Basic auth login issue

[vdice]

I'm having trouble logging in with basic auth. Tested with latest commit on main (as of writing: d62d537bb096fb8ce25cabb731471b7a500d7e10) and most recent v0.8.0 tag.

However, I may be missing something. Here's my flow:

1. Generate htpassword file, start bindle server

$ echo ${PASSWORD} | htpasswd -cBi ./htpassword admin
Adding password for user admin

$ AUTH_MODE='--htpasswd-file ./htpassword' make serve
cargo run --features cli --bin bindle-server -- --directory /Users/vdice/.bindle/bindles --address 127.0.0.1:8080   --htpasswd-file ./htpassword
    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
     Running `target/debug/bindle-server --directory /Users/vdice/.bindle/bindles --address '127.0.0.1:8080' --htpasswd-file ./htpassword`
2022-02-04T17:59:10.224917Z  WARN bindle_server: No config file loaded error=failed to read TOML file /Users/vdice/Library/Application Support/bindle/server.toml: No such file or directory (os error 2)
2022-02-04T17:59:10.224995Z  WARN bindle_server: No keyring.toml found. Using default keyring.
2022-02-04T17:59:10.225172Z  INFO bindle_server: Using verification strategy of GreedyVerification
2022-02-04T17:59:10.225505Z  INFO bindle_server: Starting server at 127.0.0.1:8080, and serving bindles from /Users/vdice/.bindle/bindles
2022-02-04T17:59:10.225520Z  INFO bindle_server: Using FileProvider
2022-02-04T17:59:10.225528Z  INFO bindle_server: Auth mode: HTTP Basic Auth
2022-02-04T17:59:10.225677Z DEBUG bindle::provider::file: Creating new file provider path=/Users/vdice/.bindle/bindles cache_size=50
2022-02-04T17:59:10.225755Z DEBUG bindle::provider::file: warming index
2022-02-04T17:59:10.225768Z  INFO bindle::provider::file: Beginning index warm path=/Users/vdice/.bindle/bindles
2022-02-04T17:59:10.225965Z  INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/26a53c8670e4bbcb1ec1adbb0f87b6a28a363636835e67d7ebd4f7cba6db3753/invoice.toml
2022-02-04T17:59:10.242246Z  INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/9952d6c87384a10846abdb9cd8a84796bb36b3d12140144f3b59b1d77cba4811/invoice.toml
2022-02-04T17:59:10.257905Z  INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/59ec977e4fcca995e928e61bb4f25869a058f85479a6b63ea0e4d61e2794b4c1/invoice.toml
2022-02-04T17:59:10.273870Z  INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/c809013db4f25a514a3d9dea69edbe10c81a75e625cab979f238e35ead864ed0/invoice.toml
2022-02-04T17:59:10.289691Z  INFO bindle::provider::file: Loading invoice into search index path=/Users/vdice/.bindle/bindles/invoices/912a4ee7f7401408279eb3c646591ecb33953c7cffc01086df50ee891e2c4911/invoice.toml
2022-02-04T17:59:10.305543Z DEBUG bindle::provider::file: Warmed index total_indexed=5
2022-02-04T17:59:10.305658Z DEBUG bindle::server: No TLS config found, starting server in HTTP mode

2. Attempt to login:

$ BINDLE_URL="http://127.0.0.1:8080/v1" BINDLE_HTTP_USER="admin" BINDLE_HTTP_PASSWORD="${PASSWORD}" bindle login
Error contacting server: The request could not be handled by the server. Verify your Bindle server URL

3. Bindle server logs:

2022-02-04T18:00:09.483206Z  INFO request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: warp::filters::trace: processing request
2022-02-04T18:00:09.483632Z ERROR request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::handlers::v1: Unable to parse device auth url error=RelativeUrlWithoutBase
2022-02-04T18:00:09.483725Z DEBUG request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::reply: Parsed accept header into list accept_value=application/toml accept_items=["application/toml"]
2022-02-04T18:00:09.483784Z DEBUG request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::reply: Selected a best-fit MIME best_fit=application/toml
2022-02-04T18:00:09.483865Z  INFO request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: warp::filters::trace: finished processing with success status=400

[thomastaylor312]

This looks like it is somehow hitting the oauth flow code for some reason

2022-02-04T18:00:09.483632Z ERROR request{method=GET path=/v1/login version=HTTP/1.1 remote.addr=127.0.0.1:56443}: bindle::server::handlers::v1: Unable to parse device auth url error=RelativeUrlWithoutBase

[thomastaylor312]

Oh @vdice because it is HTTP basic auth, you don't need to bindle login. You can just set the user and password and be good to go

[thomastaylor312]

I think the solution here is:

• Document this behavior
• Update the client to just return if http basic auth is set

[vdice]

Ah, I see. Thanks @thomastaylor312. Path forward sgtm.

[vdice]

@thomastaylor312 could the login flow w/ basic auth also create a session token with the provided un/pw so that it doesn't need to be passed in on further actions again? a la oidc? Or is this an anti-pattern w/ basic auth?

[thomastaylor312]

I think that could work! You'd store it just like an OIDC token. We should probably capture that in another issue if you want to go that way

[vdice]

Oops, there are actually a few items needed to resolve this issue, as mentioned in #302 (comment)