Authentication on private instance

[ghost]

I have noticed that support for authentication has been added as part of #97 but it appears this is not supported for private instances yet? I tried to make it work but getting errors when trying to create an account. The account gets created but the notifications are not working.

  TRANSACTION (27.8ms)  commit transaction
  Rendering devise/mailer/confirmation_instructions.html.erb
  Rendered devise/mailer/confirmation_instructions.html.erb (Duration: 1.5ms | Allocations: 1121)
Devise::Mailer#confirmation_instructions: processed outbound mail in 5.0ms
Completed 500 Internal Server Error in 347ms (ActiveRecord: 28.5ms | Allocations: 13832)

ActionView::Template::Error (Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true):
     7:
     8: <p><%= _('You can confirm your account email through the link below') %>:</p>
     9:
    10: <p><%= link_to _('Confirm my account'), confirmation_url(@resource, confirmation_token: @token) %></p>
    11:
    12: <p>&nbsp;</p>
    13: <p><%= _('Thanks for signing up!') %></p>

app/views/devise/mailer/confirmation_instructions.html.erb:10

[pglombardo]

Hi @dbodencnve - Enabling authentication is possible by setting a list of environment variables or modifying a config file and mounting it into your application container (depending on how you are hosting the application).

I have plans to document this once I smooth the process over.

One complication is that the login system requires an SMTP server to send emails through.

If you want to configure via environment variables, here is the list:

export PWP__ENABLE_LOGINS=true
export PWP__MAIL__RAISE_DELIVERY_ERRORS=true
export PWP__MAIL__SMTP_ADDRESS=<smtp address - e.g. smtp.domain.com>
export PWP__MAIL__SMTP_PORT=587
export PWP__MAIL__SMTP_USER_NAME=<smtp_username>
export PWP__MAIL__SMTP_PASSWORD=<smtp_password>
export PWP__MAIL__SMTP_AUTHENTICATION=plain
export PWP__MAIL__SMTP_STARTTLS=true
export PWP__MAIL__OPEN_TIMEOUT=10
export PWP__MAIL__READ_TIMEOUT=10
export PWP__HOST_DOMAIN=<host domain - e.g. pwpush.com>
export PWP__HOST_PROTOCOL=https
# This is the from address (example)
export PWP__MAIL__MAILER_SENDER='"Company Name" <user@example.com>'

Alternatively, you can copy and modify this file for the application.

If you are running the docker containers, you can then mount this file into the container at the same location.

Environment variables always override this file.

Without the above config, the login buttons are just hidden - not disabled in any way. This is because errors would occur in any case without the SMTP server configured (as you found out). Then there is also the ephemeral version where logins wouldn't be retained across application restarts. All things to figure out and smooth over for users.

You are welcome to give this a try. I'll work on refining this process eventually. Any feedback, please let me know.

Note January 2022: The rest of the discussion below was due to a bug in an earlier docker container version. That has been fixed since then. The summary above are the proper instructions.

[ghost]

I actually did make the changes to the settings file earlier with my previous tests which at least shows that I was looking at the right location.

I just tested again by updating the kubernetes deployment with the environment variables but the error remains.
It seems to be missing something but I cannot figure out what.

[pglombardo]

ActionView::Template::Error (Missing host to link to!

This means that there is a likely problem with these two variables:

export PWP__HOST_DOMAIN=<host domain - e.g. pwpush.com>
export PWP__HOST_PROTOCOL=https

These env vars help build fully qualified links in emails such as https://pwpush.com/pages/about

Or SMTP related. If you wanted, you could set PWP__MAIL__RAISE_DELIVERY_ERRORS=false to just ignore email send errors but you won't get confirmation emails, unlock emails, forgot password emails etc..

I should add that unconfirmed accounts automatically lock after 2 weeks I believe.

[pglombardo]

Did you have any luck with this?

[ghost]

I did configure the PWP__HOST_DOMAIN and PWP__HOST_PROTOCOL variables but no luck unfortunately.
The host domain variable should be FQDN for the application, right?

Do you have any hints on how to debug the application in e.g. Visual Studio Code? I am not that familiar with Ruby on Rails.

[pglombardo]

The host domain variable should be FQDN for the application, right?

Yes - including protocol such as https://

I was wrong re:protocol. Here is what I set for development environment:

export PWP__HOST_DOMAIN=the-road-to-authenticat-2foyk4.herokuapp.com
export PWP__HOST_PROTOCOL=https

10:<p><%= link_to _('Confirm my account'), confirmation_url(@resource, confirmation_token: @token) %></p>
app/views/devise/mailer/confirmation_instructions.html.erb:10

Line 10 is trying to build a fully qualified link for the email message (the confirm account link).

Missing host to link to! Please provide the :host parameter

This makes me think that the setting you applied didn't take. As if the value isn't set at all. Could there be some discrepancy? Could the env var not be set correctly?

