login fails w/ no login error OR Invalid username or password

[tonydm]

Hello,

First, thank you for your work, development and sharing of NiPAP. I'm eager to try it comparing to GestioIP (which I've used for years), phpIPAM, and Netbox.

I've cloned this repo and built to two images according to the documented build instructions found in both the Dockerfile.nipapd and Dockerfile.www respectively. I've created a docker-compose.yml file and tweaked it a number of ways to find the issue and working combo. One tweak was to ensure the postgres db is healthy before the nipapd container service attempts to connect to the db (it seemed that the simple depends_on: was not enough). I set up a depends_on: -> condition: -> service-healthy introduced in v2.1. But with all my troubleshooting and attempts, It still fails to successfully login.

I don't believe it to be an issue with database connectivity as the database gets created. I do see the warning /usr/local/lib/python2.7/dist-packages/nipap/xmlrpc.py:16: ExtDeprecationWarning: Importing flask.ext.compress is deprecated, use flask_compress instead. from flask.ext.compress import Compress in the nipapd log. But appears to be a warning and not an error. I also added pgadmin to to the stack to help with troubleshooting.

The ninpap-www container log reports Added user www to database /etc/nipap/local_auth.db. Using the password associated with the following env variables fails login and nothing in the log to indicate why. I have verified that all username:passwords are correct.

WWW_USERNAME=<obfuscated>
WWW_PASSWORD=<obfuscated>

As a sanity check, I manually added a GUI user as follows with same result as using the www:password user.

root@2f408118bce2:/# nipap-passwd list
username             real name                 trusted read only
----------------------------------------------------------------
www                  NIPAP WWW user            1       0
root@2f408118bce2:/# /usr/sbin/nipap-passwd add -u testuser -p passwordx -n "NIPAP test user" -t
Added user testuser to database /etc/nipap/local_auth.db

root@2f408118bce2:/# nipap-passwd list
username             real name                 trusted read only
----------------------------------------------------------------
testuser             NIPAP test user           1       0
www                  NIPAP WWW user            1       0

root@2f408118bce2:/# /usr/sbin/nipap-passwd add -u testuser2 -p passwordxy -n "NIPAP untrusted user" -r
Added user testuser2 to database /etc/nipap/local_auth.db
root@2f408118bce2:/#
root@2f408118bce2:/#
root@2f408118bce2:/# nipap-passwd list
username             real name                 trusted read only
----------------------------------------------------------------
testuser             NIPAP test user           1       0
testuser2            NIPAP untrusted user      0       1
www                  NIPAP WWW user            1       0

The interesting thing is that in each case of the auto and manually added users, I get no error in the web browser. It just returns to the login screen. If, however, I use the NIPAP_USERNAME:NIPAP_PASSWORD (i.e. invalid GUI login credentials) I do see an Invalid username or password login error.

docker build -t local/nipapd -f Dockerfile.nipapd .
docker build -t local/nipap-www -f Dockerfile.www .

...
Successfully built d9e5e440a08f
Successfully tagged local/nipapd:latest
...
Successfully built d21bc60c541c
Successfully tagged local/nipap-www:latest

docker-compose.yml

version: "2.1"

services:
  nipap-db:
    image: nipap/postgres-ip4r
    volumes:
      - ${USERDIR}/NIPAP/db-data:/var/lib/postgresql/data
    env_file: postgres.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  nipapd:
    image: local/nipapd
    depends_on:
      nipap-db:
        condition: service_healthy
    env_file: nipapd.env

  nipap-www:
    image: local/nipap-www
    depends_on:
      - nipapd
    env_file: nipap-www.env
    ports:
      - 9999:80

  pgadmin:
    image: thajeztah/pgadmin4
    ports:
      - 5050:5050
    depends_on:
      - nipap-db
    restart: unless-stopped

environment files
postgres.env

PGDATA=/var/lib/postgres/data/pgdata
POSTGRES_DB=<OBFUSCATED>
POSTGRES_USER=<OBFUSCATED>
POSTGRES_PASSWORD=<OBFUSCATED>

nipapd.env

DB_USERNAME=<OBFUSCATED>
DB_PASSWORD=<OBFUSCATED>
DB_HOST=nipap-db
DB_NAME=<OBFUSCATED>
NIPAPD_USERNAME<OBFUSCATED>
NIPAPD_PASSWORD=<OBFUSCATED>

