Report a Dgraph Bug
When auth_token
is configured, the ACL feature for logins cannot be used. This works fine in v20.03.04
but fails in v20.07.0
.
What version of Dgraph are you using?
Have you tried reproducing the issue with the latest release?
yes
What is the hardware spec (RAM, OS)?
Ubuntu latest
(Focal Fossa
) docker containers fon Ubuntu Eoan Ermine
host.
Steps to reproduce the issue (command/config used to run Dgraph).
- Configure Server with ACL and auth_token enabled
- Attempt a login supplying the token
- Fails
docker-compose.yml
services:
backgcs-alpha1:
command: dgraph alpha --my=backgcs-alpha1:7080 --lru_mb=1024 --zero=backgcs-zero1:5080
--config /dgraph/config/acl-auth_config.hcl
container_name: backgcs-alpha1
image: dgraph/dgraph:v20.07.0
ports:
- published: 8080
target: 8080
- published: 9080
target: 9080
volumes:
- read_only: true
source: ./acl
target: /dgraph/acl/
type: bind
- read_only: true
source: ./config
target: /dgraph/config
type: bind
working_dir: /data/alpha1
backgcs-zero1:
command: dgraph zero --my=backgcs-zero1:5080 --replicas 1 --idx 1
container_name: backgcs-zero1
image: dgraph/dgraph:v20.07.0
ports:
- published: 5080
target: 5080
- published: 6080
target: 6080
working_dir: /data/zero1
version: '3.5'
acl-auth_config.hcl
whitelist = "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,172.20.0.0/12"
acl_secret_file = "/dgraph/acl/hmac_secret_file"
auth_token = "6jtXKSTL9vz5KPg"
login w/ auth token
/usr/bin/curl --silent \
--header 'X-Dgraph-AuthToken: 6jtXKSTL9vz5KPg' \
--header 'Content-Type: application/json' \
--request POST localhost:8080/admin \
--data '{"query": "mutation { login(userId: \"groot\" password: \"password\") { response { accessJWT } } }"}' | jq
Expected behavior and actual result.
I expected to be able to login.
When logging with the X-Dgraph-AuthT-ken
, get:
{
"errors": [
{
"message": "resolving login failed because No Auth Token found. Token needed for Alter operations.",
"locations": [
{
"line": 1,
"column": 12
}
]
}
],
"data": {
"login": null
},
"extensions": {
"tracing": {
"version": 1,
"startTime": "2020-09-06T10:47:02.261362444Z",
"endTime": "2020-09-06T10:47:02.261840568Z",
"duration": 478117
}
}
}
If I omit the token, I get:
{
"errors": [
{
"message": "Invalid X-Dgraph-AuthToken",
"extensions": {
"code": "ErrorUnauthorized"
}
}
]
}
The logs show that login request events:
I0906 10:45:59.747561 16 login.go:36] Got login request
I0906 10:45:59.747646 16 server.go:1269] Got Login request from: "172.26.0.1:42578"
I0906 10:46:24.692920 16 login.go:36] Got login request
I0906 10:46:24.692994 16 server.go:1269] Got Login request from: "172.26.0.1:42584"
I0906 10:46:59.465065 16 login.go:36] Got login request
I0906 10:46:59.465105 16 server.go:1269] Got Login request from: "172.26.0.1:42596"
I0906 10:47:02.261679 16 login.go:36] Got login request
I0906 10:47:02.261765 16 server.go:1269] Got Login request from: "172.26.0.1:42600"