[ghost]

I confirm that the variables are properly set. This is what I see from within the Kubernetes container:

root@pwpush-76b5c59bd7-x7gjl:~# env | grep PWP | sort
PWPUSH_HTTP_PORT=tcp://10.0.118.8:5100
PWPUSH_HTTP_PORT_5100_TCP=tcp://10.0.118.8:5100
PWPUSH_HTTP_PORT_5100_TCP_ADDR=10.0.118.8
PWPUSH_HTTP_PORT_5100_TCP_PORT=5100
PWPUSH_HTTP_PORT_5100_TCP_PROTO=tcp
PWPUSH_HTTP_SERVICE_HOST=10.0.118.8
PWPUSH_HTTP_SERVICE_PORT=5100
PWPUSH_HTTP_SERVICE_PORT_PWPUSH_HTTP=5100
PWP__ENABLE_LOGINS=true
PWP__HOST_DOMAIN=pwpush.example.org
PWP__HOST_PROTOCOL=https
PWP__MAIL__MAILER_SENDER=mysender@example.org
PWP__MAIL__OPEN_TIMEOUT=10
PWP__MAIL__RAISE_DELIVERY_ERRORS=true
PWP__MAIL__READ_TIMEOUT=10
PWP__MAIL__SMTP_ADDRESS=smtp.office365.com
PWP__MAIL__SMTP_AUTHENTICATION=plain
PWP__MAIL__SMTP_PASSWORD=mypassword
PWP__MAIL__SMTP_PORT=587
PWP__MAIL__SMTP_STARTTLS=true
PWP__MAIL__SMTP_USER_NAME=mysender@example.org

I obviously replaced confidential information with dummy values.

[pglombardo]

Hrm ok - still a mystery then. Could you get the pid of the puma cluster worker process and check the procfs environ if those values are in there?

The last possibility I can think of is the process isn't inheriting the env vars because of the boot process? Let's see.

ps -ef | grep puma
cat /proc/<pumapid>/environ

[ghost]

Environment variables are there:

root@pwpush-76b5c59bd7-x7gjl:~# ps -ef | grep puma
root         1     0  0 Nov13 ?        00:00:07 puma 5.5.2 (tcp://0.0.0.0:5100) [PasswordPusher]
root         7     1  0 Nov13 ?        00:00:08 puma: cluster worker 0: 1 [PasswordPusher]
root         8     1  0 Nov13 ?        00:00:08 puma: cluster worker 1: 1 [PasswordPusher]
root        54    43  0 17:49 pts/0    00:00:00 grep puma

root@pwpush-76b5c59bd7-x7gjl:~# cat /proc/1/environ 
PATH=/opt/PasswordPusher:/usr/local/bundle/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=pwpush-76b5c59bd7-x7gjlLANG=C.UTF-8RUBY_MAJOR=3.0RUBY_VERSION=3.0.2RUBY_DOWNLOAD_SHA256=570e7773100f625599575f363831166d91d49a1ab97d3ab6495af44774155c40GEM_HOME=/usr/local/bundleBUNDLE_SILENCE_ROOT_WARNING=1BUNDLE_APP_CONFIG=/usr/local/bundleAPP_ROOT=/opt/PasswordPusherHOME=/opt/PasswordPusherRACK_ENV=privateRAILS_ENV=privatePWP__MAIL__OPEN_TIMEOUT=10PWP__HOST_DOMAIN=pwpush.example.orgPWP__ENABLE_LOGINS=truePWP__MAIL__RAISE_DELIVERY_ERRORS=truePWP__MAIL__SMTP_ADDRESS=smtp.office365.comPWP__MAIL__SMTP_PORT=587PWP__MAIL__SMTP_AUTHENTICATION=plainPWP__MAIL__SMTP_STARTTLS=truePWP__MAIL__SMTP_USER_NAME=mysender@example.orgPWP__MAIL__SMTP_PASSWORD=mypasswordPWP__MAIL__READ_TIMEOUT=10PWP__HOST_PROTOCOL=httpsPWP__MAIL__MAILER_SENDER=mysender@example.orgPWPUSH_HTTP_SERVICE_PORT_PWPUSH_HTTP=5100KUBERNETES_SERVICE_HOST=10.0.0.1PWPUSH_HTTP_SERVICE_HOST=10.0.118.8PWPUSH_HTTP_SERVICE_PORT=5100KUBERNETES_PORT=tcp://10.0.0.1:443KUBERNETES_PORT_443_TCP_PROTO=tcpPWPUSH_HTTP_PORT=tcp://10.0.118.8:5100KUBERNETES_SERVICE_PORT=443PWPUSH_HTTP_PORT_5100_TCP_ADDR=10.0.118.8KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443KUBERNETES_PORT_443_TCP_PORT=443KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1PWPUSH_HTTP_PORT_5100_TCP_PROTO=tcpPWPUSH_HTTP_PORT_5100_TCP_PORT=5100PWPUSH_HTTP_PORT_5100_TCP=tcp://10.0.118.8:5100KUBERNETES_SERVICE_PORT_HTTPS=443

[pglombardo]

Which container tag are you using?

[ghost]

I don't specify one so will be latest?

[pglombardo]

I assume so. If I run a docker container with a single env var, the login links show up:

Do the login links show up for you?

