Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access denied on API due to hardcoded authorization URL #77

Closed
cpbinovo opened this issue Aug 28, 2023 · 6 comments · Fixed by #79
Closed

Access denied on API due to hardcoded authorization URL #77

cpbinovo opened this issue Aug 28, 2023 · 6 comments · Fixed by #79

Comments

@cpbinovo
Copy link
Contributor

I can't submit jobs to the API via the frontend (version 1.6.3) when I run this locally.

It appears the openapi/specification.yml file currently has a hardcoded authorization URL and it seems deleting the entire authentication block from the file fixes that problem.

I believe the solution to this should be to make values configurable via environment variables.
I'm currently trying to figure out how to make this a configurable setting in order to run this internally, by utilizing jinja2 templating.

@langdal
Copy link
Member

langdal commented Aug 28, 2023

The auth server can be disabled by specifying AUTH_API_KEY=none instead of using an auth server.

Example of running a non-authenticating server using docker:

docker run --rm -it -p 9090:9090 --env AUTH_API_KEY=none --env CORS_ORIGIN=".*" process-optimizer-api

@cpbinovo
Copy link
Contributor Author

Thanks for the fast reply!

The frontend still says that it's unauthorized when setting that env var. So It appears that's not the case anymore?

image

@langdal
Copy link
Member

langdal commented Aug 28, 2023

It should still work - I have done a test today using the master branch of api and frontend

API:

docker build -t process-optimizer-api --build-arg GITHUB_REF_NAME=$(git describe --always) .
docker run --rm -it -p 9090:9090 --env AUTH_API_KEY=none --env CORS_ORIGIN=".*" process-optimizer-api

Frontend:

npm ci
npm run bootstrap
npm run dev:app

How are you starting the frontend in your example?

@cpbinovo
Copy link
Contributor Author

cpbinovo commented Aug 28, 2023

ah okay I see where I'm going wrong, I am using version 1.6.3 of the frontend and that one does not send "apikey=none" in the url parameters, but main does!

I made the assumption that frontend version 1.6.3 was the "correct" version as its the last version with a version number tagged and also tagged latest but that is incompatible with the latest version of the API.
Changing the tag on the frontend to main works, but I then assume I have to consider that version unstable or is it okay to use in production?

also thanks for looking into it, much appreciated!

@cpbinovo
Copy link
Contributor Author

cpbinovo commented Aug 28, 2023

I've added a pull request to fix up the docker compose file #79

@langdal
Copy link
Member

langdal commented Aug 28, 2023

Great!

Regarding the versioning of the frontend, there currently is no tagged version of the frontend. This is a regression introduced when we refactored the repository and split up the frontend into library components and a sample app using those libraries. See BoostV/process-optimizer-frontend#323

For now you can track the tag @boostv/process-optimizer-frontend-ui and pull the frontend image based on the commit sha of that tag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants