Non admin users cannot login

[britannic]

Describe the bug

Create a non admin user and then attempt to log in as that user. This is reproducible in v0.90.69 and v0.90.71.

To Reproduce

Steps to reproduce the behavior:

1. Go to https://demo.statping.com
2. Create a non admin user
3. Attempt to login
4. Log In button displays loading infinitely

Expected behavior

Successful log in with non admin access

Screenshots or Logs

Browser console:

Failed to load resource: the server responded with a status of 401 ()
vendor.chunk.js:38 Uncaught (in promise) Error: Request failed with status code 401
    at t.exports (vendor.chunk.js:38)
    at t.exports (vendor.chunk.js:63)
    at XMLHttpRequest.d.onreadystatechange (vendor.chunk.js:38)
    at XMLHttpRequest.i (vendor.chunk.js:86)
api/services/3/failure_data?start=1596956400&end=1604908799&group=24h&fill=true:1 Failed to load resource: the server responded with a status of 401 ()
vendor.chunk.js:38 Uncaught (in promise) Error: Request failed with status code 401
    at t.exports (vendor.chunk.js:38)
    at t.exports (vendor.chunk.js:63)
    at XMLHttpRequest.d.onreadystatechange (vendor.chunk.js:38)
    at XMLHttpRequest.i (vendor.chunk.js:86)
api/services/6/hits_data?start=1604502000&end=1604764799&group=60m&fill=false:1 Failed to load resource: the server responded with a status of 401 ()
vendor.chunk.js:38 Uncaught (in promise) Error: Request failed with status code 401
    at t.exports (vendor.chunk.js:38)
    at t.exports (vendor.chunk.js:63)
    at XMLHttpRequest.d.onreadystatechange (vendor.chunk.js:38)
    at XMLHttpRequest.i (vendor.chunk.js:86)
api/services/3/hits_data?start=1604502000&end=1604764799&group=60m&fill=false:1 Failed to load resource: the server responded with a status of 401 ()
vendor.chunk.js:38 Uncaught (in promise) Error: Request failed with status code 401
    at t.exports (vendor.chunk.js:38)
    at t.exports (vendor.chunk.js:63)
    at XMLHttpRequest.d.onreadystatechange (vendor.chunk.js:38)
    at XMLHttpRequest.i (vendor.chunk.js:86)
api/checkins:1 Failed to load resource: the server responded with a status of 401 ()
vendor.chunk.js:86 Error: Request failed with status code 401
    at t.exports (vendor.chunk.js:38)
    at t.exports (vendor.chunk.js:63)
    at XMLHttpRequest.d.onreadystatechange (vendor.chunk.js:38)
    at XMLHttpRequest.i (vendor.chunk.js:86)

Log shows a successful login:

2020-11-07 15:37:17 User nonadmin logged in from IP 176.215.65.89:55176

[progressify]

same here with v0.90.70

[github-actions]

This issue hasn't had any updates in a while. If this is still a problem, please create a new issue.

[britannic]

This is still a reproducible issue on https://demo.statping.com 0.90.74. Only admin users can successfully use statping after logging in.

[r-chris]

I am running on the same release (v0.90.74) and only admin accounts can login with the same errors as described above when trying to login with non-admin accounts.

[r-chris]

This is a duplicate for: #651

[joe-eklund]

This issue is still happening for me. v0.90.74

[aasimenator]

This issue is still happening for me as well on v0.90.74, is there going to be a resolution to this problem? it has been over 6 months now without a solution. your project is unusable without it. as we cannot have all users as admin. Hope this is not just another dead end release which is not being maintained.

[joe-eklund]

This issue is still happening for me as well on v0.90.74, is there going to be a resolution to this problem? it has been over 6 months now without a solution. your project is unusable without it. as we cannot have all users as admin. Hope this is not just another dead end release which is not being maintained.

You aren't alone. There is growing concern this project may be abandoned. For example, #980 (comment) and #950.

Though I do see the original author of the project, @hunterlong, merged a PR just a couple weeks ago so Idk. aa51554

[Kos-M]

i cant even login there , as admin : admin
And run in really slow performance.
i have it installed also in a vps , and i had no issue there.

