CHT Tutorial Contacts + User Management Part 1 user authentication

After adding a new user, I can no longer open the user login in screen on localhost

You can reproduce the error by adding user in the app management screen , then logging off and then logging in again. When I tried to log in again, I could not with the new user id and password. (maybe incorrect password typed in, but not sure. I close the page and then tried to reopen it and get a 401 error based upon the new user (indira) I had entered.?

I believe this is true because of the haproxy dump
ta6w7UgoGU-Y8pVyI-1-0sRJVJRpynylvZGu3XRIWSJ8053GupKbvjR2N9rCahSSNIvEIO3htKfRQquVXEqOvimd9nLa22hzq_FSImZykPZxmt2bcD8QAy2gd2_1F9Ovn0c"}‘,426,5,58,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding?,api,medic-api,’-‘,736,1,437,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,’-‘,384,0,61,‘like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.78’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding/favicon.ico,api,medic-api,’-‘,5721,2,5430,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,’-‘,384,1,61,‘like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.78’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding?,api,medic-api,’-‘,736,2,437,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding/favicon.ico,api,medic-api,’-',5721,2,5430,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’

I have shutdown the instance several times, rebooted computer.
I have tried to upload the ANC app, and a new blank app.

I still get the GET,/_session,-indira,**'-…
I not clear why authentication is still looking for this user prior to the login is performed?

Jim

Hi @jstafford .

I think what’s happening is when you load the app it checks to see if you’re logged in by issuing the _session request. As soon as it detects you’re not logged in the client will redirect you to the login page to log in again. Is this what you’re seeing?

When you were trying to log in, do you recall what error you were getting?

You may be able to find more information in the dev console in your browser which you can check by pressing F12.

In initially got this error when logging in as a new user (indira)
{“error”:“forbidden”,“reason”:“Insuffcient priviledges”}
After I got this error, I could not get to the login page again.

I get the standard warning “Privacy Error” when going to localhost
that requires you to go to Advanced in order to continue .
When I continue I get “Loading error, please check your connection” with Try again button.
NO Login in menu/dialog

This is haproxy dumps
haproxy | Aug 26 22:03:45 251a56740e89 haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,‘-’,384,0,61,'like Gecko) Chrome/92.0.4515.159 Safari/537.36’

Browser Console is showing
inbox.js:3 Error bootstrapping DOMException: Failed to register a ServiceWorker for scope (‘https://localhost/’) with script (‘https://localhost/service-worker.js’): An SSL certificate error occurred when fetching the script.

I did run the ```
./scripts/add-local-ip-certs-to-docker.sh
and then went to the .my.local-ip.co and was able to pull up the login in menu and used the default login
indira does appear as a user, but I hesitant to try to login in as her, as this “appears to have caused” the problem in the first place.

At least where I am at now , I can continue with the tutorial and hopefully complete it without anymore issues. But it would be nice to understand what is going on.

Hopefully as some point I can become a help to the project instead of a hindrance

Thanks
Jim

Reporting challenges you have with setup is very helpful, thank you!

I think the service worker error is the root cause. The service worker is used to cache all the files for the application in the browser so it can be used offline so it’s essential to getting the app running.

It sounds like you’ve now solved the certificate issue by using the local IP script, so now you should be able to log in as per usual with the indira user at the local-ip URL.

One other thing you can try if things go wrong in future is clearing the browser’s cookies and service workers. This resets the browser completely so you can go back to the login page again.

@jstafford - thanks so much for letting us know you’re having issues getting started with the CHT. As @gareth mentioned, feedback like this is indeed helpful.

The issue you’re encountering is for sure due to the invalid TLS certificate. We have a closed issue covering this. The fix, as documented on the ticket, is to do exactly as you’ve done: install the valid TLS certificates from local-ip.co via the add-local-ip-certs-to-docker.sh script.

With the valid TLS certificate in place (good job!), and following Gareth’s advice about clearing cookies and service workers, I hope you find confidence in trying to log in as indira - it should just work!

Please report back on how you’re progressing.

I am getting the same error: 'Loading error, please check your connection’ with a Try again button. I have installed Valid TLS certificate but the issue is persistent. Any idea why this could be happening?

When I run curl -I https://medic:password@my_IP.my.local-ip.co on cht-core , I get, Could not resolve host: my_IP

Hi @Esther_Moturi

That error can appear for a variety of reasons, from the server being unreachable or down, to bugs in the code.
Are you getting this error immediately after logging or refreshing the page, or do you see another screen before this error appears?
\Have you checked browser logs for errors?

Thanks!

Thanks @diana for the quick response. I am getting the error immediately after I log in. This is what I get from inspecting the browser: Error bootstrapping DOMException: Failed to register a ServiceWorker for scope (‘https://localhost/’) with script (‘https://localhost/service-worker.js’): An SSL certificate error occurred when fetching the script.

Not sure if I my SSL certificate installed

@Esther_Moturi - two follow up questions:

1. are you running this in an Incognito tab and logging in as offline user? If yes, try running in a non-incognito tab.
2. if you continue to get the Could not resolve host error, consider adding a hard coded /etc/hosts entry per these instructions.

Let us know if either of those helps!

I did step number 2, restarted my containers and I am still getting the same error. I have also observed that I only get the error when logging in as a user rather than when I log in as admin.

When logged in as admin, this is what I see on the About tab: Not sure if the ‘Disabled for administrators’ means anything

image2628×1108 221 KB

Not sure what the problem could have been, I have tried with Safari browser and it has worked

I have also observed that I only get the error when logging in as a user rather than when I log in as admin.

That’s because admin users don’t require installing the service worker, whereas normal offline users do. The service worker is part of what enables the app to work when offline, and it requires a valid SSL certificate to be installed (this is a browser-level requirement).

Which browser were you getting the error with initially?
Are you using my.local-ip.co to access your instance or not?
In the error you shared it looks like your’re using localhost, but your curl command uses my.local-ip.co.

I was using my.local-ip.co, but I can retry to confirm. I was using Chrome.