Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

breakfix: Cannot reach /settings endpoint even with authp/user role #358

Closed
mjwhite opened this issue Aug 27, 2024 · 2 comments
Closed

breakfix: Cannot reach /settings endpoint even with authp/user role #358

mjwhite opened this issue Aug 27, 2024 · 2 comments
Assignees
@greenpau
Labels
breakfix need triage

Comments

@mjwhite
Copy link

mjwhite commented Aug 27, 2024

Describe the issue

I have caddy-security configured to authenticate a reverse proxy.

Password authentication works fine, but the /settings endpoint produces a page-not-found error even for authenticated users - I can't find any way to reach it.

Configuration

Caddyfile (hostnames etc modified):

{
        email name@example.com
        order authenticate before respond
        order authorize before reverse_proxy
        debug

        security {
                local identity store localdb {
                        realm local
                        path /var/lib/caddy/auth/users.json
                }

                authentication portal myportal {
                        enable identity store localdb
                        cookie domain example.com
                        cookie lifetime 86400

                        transform user {
                                match origin local
                                action add role authp/user
                                ui link "Portal Settings" /settings icon "las la-cog"
                        }
                }

                authorization policy user_policy {
                        set auth url https://auth.example.com/
                        allow roles authp/user
                }
        }
}

auth.example.com {
        authenticate with myportal
}

app.example.com {
        authorize with user_policy
        reverse_proxy https://127.0.0.1:1234 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

Version Information

http.authentication.hashes.bcrypt v2.8.4
http.authentication.providers.http_basic v2.8.4
http.handlers.authentication v2.8.4
tls.client_auth.verifier.leaf v2.8.4
http.authentication.providers.authorizer v1.1.29
http.handlers.authenticator v1.1.29
security v1.1.29

Expected behavior

When logged in, the /whois endpoint works and shows the user has both the authp/user and authp/guest roles. My understanding from the docs is this should allow access to the /settings endpoint, for password change, MFA setup etc.

The result is a "Page Not Found" error, same as shown for any non-existent authentication portal path.
@greenpau
Copy link
Owner

@mjwhite , the settings page is now relocated to “/auth/profile/“. Please see reference config here: #353

@retrodaredevil
Copy link

The documentation needs to be updated with this information, as the only way to find out about this is to look at this issue or the one linked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
breakfix need triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mjwhite @greenpau @retrodaredevil