passbolt_api icon indicating copy to clipboard operation
passbolt_api copied to clipboard
Published 2 months ago verified publisher icon passbolt

DATASOURCES_DEFAULT_PASSWORD_FILE not working with passbolt register_user

Open FabienYt opened this issue 2 years ago • 1 comments

  • Passbolt Version: 4.1.2-1-ce
  • Platform and Target: -- Operating system: Docker 24.0.5 (Debian 12) + Docker Compose 2.20.2 -- Database server: PostgreSQL 15.3-bookworm

What you did

I would like to create first admin user (as described in the documentation):

$ docker exec passbolt su -m -c "bin/cake passbolt register_user -u [email protected] -f yourname -l surname -r admin" -s /bin/sh www-data

I used secret for database password (DATASOURCES_DEFAULT_PASSWORD_FILE)

What happened

The new user cannot be created because the script cannot find the database password:

2023-08-06 20:38:44 error: [Cake\Database\Exception\MissingConnectionException] Connection to Postgres could not be established: SQLSTATE[08006] [7] connection to server at "passbolt-postgres" (172.22.0.2), port 5432 failed: fe_sendauth: no password supplied in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 133 Caused by: [PDOException] SQLSTATE[08006] [7] connection to server at "passbolt-postgres" (172.22.0.2), port 5432 failed: fe_sendauth: no password supplied in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 121 2023-08-06 20:38:44 error: Could not connect to Database.

What you expected to happen

If I use DATASOURCES_DEFAULT_PASSWORD instead of DATASOURCES_DEFAULT_PASSWORD_FILE, everything works. After user creation (with DATASOURCES_DEFAULT_PASSWORD), everything works with DATASOURCES_DEFAULT_PASSWORD_FILE variable.

FabienYt avatar Aug 07 '23 11:08 FabienYt

I have the same issue. If you connect to the container, only the _FILE environment variables are available. I overcame this by populating the relevant variables in the container before running the command as follows:

docker exec -ti passbolt-container-name bash

su -s /bin/bash www-data

export DATASOURCES_DEFAULT_PASSWORD=$(cat ${DATASOURCES_DEFAULT_PASSWORD_FILE})

/usr/share/php/passbolt/bin/cake \
                                passbolt register_user \
                                -u <[email protected]> \
                                -f <yourname> \
                                -l <surname> \
                                -r admin

You'll need to repeat the export for each of the _FILE environment variables you have used.

I am concerned that there are other passbolt cli commands that don't expand the _FILE variables, so I would prefer to see the codebase handle this correctly. But this will let you get underway.

BrettMerrick avatar Nov 13 '23 05:11 BrettMerrick