven't been paying attention. I did just update a few things and added Thanks. |
Node-RED in it's self should not be triggering any http basic Auth for anything in the editor. You should be able to use the browser console (press f11) network tab to see which http request is replying with a 401 http status code at the point the pop-up that asks for the password shows up. This will tell us what is triggering this |
Not sure what I should be looking for but network tab shows it is
There might be a setting i'm missing in my caddy config, but I haven't really changed anything since it was working. |
That will be the first 401 error and is expected, it's what triggers the editor to show the login form (not the popup) but it shouldn't have a Can you check for any other 401 errors in the network tab |
Looking closer, that isn't the expected request if it's for |
doh, good point |
question 1: does audit trace affect this? |
new data point: I still get this using the local ip |
@y8s it doesn't matter what IP you use - something is requesting You mentioned you had recently added In the Network tab, where you see the entry for |
I've managed to reproduce this with stock v1.3.5 and no extra nodes. I'm having a bit of a poke round |
OK, this might be a different problem I've reproduced
Using Wireshark it appears that the I'm also seeing this just by reloading the page, I don't even have to log using the form to see the Basic Auth popup |
my initiator chain looks like:
I see references to |
Can you take a screenshot? We aren't looking for anything mentioning Auth. We are looking for who is trying to load /settings.js |
Is this what you are looking for? |
@knolleary Do you still need anything from me to help diagnose? |
There isn't much I can do here. There is something outside of the core making a request to load |
What ether extra nodes do you have installed ? |
Here's everything and versions below.
I'm also running caddy reverse proxy https. |
Hey guys, Will try to give some extra information, which perhaps rings a bell to someone. But perhaps not because it is all blurry info...
If there is anything I can test, don't hesitate to let me know! |
@bartbutenaers if you read back on the questions we asked to debug this, it would be helpful to check the network tab to see if there are any other routes hitting a 401. The log message for There was a suggestion of another request for |
In the following screenshot you see the Network tabsheet, at the moment when the Node-RED dialog is still open but I have already filled in the credentials in the native browser popup at this point: All statusses are 200 except that one 401... When I get the native popup and I clear the network tabsheet (before I enter the credentials in it), then I would have expected to see requests appearing in the network tabsheet. But even if I enter multiple times wrong credentials in my native popup, nothing shows up in my cleared network tabsheet: Very weird... |
@knolleary It is the dashboard. The popup is the same as the auth for the dashboard/ui. If I go to the dashboard (www.example.com/ui) and log in, when I return to just nodered.example.com, the prompt does not appear. Unfortunately removing all dashboard / ui elements from my palette does NOT fix the issue. I can still go to /ui and log in and then no matter how many times I reload the flows it doesn't prompt me. To reproduce: |
I'm not 100% sure that's the evidence you believe it to be. Yes the Internally, there are two sections to the http route handling:
To trigger the basic Auth dialog, something is making a request to a route hosted by If you open the dashboard, it triggers the prompt because it is a This is why we need to identify what request is triggering the prompt. Because that means something is making a request to an |
ok. I tried to look at the trace log and see what I could but it doesn't show that much detail. Are there any other ways to step through the loading of each node? |
@bartbutenaers if you close the developer console while the browser credentials pop up is visible does it disappear? If so this is the thing I mentioned earlier (#3435 (comment)) about the dev tools trying to load a This is really not helpful as it means that chrome behaves differently if you try to debug it (and it hides that request from it's own debug logs). If I use Firefox's debug tools I do not get this extra request. (it appears you can turn off source map loading in the devTools settings) Actually that might be something for @y8s to try. Can you use a different browser e.g. FireFox and see if it can provide a better stack trace for the 401 request for |
vendor.js line 42 has something about basic auth. |
@hardillb: interesting theory! I can confirm that the popup appears in Chrome every time I open the Developer Tools, and the popup disappears again when I close the Developer Tools. I can repeat this as often as I want. And the same effect in Edge Chromium. In Firefox I got no popup at all like you say. Did another experiment, but not sure if the result is of any use:
So I did another experiment:
Not sure at this moment where I should look at ... |
So I copied my it's node-red-contrib-zigbee2mqtt that's causing the login popup. I haven't dug into it more yet. |
@knolleary Is this HTML file to blame?: node-red-contrib-zigbee2mqtt/nodes/bridge.html the first line is And if so, what should it be? |
Yes that line is to blame.
You would have to ask the maintainer of the node what they are trying to do with that line. They have clearly added it for a reason - but it would never have worked. |
I started an issue there so hopefully they can figure it out. |
node-red-contrib-zigbee2mqtt@2.2.5 |
Current Behavior
When first logging in (or using incognito), I am presented with the standard Node-RED log Username: Password: and login button page
After logging in, I get the progress bar and "loading nodes" message and a second modal popup login box appears:
Audit logs don't show any obvious difference whether I log into the second dialog or not.
So what is it?
Expected Behavior
Normal, single, nodered welcome page login. Just one time, without the need to deal with a second popup.
Steps To Reproduce
Load nodered web interface, log in as usual.
Example flow
Environment
8.0.4758.82
sample log where I cancel the second popup
first load page and log in with credentials:
hit cancel:
Here's the version where I enter the credentials in the popup
first load page and log in with credentials:
enter same credentials:
The text was updated successfully, but these errors were encountered: