Giters

faloker / purify

All-in-one tool for managing vulnerability reports from AppSec pipelines

Home Page:https://faloker.gitbook.io/purify

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

docker-compose pull | api fails

dmspils opened this issue · comments

commented

I just did a docker-compose pull && docker-compose up -d to update my deployment to the latest images but the api now fails to start and goes into a restart loop (nothing has changed in the config).

Looking at the logs for the api container, I see this failure which looks to be linked to SSO (which I have set in my .env file to USE_SAML=false):

[Nest] 39   - 07/15/2020, 11:41:07 AM   [ExceptionHandler] Invalid property: cert must not be empty +2ms
Error: Invalid property: cert must not be empty
    at SAML.initialize (/home/node/app/node_modules/passport-saml/lib/passport-saml/saml.js:28:11)
    at new SAML (/home/node/app/node_modules/passport-saml/lib/passport-saml/saml.js:18:23)
    at new Strategy (/home/node/app/node_modules/passport-saml/lib/passport-saml/strategy.js:28:16)
    at new MixinStrategy (/home/node/app/node_modules/@nestjs/passport/dist/passport/passport.strategy.js:31:13)
    at new SamlStrategy (/home/node/app/dist/auth/saml.strategy.js:20:9)
    at Injector.instantiateClass (/home/node/app/node_modules/@nestjs/core/injector/injector.js:288:19)
    at callback (/home/node/app/node_modules/@nestjs/core/injector/injector.js:75:41)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Injector.resolveConstructorParams (/home/node/app/node_modules/@nestjs/core/injector/injector.js:116:24)
    at async Injector.loadInstance (/home/node/app/node_modules/@nestjs/core/injector/injector.js:79:9)
    at async Injector.loadProvider (/home/node/app/node_modules/@nestjs/core/injector/injector.js:36:9)
    at async Promise.all (index 8)
    at async InstanceLoader.createInstancesOfProviders (/home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:42:9)
    at async /home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:27:13
    at async Promise.all (index 10)
    at async InstanceLoader.createInstances (/home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:26:9)

The cert for the website is fine and has a couple of months left on it so I assume it is a SAML cert error. As I mentioned, I've disabled the use of SAML (and LDAP) in my config but it still seems to be calling them. Is there any way to completely disable that check?

commented

I've tried rolling back to previous tags of purify-api but all seem to have been updated over the past couple of days and all now exhibit the same error behaviour.

commented

I've found a temporary fix! By modding .api/.env.custom to include the following, it now doesn't check the SAML cert and the api successfully loads:

USE_LDAP=false
USE_SAML=false
SAML_LOCAL_KEY_ONELINE=<random value that is insignificant>
SAML_IDP_CERT_ONELINE=<random value that is insignificant>
SAML_EMAIL_FIELD_NAME=email
SAML_USERNAME_FIELD_NAME=name
commented

Yep, you're right, SAML_IDP_CERT_ONELINE should have some value, even fake, to load the rest of a module.

I will fix this one by adding a default value for this variable at startup.