Comments (7)
Could you provide some more details which tools you are using? Using the same version, it works fine for me, full example below:
$ curl -X POST -d '{"password":"cJ/RH4Z1xKAu8Lk2DfRbhi6cZ3F4mG26AXhkZ8n4Ad0="}' 127.0.0.1/api/auth | jq
{
"session": {
"valid": true,
"totp": false,
"sid": "W1fiKShVr9YXHh91i1iUzA=",
"csrf": "mKijoLyeCEfL/SGL5YNUOw=",
"validity": 1800
},
"took": 0.09941768646240234
}
from ftl.
One additional hint: When requesting GET /auth/app
, you will be provided with an example of a password suiting our security standards. Nothing more than that. This GET
alone will not enable this password for you (it is idempotent)!
To enable the application password, you will have to use PATCH /config
(webserver.api.app_pwhash
) to the hash
provided to enable this new password, e.g. quoting from your post above
generate new app password using client token:
result:{"app":{"password":"PtqvT4mnl5lK/KnWNPY1Qnnlxq2W++fxDfP59BgRZeU=","hash":"$BALLOON-SHA256$v=1$s=1024,t=32$OFffzmu3Ys1/lghFoyw+Cg==$b24QQhKw3EWPNcOjLdMzofa2k3KjSTlwgZMCQs3pG/c="},"took":0.099813461303710938}
Let's apply the hash
you provided in your example:
$ curl -X PATCH -d '{"config":{"webserver":{"api":{"app_pwhash":"$BALLOON-SHA256$v=1$s=1024,t=32$OFffzmu3Ys1/lghFoyw+Cg==$b24QQhKw3EWPNcOjLdMzofa2k3KjSTlwgZMCQs3pG/c="}}}}' 127.0.0.1/api/config/webserver/api/app_pwhash | jq
{
"config": {
"webserver": {
"api": {
"app_pwhash": "$BALLOON-SHA256$v=1$s=1024,t=32$OFffzmu3Ys1/lghFoyw+Cg==$b24QQhKw3EWPNcOjLdMzofa2k3KjSTlwgZMCQs3pG/c="
}
}
},
"took": 2.574920654296875e-05
}
This enables your app password:
$ curl -X POST -d '{"password":"PtqvT4mnl5lK/KnWNPY1Qnnlxq2W++fxDfP59BgRZeU="}' 127.0.0.1/api/auth | jq
{
"session": {
"valid": true,
"totp": false,
"sid": "vrIufq7jpxL6CRXSyprT1g=",
"csrf": "PBehxmbTMpAFSVr1qTDPSA=",
"validity": 1800
},
"took": 0.13706016540527344
}
from ftl.
Thank you for the information, and you are right; I just requested the app password and never set it in the config. Setting it using the patch web API call works as expected.
However, when trying to set it by calling: pihole-FTL --config webserver.api.app_pwhash 'passwordhash'
, it's required to restart the FTL service for the new password to work.
Is this the expected behavior?
from ftl.
However, when trying to set it by calling:
pihole-FTL --config webserver.api.app_pwhash 'passwordhash'
, it's required to restart the FTL service for the new password to work.
Is this the expected behavior?
No, it is not and there is actually no restart necessary on my local Pi-hole:
$ curl -X POST -d '{"password":"PtqvT4mnl5lK/KnWNPY1Qnnlxq2W++fxDfP59BgRZeU="}' 127.0.0.1/api/auth | jq
{
"session": {
"valid": false,
"totp": false,
"sid": null,
"validity": -1
},
"took": 0.1096031665802002
}
$ sudo pihole-FTL --config webserver.api.app_pwhash
$ sudo pihole-FTL --config webserver.api.app_pwhash '$BALLOON-SHA256$v=1$s=1024,t=32$OFffzmu3Ys1/lghFoyw+Cg==$b24QQhKw3EWPNcOjLdMzofa2k3KjSTlwgZMCQs3pG/c='
$BALLOON-SHA256$v=1$s=1024,t=32$OFffzmu3Ys1/lghFoyw+Cg==$b24QQhKw3EWPNcOjLdMzofa2k3KjSTlwgZMCQs3pG/c=
$ curl -X POST -d '{"password":"PtqvT4mnl5lK/KnWNPY1Qnnlxq2W++fxDfP59BgRZeU="}' 127.0.0.1/api/auth | jq
{
"session": {
"valid": true,
"totp": false,
"sid": "X7/zbDgyiN0QIFhR8mNG2A=",
"csrf": "8bOL9WIhLyoHh/79aNJCqg=",
"validity": 1800
},
"took": 0.1388406753540039
}
I assume your observation that a restart is required corresponds with the running FTL process not getting to know that the config has changed and, hence, that it needs to re-read the file. Do you see a line like INFO: Reloading config due to pihole.toml change
in your /var/log/pihole/FTL.log
when running the pihole-FTL --config ...
command?
from ftl.
I believe there might be a 'race condition' occurring on my end. If the login request is sent too quickly after changing the password with pihole-FTL --config, it may fail to authenticate.
Thank you for your assistance, and sorry for the noise.
from ftl.
No worries, maybe someone will arrive here via Google in the future and have the same question. Glad it's arrived for you!
I think we can improve the API documentation to be more explicit about that the app password needs to be applied before it can be used.
from ftl.
from ftl.
Related Issues (20)
- debug.api help text needs another description HOT 1
- FTL Crash HOT 4
- Unable to build FTL from source HOT 9
- [Pi-hole V6] Ftl crash because of database? HOT 10
- [Beta V6] FTL-Checksum error? HOT 4
- Compilation failure with GCC 14 HOT 7
- dns.hosts(0): invalid hostname HOT 4
- v6 Seg fault crash on first startup macOS M2 HOT 14
- Pihole-FTL v6 crash when ipv6 disabled and ipv6 dns given. HOT 2
- crash on internet outage HOT 6
- v6: documentation on PUT /clients/ is not complete HOT 8
- DHCP server is configured with incorrect netmask HOT 8
- Pihole is not installing update HOT 6
- Overzealous inline opitimizations? HOT 7
- FTL crashes when activating DHCP server HOT 6
- dev: webserver doesn't properly detect mbedtls dependency HOT 6
- PTR requests not being generated for local clients HOT 26
- Client ipv6 hostnames is not resolving and not being stored in FTL database HOT 5
- Obsolete MAC Vendor DB Script HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ftl.