[ghost]

Yes I can see those. It is only when I try to register, I am receiving the error message.

…

________________________________ Van: Peter Giacomo Lombardo ***@***.***> Verzonden: Thursday, November 18, 2021 2:16:57 PM Aan: pglombardo/PasswordPusher ***@***.***> CC: Dieter Boden ***@***.***>; Mention ***@***.***> Onderwerp: Re: [pglombardo/PasswordPusher] Authentication on private instance (Issue #265) I assume so. If I run a docker container with a single env var, the login links show up: [Screen Shot 2021-11-18 at 14 13 15]<https://user-images.githubusercontent.com/395132/142422026-c62d0840-3909-4725-917d-df0b3531ed4f.png> [Screen Shot 2021-11-18 at 14 13 34]<https://user-images.githubusercontent.com/395132/142422212-6559cb82-2111-480b-a819-6a9a66c6d64a.png> Do the login links show up for you? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#265 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APXU4E5CYF5PDAU5ABI43QDUMT4ETANCNFSM5HU5MOAQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[pglombardo]

Yes I can see those. It is only when I try to register, I am receiving the error message.

Well that's something at least. Are you using ephemeral or a database backed container?

[ghost]

Ephemeral at the moment.

…

________________________________ Van: Peter Giacomo Lombardo ***@***.***> Verzonden: donderdag, november 18, 2021 2:32 PM Aan: pglombardo/PasswordPusher CC: Dieter Boden; Mention Onderwerp: Re: [pglombardo/PasswordPusher] Authentication on private instance (Issue #265) Yes I can see those. It is only when I try to register, I am receiving the error message. Well that's something at least. Are you using ephemeral or a database backed container? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#265 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APXU4EYXOW5KEMFGNXU6BFTUMT55XANCNFSM5HU5MOAQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[pglombardo]

We don't have support for logins on the ephemeral version because it didn't make sense. The environment variables you set are ignored in the ephemeral version.

Next time, I'll ask up front which container and version is running. Sorry for the longer than needed resolution.

Even though logins don't make sense for the ephemeral version - it does make it easy to test things out.

Let me add the config to ephemeral and I'll post back here with a tag you can try.

[ghost]

Much appreciated

…

________________________________ Van: Peter Giacomo Lombardo ***@***.***> Verzonden: Thursday, November 18, 2021 2:44:05 PM Aan: pglombardo/PasswordPusher ***@***.***> CC: Dieter Boden ***@***.***>; Mention ***@***.***> Onderwerp: Re: [pglombardo/PasswordPusher] Authentication on private instance (Issue #265) We don't have support for logins on the ephemeral version because it didn't make sense. The environment variables you set are ignored in the ephemeral version. Next time, I'll ask up front which container and version is running. Sorry for the longer than needed resolution. Even though logins don't make sense for the ephemeral version - it does make it easy to test things out. Let me add the config to ephemeral and I'll post back here with a tag you can try. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#265 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APXU4E2L4SKUI3X537PIDPLUMT7KLANCNFSM5HU5MOAQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[pglombardo]

Could you try this docker tag? pglombardo/pwpush-ephemeral:1.11.2

That has the login/email support added.

[ghost]

That seems to be much better. I am now having SMTP authentication issues which I need to solve, but that is another story. I guess this issue can be closed.

[pglombardo]

Ok that is mostly good news. If I can help with anything else, let me know. Eventually we'll get logins improved, documented and smoothed over.

[RafVandelaer]

I want to reopen this issue. In my docker container everything works fine. However when I want to use Office 365 as mail service, the docker gives the error

pwpush-docker-pwpush-1 | F, [2023-10-27T11:05:02.712418 #228] FATAL -- : [5437df51-ec08-4cad-98f6-ce1193b143ae]
pwpush-docker-pwpush-1 | [5437df51-ec08-4cad-98f6-ce1193b143ae] SocketError (getaddrinfo: Name does not resolve):
[5437df51-ec08-4cad-98f6-ce1193b143ae] app/controllers/application_controller.rb:14:in `custom_set_locale_from_url'

I've debugged the actionmailer (screenshot below). The settings seem to be OK. Sending with gmail works perfectly.

[pglombardo]

Hi @RafVandelaer - I was writing some ideas and tips and then I saw this. 😄

[RafVandelaer]

Hey @pglombardo, I feel stupid now. First I thought I made a typo, but now I don't get it. Should be working, right?
https://kinsta.com/knowledgebase/office-365-smtp/

[RafVandelaer]

Hi @pglombardo, I've been testing some more. To be sure I'm not a complete idiot :D
In Powershell the SMTP server seems to be working with the same settings:

[pglombardo]

Hi @RafVandelaer - have you made any progress on this? If not, could you post the full stack trace of the error?

[RafVandelaer]

Hi @pglombardo
No not yet. My workaround at the moment is to use mt personal gmail address... It's not the best solution however.
I'm using an app password within O365 and the SMTP settings are checked. Should be working.
If you need more info, please let me know!
The error the docker container gives me is: