0

I am using node v0.18.4 on a raspberry pi 3 Jessie. I want to secure the node-red editor, for which i followed the security.html page provided by node red and also I watched a video on youtube. I did the exact same steps, which are:-

1) Go to ~/.node-red/settings.js

2) Uncomment adminAuth

3) Install node-red-admin - sudo npm install -g node-red-admin

4) Generate hash password using, node-red-admin hash-pw

5) Paste the hashed password to adminAuth password field.

6) Save and restart node red

However I do not get the login prompt. The editor just loads without asking me for the username and the password.

I looked it up online, and all I found were httpNodeAuth. I am not trying to secure the UI, I am trying to secure the editor. Also I found a post that said sessions.json file would be written by node-red which was empty when I checked. It said that, it was because on when running node red on images, this file is not writable. So I even followed the steps to placing the settings.json file to a writable location, and then created a shortcut for it in the node-red folder. This also didn't work out for me.

I also found a post where it said that the hashed password must have a correct format. I got a link to a hash password generator site. I copied the hash password from there but even that didn't result in the login prompt.

Please suggest why I might be getting this problem.

Thanks in advance.

Namah
  • 79
  • 2
  • 10
  • 1
    When Node-RED starts, it logs the path to the settings file it is using. Check it is using the settings file you have edited. – knolleary May 22 '18 at 09:33
  • Thank you for the instant reply and yes, I have tried seeing if the correct settings.js file is loaded. I used node-red command and saw that the settings.js file is loaded from the correct location i.e. home/pi/.node-red/settings.js or ~/.node-red/settings.js. – Namah May 22 '18 at 09:52
  • By the way, I also stopped node red and restarted it without an internet connection to run on localhost. Same problem, didn't work out for me. – Namah May 22 '18 at 09:55
  • Which Browser are you using? And have you tried from another one? It's possible the browser is trying to be helpful by caching the page... holding the `Shift` key while clicking the Reload button sometimes helps me clear those out. – SteveR May 22 '18 at 14:57
  • Hey, thanks for replying. I am using chromium. I run on raspberry Pi, so I can't use multiple browsers. However, I have already tried hard reload, ctrl and f5 and shift f5. I also tried loading node red in incognito mode. Did not work. – Namah May 23 '18 at 11:44

1 Answers1

0

I had somewhat similar problem on PC - asked for login at first, then didn't ask again. Shift with reload didn't change it either.

I did log out, then it asked for password, so you might try that. Also switching from Chrome to IE, I got a login as well.

AGuyNamedKen
  • 41
  • 4