V8-archive: Can't login - 401 (Unauthorized)

Created on 12 Aug 2019  Â·  8Comments  Â·  Source: directus/v8-archive

Bug Report

I'm not sure if it is a bug - I guess it is a configuration issue but I'm not sure. After creating a fresh directus setup, installing the database and creating an admin user using the cli I tried to login and get permission denied / unauthenticated errors on different directus versions.

Steps to Reproduce

  1. Setup a new standalone directus api and app using docker-compose:
directus-api:
  image: "development/directus-api:2.4.0-development" 
  build:
    context: ./directus-api/
    args:
      DIRECTUS_API_VERSION: 2.4.0
  environment:
    APP_ENV: development
    DATABASE_HOST: mysql
    DATABASE_NAME: $MYSQL__DATABASE
    DATABASE_USERNAME: $MYSQL__DATABASE_USERNAME
    DATABASE_PASSWORD: $MYSQL__DATABASE_PASSWORD
    APP_TIMEZONE: UTC

directus-app:
  image: "development/directus-app:7.9.0-development"
  build:
    context: ./directus-app/
    args:
      DIRECTUS_APP_VERSION: 7.9.0
  environment:
    API_ENDPOINT_TEST: "Test; http://api.localhost/_/"

mysql:
  image: mysql:5.7
  environment:
    MYSQL_DATABASE: $MYSQL__DATABASE
    MYSQL_ROOT_PASSWORD: $MYSQL__DATABASE_ROOT_PASSWORD
    MYSQL_USER: $MYSQL__DATABASE_USERNAME
    MYSQL_PASSWORD: $MYSQL__DATABASE_PASSWORD
  volumes:
    - mysql-data:/var/lib/mysql
  1. Install database and create user using the cli:
$ docker-compose exec directus-api ./bin/directus install:database
$ docker-compose exec directus-api ./bin/directus install:install -e [email protected] -p admin -t "Test"
  1. Login with the newly created admin user, which works, but ...
  2. See error in browser console – no server logs are written:
Failed to load resource: the server responded with a status of 404 (Not Found)
api.localhost/_/users/me?fields=last_page:1 Failed to load resource: the server responded with a status of 404 (Not Found)
error.js:9 Objectclass: "Directus\Database\Exception\ItemNotFoundException"code: 203file: "/var/www/html/src/core/Directus/Services/ItemsService.php"line: 139message: "Item not found"__proto__: Object
Bu @ error.js:9
api.localhost/layouts:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
hydrate.js:52 Object
(anonymous) @ hydrate.js:52
api.localhost/_/users/me?fields%5B0%5D=id&fields%5B1%5D=avatar.%2A&fields%5B2%5D=email&fields%5B3%5D=first_name&fields%5B4%5D=last_name&fields%5B5%5D=locale&fields%5B6%5D=roles.%2A.%2A:1 Failed to load resource: the server responded with a status of 404 (Not Found)
api.localhost/_/settings:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
api.localhost/interfaces:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
api.localhost/_/collections:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
api.localhost/_/users?fields%5B0%5D=id&fields%5B1%5D=first_name&fields%5B2%5D=last_name&fields%5B3%5D=title&fields%5B4%5D=status&fields%5B5%5D=timezone&fields%5B6%5D=roles.%2A&fields%5B7%5D=avatar.%2A&fields%5B8%5D=company:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
api.localhost/pages:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
api.localhost/:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
/#/collections:1 Uncaught (in promise) Object
api.localhost/_/relations?limit=-1:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
api.localhost/_/collection_presets?filter%5Btitle%5D%5Bnnull%5D=1&filter%5Buser%5D%5Bnull%5D=1:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
api.localhost/_/collection_presets?filter%5Btitle%5D%5Bnnull%5D=1&filter%5Buser%5D%5Beq%5D=1:1 Failed to load resource: the server responded with a status of 403 (Forbidden)

Expected Behavior

As the authentication seems to work – authentication header is set with Barer Token – I expect the site to run. But I don't get why there are authentication issues. I checked if the admin users exists in the database: YES. I checked if the database user have proper permissions on the database: YES. I checked the file permissions: YES.

But I don't get why it does not start. It is not an issue with ap 2.4.0, I had it on 2.3.0 too. So maybe I did something wrong but I don't have a clue what is missing?

Actual Behavior

Get a lot of authentication errors.

Other Context & Screenshots

See video:
https://www.loom.com/share/4adb69ed2f6e417fa27d1a01649a17b1

Technical Details

  • Web Server: Apache
  • PHP Version: 7.3.6
  • Database: MySQL 5.7
  • Install Method: cloned master branch
bug
Source
picture mimamuh

All 8 comments

@mimamuh

May I know your OS?

bjgajjar picture bjgajjar on 13 Aug 2019

@bjgajjar Yes, I guess you ask for the OS the api is running on? It is based on the docker php image php:7.3.6-apache-stretch, so it runs on Ubuntu Debian.

If you need more infos let me know. Also if you have a hint what I could check because I doubt it is a bug to be honest – not sure. I just don't get the issue.

mimamuh picture mimamuh on 13 Aug 2019

So did you use Docker?

bjgajjar picture bjgajjar on 13 Aug 2019

Since this seems to involve Docker, I'll include @WoLfulus here to see if this is a Docker-specific issue. Also, we have the newest version of Directus available in Docker now... so we'll want to make sure you're using the latest.

benhaynes picture benhaynes on 13 Aug 2019

Yes, I'm sure now it is a docker-related issue as I tested it with the old docker images still available and it works. But I tested it with different directus versions with my own custom images and it doesn't. I investigate it right now more.

Is the latest already on docker hub? I checked it and it doesn't seem so. I'm eager to try it out. Thx for all your help guys!

mimamuh picture mimamuh on 13 Aug 2019
👍1

I believe the new build process is working, but I don't know if everything has been pushed to DockerHub already.

benhaynes picture benhaynes on 13 Aug 2019

Yay, sounds great! :D Would love to test it out as soon as it is published.

mimamuh picture mimamuh on 13 Aug 2019

Okay, finally I found the issue and it was a configuration issue of mine. Tricky, because the AUTH_SECRET_KEY and AUTH_PUBLIC_KEY has been set to empty strings. These envs are used in the api.php to set the secrets:

'auth' => [
    'secret_key' => getenvs('AUTH_SECRET_KEY', '<type-a-secret-authentication-key-string>'),
    'public_key' => getenvs('AUTH_PUBLIC_KEY', '<type-a-public-authentication-key-string>'),
],

But when the env-vars are defined but empty, they return an empty string and to create JWT with empty strings as secrets may not be the best idea. ;) At least it was good that directus hasn't authenticated it. ;)

mimamuh picture mimamuh on 13 Aug 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wellingguzman picture wellingguzman  Â·  25Comments
pikzelz picture pikzelz  Â·  32Comments
cristianopolicarpo picture cristianopolicarpo  Â·  27Comments
benhaynes picture benhaynes  Â·  31Comments
carolin-skiply picture carolin-skiply  Â·  51Comments