Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

breakfix: password_recovery_enabled #299

Closed
slowkow opened this issue Nov 14, 2023 · 5 comments
Closed

breakfix: password_recovery_enabled #299

slowkow opened this issue Nov 14, 2023 · 5 comments

Comments

@slowkow
Copy link

slowkow commented Nov 14, 2023

Describe the issue

I'm trying the example Caddyfile for user registration, and it does not work. I get the error below when I do caddy run:

caddy run --config Caddyfile-registration
2023/11/14 21:09:31.010 INFO    using provided configuration    {"config_file": "Caddyfile-registration", "config_adapter": ""}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'security': unsupported subdirective for security.authentication.portal.ui: password_recovery_enabled, at Caddyfile-registration:56

Configuration

It is the same config as this one:

https://github.com/authp/authp.github.io/blob/main/assets/conf/local/registration/Caddyfile

Paste full Caddyfile below:

{
	http_port 8080
	https_port 8443
	# debug

	order authenticate before respond
	order authorize before basicauth

	security {
		credentials root@localhost {
			username root
			password foobar
		}

		messaging email provider localhost-smtp-server {
			address 127.0.0.1:1025
			protocol smtp
			passwordless
			sender root@localhost "My Auth Portal"
			# credentials root@localhost
			bcc greenpau@localhost
		}

		local identity store localdb {
			realm local
			path {$HOME}/.local/caddy/users.json
		}

		oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET}

		user registration localdbRegistry {
			dropbox {$HOME}/.local/caddy/registrations.json
			title "User Registration"
			code "NY2020"
			require accept terms
			require domain mx
			admin email admin@localhost
			email provider localhost-smtp-server
			identity store localdb
		}

		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify {env.JWT_SHARED_KEY}
			cookie domain myfiosgateway.com
			enable identity store localdb
			enable identity provider github
			ui {
				links {
					"My Website" https://assetq.myfiosgateway.com:8443/ icon "las la-star"
					"Guests" https://assetq.myfiosgateway.com:8443/guests icon "las la-star"
					"Users" https://assetq.myfiosgateway.com:8443/users icon "las la-star"
					"Admins" https://assetq.myfiosgateway.com:8443/admins icon "las la-star"
					"My Identity" "/whoami" icon "las la-user"
				}
				password_recovery_enabled yes
			}
			transform user {
				match origin local
				action add role authp/user
				ui link "Portal Settings" /settings icon "las la-cog"
			}
			transform user {
				match realm github
				match sub github.com/greenpau
				action add role authp/user
			}
		}

		authorization policy guests_policy {
			# disable auth redirect
			set auth url https://auth.myfiosgateway.com:8443/
			allow roles authp/admin authp/user
			crypto key verify {env.JWT_SHARED_KEY}
			acl rule {
				comment allow guests only
				match role guest authp/guest
				allow stop log info
			}
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}

		authorization policy users_policy {
			set auth url https://auth.myfiosgateway.com:8443/
			allow roles authp/admin authp/user
			crypto key verify {env.JWT_SHARED_KEY}
			acl rule {
				comment allow users
				match role authp/user
				allow stop log info
			}
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}

		authorization policy admins_policy {
			set auth url https://auth.myfiosgateway.com:8443/
			allow roles authp/admin authp/user
			crypto key verify {env.JWT_SHARED_KEY}
			acl rule {
				comment allow users
				match role authp/user
				allow stop log info
			}
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}
	}
}

(tls_config) {
	tls {$HOME}/.local/caddy/server.crt {$HOME}/.local/caddy/server.key
}

auth.myfiosgateway.com {
	import tls_config
	route {
		authenticate with myportal
	}
}

assetq.myfiosgateway.com {
	import tls_config
	route /guests* {
		authorize with guests_policy
		respond * "assetq - guests only" 200
	}

	route /users* {
		authorize with users_policy
		respond * "assetq - users" 200
	}

	route /admins* {
		authorize with admins_policy
		respond * "assetq - admins" 200
	}

	route {
		respond "assetq is running"
	}
}

Version Information

Provide output of caddy list-modules -versions | grep git below:

caddy list-modules -versions | grep git
Error: unknown shorthand flag: 'v' in -versions
caddy build-info | grep security
dep     github.com/greenpau/caddy-security      v1.1.20 h1:rjdLd1QdCNdywcCwr48ghyL2eb5Cn6/fNTudisxt0Tw=

Expected behavior

Did I get the wrong caddy version? Why isn't the config working?

@slowkow
Copy link
Author

slowkow commented Nov 14, 2023

I confirmed that I get the same error for both versions of caddy:

  • downloaded build from the website (including caddy-security)
  • local build with xcaddy build --with github.com/greenpau/caddy-security

I feel like I must be missing something ... but I don't know what. I'm just trying to get started with your documentation examples.

@greenpau
Copy link
Owner

greenpau commented Dec 2, 2023

@slowkow , the password recovery is not implemented.

@slowkow
Copy link
Author

slowkow commented Dec 2, 2023

@greenpau What would you recommend for a newcomer who wants to get started quickly with a simple config?

I don't particularly care about password recovery (or any other feature). I just want to follow a simple tutorial that actually works. So far, no luck. Like I said, I'm just trying to get started...

@greenpau
Copy link
Owner

greenpau commented Dec 2, 2023

@slowkow , I would start with this Caddyfile: https://github.com/authp/authp.github.io/blob/main/assets/conf/local/Caddyfile

I would change the following with:

		local identity store localdb {
			realm local
			path {$HOME}/.local/caddy/users.json
		}

with

		local identity store localdb {
			realm local
			path {$HOME}/.local/caddy/users.json
                        user webadmin {
                                name John Smith
                                email [email protected]
                                password "My@Password123" overwrite
                                roles authp/user authp/admin
                        }
		}

This way you will have your webadmin user ready.

@greenpau greenpau closed this as completed Dec 2, 2023
@slowkow
Copy link
Author

slowkow commented Dec 2, 2023

Thanks. The other config you linked looks like it might work after many additional changes.

Could I please ask why the config contains https://auth.myfiosgateway.com:8443?

Why isn't this http://127.0.0.1:8443/auth or something else that newcomers could use?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants