Tomáš Kačur
10/03/2022, 10:00 AM<http://GoodData.CN|GoodData.CN> CE 2.1
with changed token secret via GDCN_TOKEN_SECRET but it doesn’t work. The deployed instance then completely breaks and stop working (details in 🧵). I suspect the problem is in using custom GDCN_PUBLIC_URL but not sure why this shouldn’t work.
Can you please advise how can I make it work in this setup?Tomáš Kačur
10/03/2022, 10:01 AMTomáš Kačur
10/03/2022, 10:02 AMNo Organization found for hostname '<http://telemetry.east-us-2.azure.keboola-testing.com|telemetry.east-us-2.azure.keboola-testing.com>'
Tomáš Kačur
10/03/2022, 10:08 AMYWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZzCg==
decodes to admin:bootstrap:ROLvTRvsu0q03zVtK3x6aUEwahfoVmvs
Tomáš Kačur
10/03/2022, 10:08 AMGDCN_TOKEN_SECRET
envJan Soubusta
10/03/2022, 10:10 AMTomáš Kačur
10/03/2022, 10:22 AMYWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz
to change the password for demo@example.com and if I use the token via GDCN_TOKEN_SECRET to change the password I get 401 error saying Unable to lookup user details for provided Bearer token
.Robert Moucha
10/03/2022, 1:16 PMRobert Moucha
10/03/2022, 1:25 PMTomáš Kačur
10/03/2022, 1:25 PMNo Organization found for hostname
2. again delete all and I do:
◦ first deploy only with GDCN_PUBLIC_URL
◦ share the same docker volume with first deploy and do a second deploy with GDCN_PUBLIC_URL (same value as in first deploy) and GDCN_TOKEN_SECRET set -> then updating user default password fails on Unable to lookup user details for provided Bearer token
What I try to achieve is to have custom token secret (GDCN_TOKEN_SECRET set), but noticed it probably not work with custom url (GDCN_PUBLIC_URL set).
Is it more clear now?Tomáš Kačur
10/03/2022, 1:27 PMRobert Moucha
10/03/2022, 1:27 PMRobert Moucha
10/03/2022, 1:27 PMRobert Moucha
10/03/2022, 1:35 PMYWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZzCg==
) is generated from string with trailing newline:
base64 -d <<< YWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZzCg== | xxd
00000000: 6164 6d69 6e3a 626f 6f74 7374 7261 703a adminbootstrap
00000010: 524f 4c76 5452 7673 7530 7130 337a 5674 ROLvTRvsu0q03zVt
00000020: 4b33 7836 6155 4577 6168 666f 566d 7673 K3x6aUEwahfoVmvs
00000030: 0a .Robert Moucha
10/03/2022, 1:37 PM-e GDCN_TOKEN_SECRET=ROLvTRvsu0q03zVtK3x6aUEwahfoVmvs
on command line, I get correct value when container starts:
| To access API, use Bearer token YWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZz
Tomáš Kačur
10/03/2022, 1:40 PMecho admin:bootstrap:$GOODDATACN_TOKEN_SECRET | base64 --wrap=0
the GOODDATACN_TOKEN_SECRET is generated as openssl rand -base64 40 | tr -d "=+/" | cut -c1-32
I guess I should use printf instead of echoRobert Moucha
10/03/2022, 1:40 PMecho -n
!Robert Moucha
10/03/2022, 1:41 PMTomáš Kačur
10/03/2022, 1:41 PMRobert Moucha
10/03/2022, 1:42 PMTomáš Kačur
10/03/2022, 1:42 PMTomáš Kačur
10/03/2022, 1:42 PManyway, this doesn’t explain why the old (default) token is still validcan you reproduce it?
Robert Moucha
10/03/2022, 1:42 PMRobert Moucha
10/03/2022, 1:54 PMTo access API, use Bearer token YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz
curl -sH 'Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz' <http://tiger.example.com:3000/api/v1/profile> | jq .links.user
"<http://tiger.example.com:3000/api/v1/entities/users/admin>"
token works
• 2nd run with the same GDCN_PUBLIC_URL and with GDCN_TOKEN_SECRET=ROLvTRvsu0q03zVtK3x6aUEwahfoVmvs:
To access API, use Bearer token YWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZz
# new token works
curl -sH 'Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOlJPTHZUUnZzdTBxMDN6VnRLM3g2YVVFd2FoZm9WbXZz' <http://tiger.example.com:3000/api/v1/profile> | jq .links.user
"<http://tiger.example.com:3000/api/v1/entities/users/admin>"
# old token doesn't work
curl -iH 'Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz' <http://tiger.example.com:3000/api/v1/profile>
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 03 Oct 2022 13:51:15 GMT
Content-Length: 0
...
Tomáš Kačur
10/03/2022, 2:04 PMTomáš Kačur
10/03/2022, 4:15 PMRobert Moucha
10/04/2022, 11:40 AM