Can't login to admin, credentials window asks again and again and again...

[g4rf]

I have a fresh and clean install of epl, and can't login to the admin page. It asks again and again to put in the credentials. I use no auth plugin.

Version: 1.8.0beta

settings.conf

{
  "users": {
     "admin": {
        "is_admin": true,
        "password": ****
     }
  },

  "skinName": "colibris",
  "ip": "127.0.0.1",
  "port": 9001,
  "showSettingsInAdminPage": true,
  "dbType" : "mysql",
  "dbSettings" : {
    "user":     ****,
    "host":     "localhost",
    "port":     3306,
    "password": ****,
    "database": "etherpad_lite_db",
    "charset":  "utf8mb4"
  },
  "suppressErrorsInPadText": false,
  "requireSession": false,
  "editOnly": false,
  "sessionNoPassword": false,
  "minify": true,
  "maxAge": 21600, // 60 * 60 * 6 = 6 hours
   "abiword": "/usr/bin/abiword",
  "soffice": null,
  "tidyHtml": "/usr/bin/tidy",
  "allowUnknownFileEnds": true,
  "requireAuthentication": false,
  "requireAuthorization": false,
  "trustProxy": false,
  "disableIPlogging": true,
  "automaticReconnectionTimeout": 0,
  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
  "loadTest": false,
  "exposeVersion": false,
  "loglevel": "INFO",
  [...]
}

I searched the net but did not find any topic concerning my problem. Any idea?

-- Update:

Switched back to 1.7.5, where the admin section is accessible.

[muxator]

Hi, that's new to me.

[g4rf]

Any suggestions? The log shows no message.

Maybe I didn't get the user management the right way:

It's only about the "users" section in the settings.json, isn't it?

"users": {
    "admin": {
        "is_admin": true,
        "password": ****
    }
}

-- Update:

Switched back to 1.7.5, where the admin section is accessible.

[muxator]

Many thanks for the update.

If switching back to 1.7.5 solved the problem for you, there could be a regression somewhere. It is worth digging deeper.

[muxator]

And here we are: this is a regression introduced in 7c099fe.

Last working version (4e758a9):

git checkout 4e758a9f4a50
node <base>/node_modules/ep_etherpad-lite/node/server.js
curl --silent --output /dev/null --write-out "HTTP/%{http_code}\n" --basic --user admin:password http://localhost:9001/admin/
HTTP/200

Regressed version (7c099fe):

git checkout 7c099fef5e08
node <base>/node_modules/ep_etherpad-lite/node/server.js
curl --silent --output /dev/null --write-out "HTTP/%{http_code}\n" --basic --user admin:password http://localhost:9001/admin/
HTTP/401

Thank you for spotting it!

[muxator]

The change that implemented #3648 (7c099fe) was incorrect, and resulted in disabling every user at startup.

The problem was twofold:

1. _.filter() on an object returns an array of the object's enumerable values and strips out the keys. This changed the layout of the users object, effectively nuking everyone.
   See: https://stackoverflow.com/questions/11697702/how-to-use-underscore-js-filter-with-an-object
   To filter an object, the function that needs to be used is _.pick();
2. The logic condition on userProperties.password was plain wrong (it should have been an AND instead of an OR).

Thanks @g4rf for finding this bug.