Comments (17)
Ok, thanks for the info but the popups are displayed immediately after I successfully authenticated!?
from watcher.
Authentication popup's error are displayed only if your authentication knox token is expired.
"DRF tokens track their creation time, but have no inbuilt mechanism for tokens expiring. Knox tokens can have an expiry configured in the app settings (default is 10 hours.)" from here.
If it's the case, you must logout / log in again.
Regards,
from watcher.
Based on logs, it seems that access to the "API" is the cause of those popups:
watcher | [22/Oct/2020 19:23:56] "GET /api/data_leak/alert/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:23:56] "GET /static/css/fonts/MaterialIcons-Regular.woff2 HTTP/1.1" 304 0
watcher | 2020-10-22 19:24:00.002487 - CRON TASK : Suspicious Website Monitoring
watcher | [22/Oct/2020 19:24:03] "POST /api/auth/logout/ HTTP/1.1" 204 0
watcher | [22/Oct/2020 19:24:11] "POST /api/auth/login HTTP/1.1" 200 164
watcher | [22/Oct/2020 19:24:11] "GET /api/data_leak/alert/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:11] "GET /api/data_leak/keyword/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:20] "GET /api/dns_finder/alert/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:20] "GET /api/site_monitoring/site/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:20] "GET /api/dns_finder/dns_monitored/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:31] "GET /api/site_monitoring/alert/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:31] "GET /api/site_monitoring/site/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:34] "GET /api/data_leak/alert/ HTTP/1.1" 401 58
watcher | [22/Oct/2020 19:24:34] "GET /api/data_leak/keyword/ HTTP/1.1" 401 58
Also, I don't see any data on dashboard (but they are present in the /admin part of the app
from watcher.
Have you tried to connect with your admin account created via the "createsuperuser" command line ?
from watcher.
Yes, exactly the same behavior!
[Edited]
And I see the Knox token in the admin interface (created, not expired, ...) looks fine.
from watcher.
Okay I will investigate further tomorrow.
from watcher.
Tx! I left the session open... and indeed after x hours, it says "Invalid token" and I've to reauthenticate.
from watcher.
So is this working? Can you browse the web interface tabs and see the data ?
from watcher.
No, I authenticate myself in the web interface then, I see immediately popups (cfr my 1st screenshot) and I can't see any data
In the docker logs, I see 401 errors when trying to access URLs starting with /api/... (cfr logs above)
from watcher.
This is what I have when I try to access a page:
watcher | Unauthorized: /api/site_monitoring/site/
watcher | [23/Oct/2020 10:43:48] "GET /api/site_monitoring/site/ HTTP/1.1" 401 58
watcher | Unauthorized: /api/site_monitoring/alert/
watcher | [23/Oct/2020 10:43:48] "GET /api/site_monitoring/alert/ HTTP/1.1" 401 58
``
+ the popups in the browser...
from watcher.
I really don't know why this happens. Try to create another user.
And if this issue persist, try to recreate your database and superuser via the documentation.
When doing docker-compose up
, do not forget to wait until you see:
watcher | db_watcher is up, starting Watcher.
watcher | Performing system checks...
watcher |
watcher | System check identified no issues (0 silenced).
watcher |
watcher | You have 66 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): admin, auth, contenttypes, data_leak, dns_finder, knox, sessions, site_monitoring, threats_watcher.
watcher | Run 'python manage.py migrate' to apply them.
watcher | October 23, 2020 - 13:09:40
watcher | Django version 3.1.1, using settings 'watcher.settings'
watcher | Starting development server at http://0.0.0.0:9002/
watcher | Quit the server with CONTROL-C.
from watcher.
Recreated a new environment on a spare Docker instance... Same results :( I followed carefully the documentation... Any tip to dive into the code to try to find where those "Unauthorized: /api/site_monitoring/alert/" are generated?
What I did:
Connect to /admin with root account, create another account
Connect to the interface with new account and add some keywords (already, I see the popups)
Connect to /admin with new account, I see my keywords
Connect back to the interface with new account, I can't see the keywords anymore and more popups...
I'm lost! :(
[Edited]
What I see for the 1st access to the API:
Unauthorized: /api/auth/user
[23/Oct/2020 17:08:43] "GET /api/auth/user HTTP/1.1" 401 58
from watcher.
Ok, I found more interesting info...
Have a look at the screenshot: The 1st HTTP request gets back a 301...
When the 2nd HTTP request is performed, the 'Authentication' header is NOT passed to the server!?
[Edited]
I understand that the header is dropped for security reasons but... why do I see lot of redirects (url without trailing '/' being redirected to url with a trailing '/')?
from watcher.
Ok I see why the redirection happens... I will modify https://github.com/Felix83000/Watcher/blob/master/Watcher/Watcher/frontend/src/actions/SiteMonitoring.js by adding "/" and I come back to you.
Thx
from watcher.
I made the modification (34840fb).
May you try and come back to me?
Thx
from watcher.
Update procedure: https://felix83000.github.io/Watcher/README.html#update-watcher
from watcher.
Upgraded and it's much better! Thanks for your help!
from watcher.
Related Issues (20)
- Bad Request (400)
- [Improvements] SMTP auth/TLS? HOT 2
- Scrape error Watcher HOT 10
- Unknown
- Cannot create super user HOT 3
- searx dontainer restart always HOT 4
- Word Cloud and Trendy Words are not populating HOT 2
- [Improvements] Data Leak Keywords - RegEX support
- Error response from daemon: pull access denied for searx/searx-checker, repository does not exist HOT 2
- searx-checker: The image for the service you're trying to recreate has been removed. HOT 2
- Monitoring certificate SSL request (certstream) HOT 1
- Watcher does not respond to the configuration change for the host address in the .env file. HOT 1
- Twitter Feeds are no longer actualised using latest docker build HOT 1
- Question: Monitor for information leaks -> what sources? HOT 3
- Question: Move to 7/7 days and 24/24h HOT 2
- [ Feature request ] Add THE_HIVE_VERIFY_SSL HOT 1
- MySQLdb._exceptions.OperationalError: Illegal mix of collations HOT 6
- Mastodon support HOT 3
- Monitor products or companies HOT 1
- Twitter feeds stopped working HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from watcher.