[aasimenator]

I switched to free monitoring from UptimeRobot, StatPing is useless in its current release state and most probably a dead project since it has not been updated in a while (since November 2020 when the first issue was reported)

[Kos-M]

well uptimeRobot offers better UI but i like statping ( has better features ) , and was updated 15 days ago..
what the heck , if demo page not works perfectly why people trust it , to install it in their servers :)
I just mention the issue , because i think may discourage new comers like me to use it.

[aasimenator]

@Kos-M It's not just the demo page that is not working, even the deployed version is not... even if it has a better feature than UptimeRobot it is doesn't work, so it's useless. I would rather have limited functions that work 100% of the time rather than useless features that don't.

And it wasn't updated 15 days ago, that was just a PR #895 the actual release hasn't been updated since Dec 18, 2020

[Kos-M]

@aasimenator indeed its a long time..
Lets see how long will be this frozen..
Time will tell .. lol
😎

[daniel-jirca]

I also experience login issues after a fresh install with versions 0.90.74, 0.90.71, 0.90.70, 0.90.69.
Effectively cannot login with the user created during setup. Browser console shows 401 unauthorized.

Installation was done with docker via Unraid. Database postgres 11 and sqlite.

[attachmentgenie]

The problem is here

statping/handlers/routes.go

Line 170 in aa51554

api.Handle("/api/checkins", authenticated(apiAllCheckinsHandler, false)).Methods("GET")

when you lookup what that authenticated function does you see that this only ever will return true for admin users

statping/handlers/middleware.go

Lines 110 to 111 in aa51554

	// authenticated is a middleware function to check if user is an Admin before running original request
	func authenticated(handler func(w http.ResponseWriter, r *http.Request), redirect bool) http.Handler {

Not sure if the function in routes.go should be wrapped in the scoped function instead or if the authenticated function should be fixed or that the frontend should never have asked for the /api/checkins endpoint for users in the first place

[attachmentgenie]

if you comment out the following lines

statping/frontend/src/store.js

Lines 188 to 193 in aa51554

	const checkins = await Api.checkins()
	context.commit("setCheckins", checkins);
	const notifiers = await Api.notifiers()
	context.commit("setNotifiers", notifiers);
	const users = await Api.users()
	context.commit("setUsers", users);

the dashboard loads correctly, with what i believe might the full user experience still intact.

[attachmentgenie]

there seem to be some issues with private services when you do that though.

ERRO[1406] sending error response for /api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true: user not authenticated code=401 device="map[arch:amd64 num_cpu:4]" method=GET os="map[name:linux]" runtime="map[go_maxprocs:4 go_numcgocalls:51770 go_numroutines:16 name:go version:go1.16.3]" type=handlers url="/api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true" INFO[1406] /api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true (GET) | IP: localhost:8080 load_micro_seconds=4591 method=GET type=handlers url="/api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true" ERRO[1411] sending error response for /api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true: user not authenticated code=401 device="map[arch:amd64 num_cpu:4]" method=GET os="map[name:linux]" runtime="map[go_maxprocs:4 go_numcgocalls:51968 go_numroutines:16 name:go version:go1.16.3]" type=handlers url="/api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true" INFO[1411] /api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true (GET) | IP: localhost:8080 load_micro_seconds=1456 method=GET type=handlers url="/api/services/8/hits_data?start=1620122400&end=1620424799&group=60m&fill=true"

[bdissert]

I switched to free monitoring from UptimeRobot, StatPing is useless in its current release state and most probably a dead project since it has not been updated in a while (since November 2020 when the first issue was reported)

Hey ! It is an open source project with no income for the commiter from this project (I think). You can't tell the project is dead just because there is no reaction on a issue in five month. There is no RedHat or Oracle or IBM or Microsoft with big money behind the project.

It is not blocking since :

• you can get a previous version (before the bug append)
• given the features provided by the overal projet, non admin login seems to be a non critical feature.

Don't you think ?

Furthermore, since it is on Github you can fork the project and correct it as you need. And even make a merge request to be kind.

[github-actions]

This issue hasn't had any updates in a while. If this is still a problem, please create a new issue.

[progressify]

I don't think this issue is resolved :)
Please, reopen it