Community Health Toolkit

CHT Tutorial Contacts + User Management Part 1 user authentication

After adding a new user, I can no longer open the user login in screen on localhost

You can reproduce the error by adding user in the app management screen , then logging off and then logging in again. When I tried to log in again, I could not with the new user id and password. (maybe incorrect password typed in, but not sure. I close the page and then tried to reopen it and get a 401 error based upon the new user (indira) I had entered.?

I believe this is true because of the haproxy dump
ta6w7UgoGU-Y8pVyI-1-0sRJVJRpynylvZGu3XRIWSJ8053GupKbvjR2N9rCahSSNIvEIO3htKfRQquVXEqOvimd9nLa22hzq_FSImZykPZxmt2bcD8QAy2gd2_1F9Ovn0c"}’,426,5,58,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding?,api,medic-api,’-’,736,1,437,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,’-’,384,0,61,‘like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.78’
haproxy | Aug 24 17:23:52 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding/favicon.ico,api,medic-api,’-’,5721,2,5430,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,’-’,384,1,61,‘like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.78’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding?,api,medic-api,’-’,736,2,437,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’
haproxy | Aug 24 17:24:53 6c33824ec23f haproxy[25]: 172.18.0.3,200,GET,/medic/branding/favicon.ico,api,medic-api,’-’,5721,2,5430,‘node-fetch/1.0 (+https://github.com/bitinn/node-fetch)’

I have shutdown the instance several times, rebooted computer.
I have tried to upload the ANC app, and a new blank app.

I still get the GET,/_session,-indira,**’-…
I not clear why authentication is still looking for this user prior to the login is performed?

Jim

1 Like

Hi @jstafford .

I think what’s happening is when you load the app it checks to see if you’re logged in by issuing the _session request. As soon as it detects you’re not logged in the client will redirect you to the login page to log in again. Is this what you’re seeing?

When you were trying to log in, do you recall what error you were getting?

You may be able to find more information in the dev console in your browser which you can check by pressing F12.

In initially got this error when logging in as a new user (indira)
{“error”:“forbidden”,“reason”:“Insuffcient priviledges”}
After I got this error, I could not get to the login page again.

I get the standard warning “Privacy Error” when going to localhost
that requires you to go to Advanced in order to continue .
When I continue I get “Loading error, please check your connection” with Try again button.
NO Login in menu/dialog

This is haproxy dumps
haproxy | Aug 26 22:03:45 251a56740e89 haproxy[25]: 172.18.0.3,401,GET,/_session,-,indira,’-’,384,0,61,'like Gecko) Chrome/92.0.4515.159 Safari/537.36’

Browser Console is showing
inbox.js:3 Error bootstrapping DOMException: Failed to register a ServiceWorker for scope (‘https://localhost/’) with script (‘https://localhost/service-worker.js’): An SSL certificate error occurred when fetching the script.

I did run the ```
./scripts/add-local-ip-certs-to-docker.sh
and then went to the .my.local-ip.co and was able to pull up the login in menu and used the default login
indira does appear as a user, but I hesitant to try to login in as her, as this “appears to have caused” the problem in the first place.

At least where I am at now , I can continue with the tutorial and hopefully complete it without anymore issues. But it would be nice to understand what is going on.

Hopefully as some point I can become a help to the project instead of a hindrance

Thanks
Jim

Reporting challenges you have with setup is very helpful, thank you!

I think the service worker error is the root cause. The service worker is used to cache all the files for the application in the browser so it can be used offline so it’s essential to getting the app running.

It sounds like you’ve now solved the certificate issue by using the local IP script, so now you should be able to log in as per usual with the indira user at the local-ip URL.

One other thing you can try if things go wrong in future is clearing the browser’s cookies and service workers. This resets the browser completely so you can go back to the login page again.

@jstafford - thanks so much for letting us know you’re having issues getting started with the CHT. As @gareth mentioned, feedback like this is indeed helpful.

The issue you’re encountering is for sure due to the invalid TLS certificate. We have a closed issue covering this. The fix, as documented on the ticket, is to do exactly as you’ve done: install the valid TLS certificates from local-ip.co via the add-local-ip-certs-to-docker.sh script.

With the valid TLS certificate in place (good job!), and following Gareth’s advice about clearing cookies and service workers, I hope you find confidence in trying to log in as indira - it should just work!

Please report back on how you’re progressing.

1 Like