Uploader-Password not working as expected

[zeitwesen]

Not sure if I misunderstood the feature.
I have set an uploader password (MICROBIN_UPLOADER_PASSWORD) and enabled read-only mode (MICROBIN_ENABLE_READONLY) as described in the .env-file.

The microbin-UI then shows the "Uploader Password" field aside the Save-Button, but it does not seem to evaluate it when saving a post. In other words: even though the Uploader-Password is configured it lets me upload any data as if the MICROBIN_UPLOADER_PASSWORD is not configured.

I would expect it to deny upload of any type of post until I input the correct password.

[monomycelium]

I am facing the same issue on microbin 2.0.4. The feature would have been really useful as I do not wish for strangers to upload content to my server.

[ThankRain]

Level 3: Read-only

With this privacy setting, the upload cannot be found unless someone knows its unique, random identifier. If someone knows this identifier, they can see the contents but cannot modify or remove it without entering the password of the upload.

This is consistent with the description in the document, and what you expect should be private. Although the document description is correct, it may not be intuitive.

[zeitwesen]

oh, I see - seems then I did not understand that in detail .

could you still put my whish on the feature request list? So globally secure uploading/posting with a password - so that no one but the password-knowers can upload?

[ThankRain]

oh, I see - seems then I did not understand that in detail .

could you still put my whish on the feature request list? So globally secure uploading/posting with a password - so that no one but the password-knowers can upload?

I think I may understand what you need, what you need is to set the environment variable MICROBIN_READONLY to true, not MICROBIN_ENABLE_READONLY

If that's not what it's meant to be, sadly, I'm not the maintainer, I do not have the access to put it into the feature request list. But maybe I will fork a new repository to support this feature, if I have spare time.

The password required for uploading, if read-only mode is enabled
Default value: unset
export MICROBIN_UPLOADER_PASSWORD=

If set to true, authentication required for uploading
Default value: false
export MICROBIN_READONLY=false

[zeitwesen]

@xeulife oops, I overlooked that you are not the maintainer :-D

well, I checked my config again and saw that I have the settings set to
MICROBIN_UPLOADER_PASSWORD="my secret"
MICROBIN_READONLY=false
MICROBIN_ENABLE_READONLY=true

anyway the restriction to upload only when password is given does not trigger. It shows the password-field but it is not checkend when posting. for me this now seems to be a bug. do you have thime to investigate the issue? maybe you could then provide the maintainer @szabodanika a bugfix 🥇

[ThankRain]

@xeulife oops, I overlooked that you are not the maintainer :-D

well, I checked my config again and saw that I have the settings set to
MICROBIN_UPLOADER_PASSWORD="my secret"
MICROBIN_READONLY=false
MICROBIN_ENABLE_READONLY=true

anyway the restriction to upload only when password is given does not trigger. It shows the password-field but it is not checkend when posting. for me this now seems to be a bug. do you have thime to investigate the issue? maybe you could then provide the maintainer @szabodanika a bugfix 🥇

Just try

MICROBIN_UPLOADER_PASSWORD="my secret"
MICROBIN_READONLY=true // it should be true

MICROBIN_READONLY should be true
If you find that the above actions are indeed not effective, I think it may be a bug.

[zeitwesen]

oops again - should not write any reports on a monday

MICROBIN_READONLY is set to true already.
but I can upload without providing the password

[ThankRain]

oops again - should not write any reports on a monday

MICROBIN_READONLY is set to true already.
but I can upload without providing the password

I just tried the configuration and it works properly. A "Uploader password" input box will appear on the left side of the Save button. If the password is incorrect, it will reject uploading anything and prompt "incorrect password". This is my deployment link, you can try it out:
bin.xeu.life

Here is my environment variable configuration

      - MICROBIN_EDITABLE=true
      - MICROBIN_ENABLE_READONLY=true
      - MICROBIN_READONLY=true
      - MICROBIN_UPLOADER_PASSWORD=MySecret
      - MICROBIN_HIGHLIGHTSYNTAX=true
      - MICROBIN_PUBLIC_PATH=https://bin.xeu.life
      - MICROBIN_ENABLE_BURN_AFTER=true
      - MICROBIN_ENABLE_CUSTOM_URL=true
      - MICROBIN_PRIVATE=true
      - MICROBIN_SHOW_READ_STATS=true
      - MICROBIN_QR=true
      - MICROBIN_HASH_IDS=true
      - MICROBIN_ENCRYPTION_CLIENT_SIDE=true
      - MICROBIN_ENCRYPTION_SERVER_SIDE=true

Although I think the most critical configuration is only the following two lines, I still post the complete configuration for your convenience in debugging.

      - MICROBIN_READONLY=true
      - MICROBIN_UPLOADER_PASSWORD=MySecret

Since I copied the environment variable configuration directly from docker-compose.yml, it will contain some "-" symbols, so don't worry about them

[aweb-01]

I had the same issue. I figured it out, the problem is that
MICROBIN_UPLOADER_PASSWORD: ${MICROBIN_UPLOADER_PASSWORD}

is missing from the default compose.yaml. Add that and if you go to the admin page you'll see that it changes "uploader password" from "unset" to "set" and the tool behaves as expected.

[zeitwesen]

I had the same issue. I figured it out, the problem is that MICROBIN_UPLOADER_PASSWORD: ${MICROBIN_UPLOADER_PASSWORD}

is missing from the default compose.yaml. Add that and if you go to the admin page you'll see that it changes "uploader password" from "unset" to "set" and the tool behaves as expected.

cool, thanks! yes - this did the trick.