Auth-portal user registration management

dczysz · March 5, 2021, 6:06pm

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

$ cat /etc/os-release 
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

b. Command:

systemctl start caddy

c. Service/unit/compose file:

# caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

$ caddy fmt /etc/caddy/Caddyfile

{
	storage file_system {
		root /opt/caddy/storage
	}
	local_certs
	http_port 80
	https_port 443
}
https://10.0.0.114 {
	log {
		level INFO
		format console
		output file /var/log/caddy/caddy.log
	}
	# caddy auth portal login
	route /auth* {
		auth_portal {
			path /auth
			backends {
				local_backend {
					method local
					path /opt/caddy/auth/user_db.json
					realm local
				}
			}
			jwt {
				token_name access_token
				token_secret AnExampleSecretString123
				token_lifetime 43200
			}
			ui {
				theme basic
				generic_template "/opt/caddy/templates/em20-tmpl/generic.template"
				login_template "/opt/caddy/templates/em20-tmpl/login.template"
				portal_template "/opt/caddy/templates/em20-tmpl/portal.template"
				register_template "/opt/caddy/templates/em20-tmpl/register.template"
				whoami_template "/opt/caddy/templates/em20-tmpl/whoami.template"
				settings_template "/opt/caddy/templates/em20-tmpl/settings.template"
				custom_css_path "/opt/caddy/css/custom.css"
				logo_url "https://envgrow.com/wp-content/blogs.dir/3/files/sites/3/2021/02/smallclearlogo-493x1024.png"
				links {
					"Elite Manager" /
					"Auth Portal Settings" /auth/settings
					"who am i check" /auth/whoami
					"Add MFA Authentication App" /auth/settings/mfa/add/app
				}
			}
			registration {
				dropbox /opt/caddy/auth/registrations_db.json
				title "User Registration"
				code "NY2020"
			}
		}
	}
	# grafana with modified base URL configuration for /gr running on port 3000 route with auth proxy & jwt authzn
	route /gr/* {
		jwt {
			enable claim headers
		}
		reverse_proxy http://localhost:3000
	}
	route /version* {
		respond * "2.0.0-a" 200
	}
	# node-red dahsboard running on port 1880 route with integrated jwt and custom middleware
	route /ui/* {
		jwt {
			enable claim headers
		}
		reverse_proxy http://localhost:1880
	}
	# elite manager running on port 1081 route
	route /* {
		jwt {
			primary yes
			trusted_tokens {
				static_secret {
					token_name access_token
					token_secret AnExampleSecretString123
				}
			}
			enable claim headers
		}
		reverse_proxy http://localhost:1081
	}
}

3. The problem I’m having:

I’m trying to add the ability for administrators already in user_db.json to move registered users from registrations_db.json to user_db.json. It doesn’t look like this has been implemented, although there was some talk of it in this issue.

Ideally, it would be nice to have this feature implemented.

For a temporary workaround, I’d like to add a new template file to handle this functionality, then be able to use it by adding an entry to links that points to that template/path. This doesn’t seem possible according to how the routing/templating is done, which only allows the existing paths/templates to be used.

Is this something that could be extended with a plugin that ties into the auth portal? It would need to override some routing, as well as make the necessary db changes. I use JavaScript mostly, so I can only make so much sense of the Caddy Go code. If there would be a better way to do this, I’m all ears.

4. Error messages and/or full log output:

N/A

5. What I already tried:

Created new template test.template
Added the test template to Caddyfile under ui
Added a link to point to /auth/test under links
Navigate to /auth/test - 404 Not Found

6. Links to relevant resources:

https://github.com/greenpau/caddy-auth-portal/issues/87

francislavoie · March 5, 2021, 7:47pm

@greenpau FYI

greenpau · March 5, 2021, 8:03pm

This requires some work. I was planning creating admin interface for approve/deny registrations and moving approved users to users db. https://github.com/greenpau/caddy-auth-portal/issues/4

Did not have time to get to it yet.

dczysz · March 10, 2021, 3:53pm

That would be fantastic. Unfortunately it doesn’t seem like this is a huge deal for other people based on the low activity/reactions on the issue, so I fully understand why this may not be the highest priority - no judgement here.

I’ll check with the team to see what our next step should be. With no Go devs it may be difficult for us to work out a solution and contribute back, but we’ll see what we can come up with because this would be a great feature to have. Thanks Paul!

greenpau · March 10, 2021, 6:11pm

@dczysz , current web pages are for the most part pure html. I wanted the “admin” page to be written in Angular. Did not have time to bring it to fruition yet, because I am focusing on MFA/U2F right now.

system · April 4, 2021, 6:07pm

This topic was automatically closed after 30 days. New replies are no longer allowed.