nipap-www.env

NIPAPD_USERNAME=<OBFUSCATED>
NIPAPD_PASSWORD=<OBFUSCATED>
WWW_USERNAME=<OBFUSCATED>
WWW_PASSWORD=<OBFUSCATED>

logs

services-admin@datastore:(172.20.0.9)~/DockerServices/NIPAP$ docker-compose up -d
Creating network "nipap_default" with the default driver
Creating nipap_nipap-db_1 ... done
Creating nipap_pgadmin_1  ... done
Creating nipap_nipapd_1   ... done
Creating nipap_nipap-www_1 ... done
Attaching to nipap_nipap-www_1, nipap_nipapd_1, nipap_pgadmin_1, nipap_nipap-db_1
nipap-www_1  | Added user www to database /etc/nipap/local_auth.db
nipap-www_1  | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.90.5. Set the 'ServerName' directive globally to suppress this message
nipapd_1     | /usr/local/lib/python2.7/dist-packages/nipap/xmlrpc.py:16: ExtDeprecationWarning: Importing flask.ext.compress is deprecated, use flask_compress instead.
nipapd_1     |   from flask.ext.compress import Compress
pgadmin_1    | NOTE: Configuring authentication for DESKTOP mode.
pgadmin_1    | pgAdmin 4 - Application Initialisation
pgadmin_1    | ======================================
pgadmin_1    | 
pgadmin_1    | Starting pgAdmin 4. Please navigate to http://0.0.0.0:5050 in your browser.
nipap-db_1   | The files belonging to this database system will be owned by user "postgres".
nipap-db_1   | This user must also own the server process.
nipap-db_1   | 
nipap-db_1   | The database cluster will be initialized with locale "en_US.utf8".
nipap-db_1   | The default database encoding has accordingly been set to "UTF8".
nipap-db_1   | The default text search configuration will be set to "english".
nipap-db_1   | 
nipap-db_1   | Data page checksums are disabled.
nipap-db_1   | 
nipap-db_1   | fixing permissions on existing directory /var/lib/postgres/data/pgdata ... ok
nipap-db_1   | creating subdirectories ... ok
nipap-db_1   | selecting default max_connections ... 100
nipap-db_1   | selecting default shared_buffers ... 128MB
nipap-db_1   | selecting dynamic shared memory implementation ... posix
nipap-db_1   | creating configuration files ... ok
nipap-db_1   | creating template1 database in /var/lib/postgres/data/pgdata/base/1 ... ok
nipap-db_1   | initializing pg_authid ... ok
nipap-db_1   | initializing dependencies ... ok
nipap-db_1   | creating system views ... ok
nipap-db_1   | loading system objects' descriptions ... ok
nipap-db_1   | creating collations ... ok
nipap-db_1   | creating conversions ... ok
nipap-db_1   | creating dictionaries ... ok
nipap-db_1   | setting privileges on built-in objects ... ok
nipap-db_1   | creating information schema ... ok
nipap-db_1   | loading PL/pgSQL server-side language ... ok
nipap-db_1   | vacuuming database template1 ... ok
nipap-db_1   | copying template1 to template0 ... ok
nipap-db_1   | copying template1 to postgres ... ok
nipap-db_1   | syncing data to disk ... ok
nipap-db_1   | 
nipap-db_1   | Success. You can now start the database server using:
nipap-db_1   | 
nipap-db_1   |     pg_ctl -D /var/lib/postgres/data/pgdata -l logfile start
nipap-db_1   | 
nipap-db_1   | 
nipap-db_1   | WARNING: enabling "trust" authentication for local connections
nipap-db_1   | You can change this by editing pg_hba.conf or using the option -A, or
nipap-db_1   | --auth-local and --auth-host, the next time you run initdb.
nipap-db_1   | waiting for server to start....LOG:  could not bind IPv6 socket: Cannot assign requested address
nipap-db_1   | HINT:  Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
nipap-db_1   | LOG:  database system was shut down at 2021-02-07 15:21:09 UTC
nipap-db_1   | LOG:  MultiXact member wraparound protections are now enabled
nipap-db_1   | LOG:  database system is ready to accept connections
nipap-db_1   | LOG:  autovacuum launcher started
nipap-db_1   |  done
nipap-db_1   | server started
nipap-db_1   | CREATE DATABASE
nipap-db_1   | 
nipap-db_1   | CREATE ROLE
nipap-db_1   | 
nipap-db_1   | 
nipap-db_1   | /docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
nipap-db_1   | 
nipap-db_1   | LOG:  received fast shutdown request
nipap-db_1   | LOG:  aborting any active transactions
nipap-db_1   | waiting for server to shut down....LOG:  autovacuum launcher shutting down
nipap-db_1   | LOG:  shutting down
nipap-db_1   | LOG:  database system is shut down
nipap-db_1   |  done
nipap-db_1   | server stopped
nipap-db_1   | 
nipap-db_1   | PostgreSQL init process complete; ready for start up.
nipap-db_1   | 
nipap-db_1   | LOG:  database system was shut down at 2021-02-07 15:21:12 UTC
nipap-db_1   | LOG:  MultiXact member wraparound protections are now enabled
nipap-db_1   | LOG:  database system is ready to accept connections
nipap-db_1   | LOG:  autovacuum launcher started

[el-es]

I have similar problem (only the web gui does flash me an 'internal server error' message) - it seems to go away and correctly work (list, add prefixes etc. via we)when I restart the nipapd from CLI/console ([sudo] service nipapd restart) - it happened at the install time, and seems to be happening after the host is rebooted.
(I have not reported this before, since I thought my install was unusual as in, i installed nipap packages on my 32 bit debian stretch install (from the stable path) - it was happening on version that was there before nipap 0.29.9, and I haven't tested the 0.29.9 yet in that sense)