Comments (15)
I see the password is hashed using pbkdf2_sha256
with 36000 iterations and using a salt.
How can I find out the salt so I can inject the password correctly?
from cabot.
I think I found the correct way. The cabotapp/cabot
Docker image exposes the django-admin
command:
/ # django-admin --help
Type 'django-admin help <subcommand>' for help on a specific subcommand.
Available subcommands:
[auth]
changepassword
createsuperuser
...
I think using createsuperuser
and changepassword
via django-admin
is the correct answer.
from cabot.
Yes that's correct
from cabot.
I tried running:
export DJANGO_SUPERUSER_PASSWORD=my-secret-password
django-admin createsuperuser --noinput --username admin --email [email protected]
On my Cabot installation, but the password that ends up in the database doesn't look correct, and I can't login using it.
When I look in the database the password has a different format. Normally it looks like this:
pbkdf2_sha256$36000$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=
But now I'm seeing something like this:
!aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
In the password
column. Doesn't seem right.
from cabot.
@dbuxton can you reopen this?
I cannot get this to work using django-admin createsuperuser
. Either it doesn't respect DJANGO_SUPERUSER_PASSWORD
or the format of the password it puts into auth_user
table is incorrect.
from cabot.
I have tried running the same command twice with the same value of DJANGO_SUPERUSER_PASSWORD
but the resulting value in password
column is different every time. I think its ignoring DJANGO_SUPERUSER_PASSWORD
.
from cabot.
Oh, it appears Cabot is still using a quite old 1.11.11
version of Django from March 6, 2018
:
/ # django-admin version
1.11.11
https://docs.djangoproject.com/en/3.1/releases/1.11.11/
And according to this comment the support for DJANGO_SUPERUSER_PASSWORD
was added in 3.0
:
As of Django 3.0 (per the docs) you can use the
createsuperuser --no-input
option and set the password with theDJANGO_SUPERUSER_PASSWORD
environment variable, e.g.
https://stackoverflow.com/a/59467275
from cabot.
Yep, the 1.11
documentation makes no reference to DJANGO_SUPERUSER_PASSWORD
:
https://docs.djangoproject.com/en/1.11/ref/django-admin/#createsuperuser
from cabot.
Right you are; it looks like you have to inject in some code like this:
echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'pass')" | python manage.py shell
from cabot.
Yes, but where do I find manage.py
? I can't find it in the Docker image:
/ # find / -iname 'manage.py'
find: /proc/tty/driver: Permission denied
/ #
from cabot.
When I look in the module folder I see only the contents of the cabot
subfolder of this repo:
/ # ls -l /usr/local/lib/python2.7/site-packages/cabot
total 144
-rw-r--r-- 1 root root 217 Jan 30 2019 __init__.py
-rw-r--r-- 1 root root 307 Jan 30 2019 __init__.pyc
-rw-r--r-- 1 root root 1361 Jan 30 2019 cabot_config.py
-rw-r--r-- 1 root root 1016 Jan 30 2019 cabot_config.pyc
drwxr-xr-x 6 root root 4096 Jan 30 2019 cabotapp
-rw-r--r-- 1 root root 716 Jan 30 2019 celery.py
-rw-r--r-- 1 root root 974 Jan 30 2019 celery.pyc
-rw-r--r-- 1 root root 446 Jan 30 2019 celeryconfig.py
-rw-r--r-- 1 root root 616 Jan 30 2019 celeryconfig.pyc
-rw-r--r-- 1 root root 200 Jan 30 2019 context_processors.py
-rw-r--r-- 1 root root 461 Jan 30 2019 context_processors.pyc
-rw-r--r-- 1 root root 212 Jan 30 2019 entrypoint.py
-rw-r--r-- 1 root root 545 Jan 30 2019 entrypoint.pyc
-rw-r--r-- 1 root root 3868 Jan 30 2019 rest_urls.py
-rw-r--r-- 1 root root 3986 Jan 30 2019 rest_urls.pyc
-rw-r--r-- 1 root root 11436 Jan 30 2019 settings.py
-rw-r--r-- 1 root root 9903 Jan 30 2019 settings.pyc
-rw-r--r-- 1 root root 759 Jan 30 2019 settings_ldap.py
-rw-r--r-- 1 root root 858 Jan 30 2019 settings_ldap.pyc
-rw-r--r-- 1 root root 255 Jan 30 2019 settings_utils.py
-rw-r--r-- 1 root root 677 Jan 30 2019 settings_utils.pyc
drwxr-xr-x 4 root root 4096 Jan 30 2019 templates
-rw-r--r-- 1 root root 8652 Jan 30 2019 urls.py
-rw-r--r-- 1 root root 8575 Jan 30 2019 urls.pyc
-rw-r--r-- 1 root root 141 Jan 30 2019 version.py
-rw-r--r-- 1 root root 311 Jan 30 2019 version.pyc
-rw-r--r-- 1 root root 165 Jan 30 2019 wsgi.py
-rw-r--r-- 1 root root 349 Jan 30 2019 wsgi.pyc
So it looks to me like manage.py
is just not included in the image.
from cabot.
It appears that cabotapp/cabot image is not created from the Dockerfile
in this repo but rather this one:
https://github.com/cabotapp/docker-cabot/blob/master/Dockerfile
from cabot.
I've opened an issue with them about missing manage.py
: cabotapp/docker-cabot#43
They have had that mentioned before in cabotapp/docker-cabot#1 but they got around by doing migrations using cabot migrate
.
from cabot.
Actually, the contents of /usr/local/bin/django-admin
are quite similar to manage.py
:
/ # cat /usr/local/bin/django-admin
#!/usr/local/bin/python
# -*- coding: utf-8 -*-
import re
import sys
from django.core.management import execute_from_command_line
if __name__ == '__main__':
sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
sys.exit(execute_from_command_line())
from cabot.
It works!
/ # django-admin shell
Python 2.7.15 (default, Dec 21 2018, 03:51:20)
[GCC 6.4.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> from django.contrib.auth.models import User
>>> User.objects.create_superuser('admin', '[email protected]', 'pass')
<User: admin>
And I was able to log in.
Thanks for help @dbuxton !
from cabot.
Related Issues (20)
- worker not subscribing to tasks from docker-compose / Checks not running
- Feature request: TLS 1.3 support
- Move documentation to README/Github HOT 2
- Planning migrate to Django 2.2? HOT 3
- Email alerts sent once not multiple times HOT 1
- There are no global settings yet HOT 2
- Jenkins check shows passing even though the status is failed HOT 5
- GitHub OAuth fails with redirect_uri_mismatch HOT 5
- Cabot using deprecated access_token GitHub query parameter HOT 4
- The is_public setting for services appears to be ignored HOT 5
- Not receiving phone call when ICMP is down HOT 8
- Decrease frequency check to trigger alert! HOT 1
- How to add API route for a check plugin HOT 7
- docker-compose fails on Raspberry Pi 4 32bit
- Service 'beat' failed to build : The command '/bin/sh -c pip install --no-cache-dir -r requirements.txt' returned a non-zero code: 1 HOT 3
- Docker Images build fails HOT 1
- Pushes from alertmanager HOT 1
- Potential usage of cabot for WordPress Maintenance service?
- Twilio TLS certificate is not accepted by the Cabot docker image, so SMS and phone call notifications do not work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cabot.