Docker -e ADMIN_PASSWORD hash is not generated (and queried) correctly

[AlexanderSch90]

Hello, I would like to use ihatemoney in docker. I have problems with the env: -e ADMIN_PASSWORD = ''

To populate the env I use the command: docker run -it --rm --entrypoint ihatemoney ihatemoney/ihatemoney generate_password_hash

When I enter the password there I get the following response:
pbkdf2:sha256:260000$eFjE0tmA4gKXcwRV$706e1989ac893f4fd1da58931718dc8ce0665a77e686f0a4d12475d72a... (last characters deleted).

I then enter this into the env : -e ADMIN_PASSWORD = '260000$eFjE0tmA4gKXcwRV$706e1989ac893f4fd1da58931718dc8ce0665a77e686f0a4d12475d72a... (last characters deleted)'

Now when I try to log in to the admin panel, it says: "CSRF Token: The CSRF tokens do not match."

If I generate the hash of my password again (same password as above): docker run -it --rm --entrypoint ihatemoney ihatemoney/ihatemoney generate_password_hash.

Do I get a different hash:
pbkdf2:sha256:260000$sEXJG3hVN2ihSBnA$d7577aca4eb63da90ae01a6bfa89fa7bcd0309ee79e67e9967cee20.... (last characters deleted).

This means to me that the hash is not generated (and queried) correctly.

What am I doing wrong, or is the Docker image currently unusable?

Thanks

Translated with www.DeepL.com/Translator (free version)

[almet]

Let's ping @youegraillot, our docker specialist ;-)

[youegraillot]

Hey !
Not docker related.
First you should include the entire key, with "pbkdf2:sha256:"
Then for the CSRF, I don't know what causes this, but from my usage I noticed that it only happens in a local environment and is not an issue when online
Still it's a an issue we should try to solve

** Accessing from localhost seems to not throw that CSRF error, whereas accessing from local IP 192.168.X.X throws

[AlexanderSch90]

@youegraillot:
You are absolutely right.

Insert the whole key, with "pbkdf2:sha256:" was part 1 of 2.

And you are also right about the CSRF error. There is no problem behind a reverse proxy. When calling the IP, on the other hand, there is.
Thanks for your help!

Point 1 could be more clearly included in the instructions. Point two should be fixed.

[AlexanderSch90]

@youegraillot:
Two more questions: in your environment, can you delete a project from the admin dashboard? I also get an error...

Method Not Allowed
The method is not allowed for the requested URL.

Second: Can you tell me how to import a CSV file from Cospend? I only see a json import?!

Edit: I guess I'll have to use Docker Tag Master instead of latest. I find confusing, since latest should be latest ;-)

Anyway... Now it says that the import should be cospend compatible. If I select the CSV export from Cospent, the error is: Unsupported file type

What am I doing wrong?

[almet]

1. If you get an error when deleting a project it might be a bug (please, open an issue if so);
2. It's only JSON import ATM in the latest release, support for cospend has been merged in master recently (CSV bills import (cospend compatible) #951) but is not released yet. I personally haven't tried it, so it might be broken? If you're using master and have an error, please open an issue :-) ;
3. Currently, it seems that « latest » is the latest release, and « master » is… master. What would you recommend for it to be easier to grasp?

[AlexanderSch90]

@almet I took your advice and created new issues. Point 3.: I think it's a matter of definition. I think the tag "stable" is more appropriate for what is marked as "latest" here. By latest I mean the latest possible "(beta) version" = master from this image

[youegraillot]

From what I've seen in other projects, "latest" mostly refers to the latest stable release, I think we should stick to that

"latest" is the default tag used to pull image when not specified, using the master branch build should be intentional on this repo as it does not follow gitflow release management style

Also if you try out the cospend import feature, don't hesitate to tell us your experience :)

[Glandos]

I'm closing this since the original issue has been solved. Others should have their own issue number.