• Configuration

  • Adding 'salt' after creating admin user & preventing anon usage

Hello fellow Cryptpad users,

first time Cryptpad user and installation here. I have two questions regarding my private installation (2024.6.1):

  1. I have missed to add some salt to www/common/application_config.js before creating an admin user for myself. Now that an admin user exists (and only that one, so far), I am unsure how to proceed with adding salt without breaking access for myself. Could someone please advise me on this? If adding salt at this stage means breaking admin access, how can I reset my installation to the initial state, but without doing a fresh install?
  2. I need to prevent anonymous usage (pad creation and drive usage), only registered users should be able to use it. Thus I have set AppConfig.disableAnonymousPadCreation = false; to customize/application_config.js according to https://github.com/cryptpad/cryptpad/issues/704#issuecomment-843800482. Yet, anonymous usage remains possible. Is this method deprecated in the recent version?

All best, Padorno πŸ™‚

  • Mathilde replied to this.

  • Thanks for your feedback @Padorno!

    Indeed, one of the three methods I listed had to be chosen but then you can't redo one another.

    In your case it's pretty simple:

    1. Register a new user on your instance
    2. Copy its Public Signing Key
    3. Paste it into your config.js file as explained in our Administrator Guide

    Hope this helps!

    Hello!

    Thanks for reaching out on our community forum and for your interest in CryptPad!

    Padorno I have missed to add some salt to www/common/application_config.js before creating an admin user for myself. Now that an admin user exists (and only that one, so far), I am unsure how to proceed with adding salt without breaking access for myself. Could someone please advise me on this? If adding salt at this stage means breaking admin access, how can I reset my installation to the initial state, but without doing a fresh install?

    If you add the salt to www/common/application_config.js you'll indeed have to create a new admin account. There is 3 different ways to achieve that:

    1. Easy way: clean the instance by using npm run clear and start from fresh with the onboarding procedure
    2. If you don't want to do that, you can create a new account and add its public key to the config.js file
    3. You can also delete the ADD_ADMIN_KEY in data/decrees/decree.ndjson and redo the onboarding

    Padorno I need to prevent anonymous usage (pad creation and drive usage), only registered users should be able to use it. Thus I have set AppConfig.disableAnonymousPadCreation = false; to customize/application_config.js according to https://github.com/cryptpad/cryptpad/issues/704#issuecomment-843800482. Yet, anonymous usage remains possible. Is this method deprecated in the recent version?

    Regarding this point, you need to set AppConfig.disableAnonymousPadCreation = false; to true for it to work.

    Hope this helps!

          Thank you @Mathilde πŸ™‚

          I ran npm run clear in cryptpad/ which deleted my admin user but does not invoke the onboarding procedure, only the standard landing page shows up.

          $ npm run clear

> cryptpad@2024.6.1 clear
> node scripts/clear.js

? Are you sure? This will permanently delete all existing data on your instance. Yes
Deleting all data...
Deleting /var/www/virtual/username/cryptpad/data/pins
Deleted
Deleting /var/www/virtual/username/cryptpad/block
Deleted
Deleting /var/www/virtual/username/cryptpad/datastore
Deleted
Deleting /var/www/virtual/username/cryptpad/data/blobstage
Deleted
Deleting /var/www/virtual/username/cryptpad/blob
Deleted
Deleting /var/www/virtual/username/cryptpad/data/decrees
Deleted
Deleting /var/www/virtual/username/cryptpad/data
Deleted
Deleting /var/www/virtual/username/cryptpad/data/archive
Deleted
Deleting /var/www/virtual/username/cryptpad/data/tasks
Deleted
Success

          Doing the same in cryptpad/www/ made no difference. In which directory should I run this command?

          What puzzles me is that I see inconsistent locations for application_config.js as per https://docs.cryptpad.org/en/admin_guide/customization.html … I followed:

          1. Make a copy of customize.dist/application_config.js in the customize folder.
          2. Copy the default value(s) to modify from www/common/application_config_internal.js into customize/application_config.js.

          Then again, the loginSalt should be set in cryptpad/www/common/application_config.js, but this directory only has application_config_internal.js. As per above, we're told to write custom settings into customize/application_config.js. If I take this verbatim, I would end up with different custom settings in two different places:
          cryptpad/www/common/application_config.js
          and
          cryptpad/customize/application_config.js … πŸ˜•. Could you please clarify?

          Thank you!

            Hello,

            Padorno Doing the same in cryptpad/www/ made no difference. In which directory should I run this command?

            It should be run in the cryptpad/ directory.

            Padorno As per above, we're told to write custom settings into customize/application_config.js.

            This is right, as per the instructions from our Administrator Guide, you shouldn't modify customize.dist/application_config.js or www/common/application_config.js. Every customization, including the LoginSalt should be made to www/common/application_config.js customize/application_config.js.

            We will need to update our documentation accordingly, it's in the current state out-of-date regarding this instruction: https://docs.cryptpad.org/en/admin_guide/customization.html#security-hardening

                Thank you @Mathilde, thanks to your clarification I was able to set the prefs accordingly.

                While npm run clear seems to delete all accounts and subsequently Cryptpad serves the standard homepage, where anyone can register (but only as standard users) from scratch. Alas, I can't access the onboarding procedure like in a fresh install, and can't create a new admin user. Please advise me, what to try next πŸ˜•

                Mathilde You can also delete the ADD_ADMIN_KEY in data/decrees/decree.ndjson and redo the onboarding

                I guess this one has been deleted running npm run clear, as it's nowhere to be found.

                  Thanks for your feedback @Padorno!

                  Indeed, one of the three methods I listed had to be chosen but then you can't redo one another.

                  In your case it's pretty simple:

                  1. Register a new user on your instance
                  2. Copy its Public Signing Key
                  3. Paste it into your config.js file as explained in our Administrator Guide

                  Hope this helps!

                  Thanks again for your help, @Mathilde, I really appreciate it πŸ€—. My instance now works as expected, this case is closed.