coop-cloud/outline
coop-cloud
/
outline
generated from coop-cloud/example
1
0
Fork 3
Code Issues 7 Pull Requests Projects Releases Wiki Activity

SECRET_KEY is generated with incorrect length #12

New Issue
Open
opened 2023-04-22 22:19:34 +00:00 by 3wordchant · 5 comments
3wordchant commented 2023-04-22 22:19:34 +00:00
Owner
Copy Link

Steps to reproduce:

  1. abra app new outline
  2. (enable SSO)
  3. abra app deploy outline
  4. Try to log in

Expected:

  • Works!

Actual:

  • Sent back to login screen, error in logs: �2023-04-22T00:11:09.611179000Z {"error":"Invalid key length","stack":"UnauthorizedError: Invalid key length\n at AuthenticationError (/opt/outline/build/server/errors.js:38:34)\n at accountProvisioner (/opt/outline/build/server/commands/accountProvisioner.js:118:43)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)","level":"error","message":"Error during authentication"}

This seems to be because SECRET_KEY should be 32 characters, but abra generates a 64-character secret. Maybe changing to length=32 is enough?

Steps to reproduce: 1. `abra app new outline` 2. (enable SSO) 3. `abra app deploy outline` 4. Try to log in Expected: - Works! Actual: - Sent back to login screen, error in logs: `�2023-04-22T00:11:09.611179000Z {"error":"Invalid key length","stack":"UnauthorizedError: Invalid key length\n at AuthenticationError (/opt/outline/build/server/errors.js:38:34)\n at accountProvisioner (/opt/outline/build/server/commands/accountProvisioner.js:118:43)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)","level":"error","message":"Error during authentication"}` This seems to be because SECRET_KEY should be 32 characters, but abra generates a 64-character secret. Maybe changing to `length=32` is enough?
👍 2
iexos commented 2023-05-10 10:34:06 +00:00
Member
Copy Link

Changing secret_key to length 32 doesn't solve the problem for me, I still get the exact same error msg.
I also tried length=16, then I got:

{"level":"warn","message":"- SECRET_KEY's byte length must fall into (32, 64) range"}

So I guess the length of secret_key is not the issue.

Changing `secret_key` to length 32 doesn't solve the problem for me, I still get the exact same error msg. I also tried length=16, then I got: ``` {"level":"warn","message":"- SECRET_KEY's byte length must fall into (32, 64) range"} ``` So I guess the length of secret_key is not the issue.
3wordchant commented 2023-05-10 16:53:30 +00:00
Author
Owner
Copy Link

@iexos maybe you tried already, but you'd need to regenerate secrets (abra app secret rm ..., abra app secret generate ...) after changing this, and possibly also drop volumes (abra app volume rm -A ...).

Are you able to check what the current length of the secret key is, e.g. abra app run <domain> app cat /run/secrets/secret_key | wc -c?

@iexos maybe you tried already, but you'd need to regenerate secrets (`abra app secret rm ...`, `abra app secret generate ...`) after changing this, and possibly also drop volumes (`abra app volume rm -A ...`). Are you able to check what the current length of the secret key is, e.g. `abra app run <domain> app cat /run/secrets/secret_key | wc -c`?
iexos commented 2023-05-10 21:34:34 +00:00
Member
Copy Link

Yes i did remove and regenerate with different key sizes, and also completely removed the app. Just tried now again:

> abra app run <domain> app cat /run/secrets/secret_key | wc -c
32

Also tried reducing the utils_secret to 32 chars and upgrading to newest image outlinewiki/outline:0.69.2, no change.

I'm using Authentik, maybe this is about some key that is returned? I also tried changing the key sizes within Authentik provider, no change.

Yes i did remove and regenerate with different key sizes, and also completely removed the app. Just tried now again: ``` > abra app run <domain> app cat /run/secrets/secret_key | wc -c 32 ``` Also tried reducing the utils_secret to 32 chars and upgrading to newest image `outlinewiki/outline:0.69.2`, no change. I'm using Authentik, maybe this is about some key that is returned? I also tried changing the key sizes within Authentik provider, no change.
iexos commented 2023-05-11 12:54:19 +00:00
Member
Copy Link

Got it to work now. SECRET_KEY has to be in hex format, i.e. like openssl rand -hex 32. Can abra do that?

Got it to work now. `SECRET_KEY` has to be in hex format, i.e. like `openssl rand -hex 32`. Can `abra` do that?
3wordchant commented 2023-07-08 20:35:04 +00:00
Author
Owner
Copy Link

Ah great call, yes, that rings a bell. No, I think abra's current secret generation only does alphanumeric secrets - race you to a feature request in coop-cloud/organising

Ah great call, yes, that rings a bell. No, I think abra's current secret generation only does alphanumeric secrets - race you to a feature request in coop-cloud/organising
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
simon-add-local-storage-support
pg15
old-database
smtp
2.2.0+0.75.2
2.1.0+0.75.0
2.0.1+0.74.0
2.0.0+0.74.0
1.1.0+0.73.1
1.0.1+0.72.2
1.0.0+0.72.1
0.13.0+0.71.0
0.12.0+0.70.2
0.11.0+0.69.2
0.10.0+0.69.2
0.9.0+0.69.2
0.8.0+0.69.2
0.7.0+0.69.0
0.6.0+0.67.2
0.5.0+0.67.2
0.5.0+0.66.3
0.4.1+0.64.4
0.4.0+0.64.3
0.3.0+0.62.0
0.2.0+0.60.3
0.1.0+0.60.3
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/outline#12
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?