REVERSE_PROXY_AUTH logs user in but does not allow creation of new babies #568
Replies: 13 comments 3 replies
-
Hm -- are you able to access the "Database Admin" area ( |
Beta Was this translation helpful? Give feedback.
-
I'm able to access the admin page but it wants me to log in as admin, not my user. I'm looking at the slqite db now. It has my user but I don't think it's flagged as admin (not sure what the table columns are tied to).
|
Beta Was this translation helpful? Give feedback.
-
Yeah it looks like that is missing one of the two flags... I'm not entirely sure how that works for a reverse proxy auth so will need to get something setup to test this out. |
Beta Was this translation helpful? Give feedback.
-
oh, the sqlite-manager addon for firefox helps a bit, my user is not flagged as a superuser or as staff. I'm guessing that the logic behind the Remote-User stuff in the app does not flag the user as anything but read-only. |
Beta Was this translation helpful? Give feedback.
-
so, here's the workaround for now...
|
Beta Was this translation helpful? Give feedback.
-
If you're not a super user or staff, you'll need to select the actions authorized for this account in order to be able to access datas and functions (such as add an extra baby). |
Beta Was this translation helpful? Give feedback.
-
There was no user set up to be able to grant other users admin/staff. Since all users were through the reverse proxy auth Remote-User header and the header does not grant the admin or staff tag to those reverse proxy auth'd users, no user had the tag. That said, looking at the DB I did see an admin user but that was not managed by anything I set up. |
Beta Was this translation helpful? Give feedback.
-
Baby Buddy provides a default user with username and password |
Beta Was this translation helpful? Give feedback.
-
I can't get access to that user when using the reverse auth. If I try to sign out and back in with the admin user it will sign me in as the user sent by the Remote-User header. |
Beta Was this translation helpful? Give feedback.
-
Did you try to connect through the admin portal (the base url/admin eg:https://www.my_url.com/admin) with the admin credential (login admin password admin)? |
Beta Was this translation helpful? Give feedback.
-
@prometheanfire is saying that's not possible with the reverse proxy, which makes sense. I'm not quite sure how Django's base handling of reverse proxy users works here. It seems we would want to follow the same pattern as a regular user (with both |
Beta Was this translation helpful? Give feedback.
-
@prometheanfire looking at this a bit closer, you should still be able to log in with the admin account by not setting the If you're not able to do that for some reason, the other option would be to create a user from the command line with the |
Beta Was this translation helpful? Give feedback.
-
Ya, I'd need to bypass the proxy somehow, would have to disable as for creating users via the command line, that's what I tried at first but it didn't work (createuser not working)
the place I'm running it from is a container maintained by https://hub.docker.com/r/linuxserver/babybuddy and seems to run it via gunicorn. https://github.com/linuxserver/docker-babybuddy |
Beta Was this translation helpful? Give feedback.
-
I'm using authelia and traefik on kubernetes at the moment. Running 1.13.2.
I'm seeing no errors in the nginx logs (all 200s).
The children dropdown is blank, the dashboard/welcome page states there should be a button below to add a child also shows nothing. I'm not sure why this is happening, is do I need to do anything extra to tag the users managed by the Remote-User header for actual use?
Also, the correct username is populated in the to right corner and I can set first/last name, etc.
Beta Was this translation helpful? Give feedback.
All reactions