Universal login screen broken when empty roles.ps1 file present

PowerShell Universal
1 
Product: PowerShell Universal
Version: 1.5.14

I used a fresh installation with nothing else in the .universal directory except for an authentication.ps1 file with the following contents:

Set-PSUAuthenticationMethod -ScriptBlock {
    param(
        [PSCredential]$Credential
    )

    #
    #   You can call whatever cmdlets you like to conduct authentication here.
    #   Just make sure to return the $Result with the Success property set to $true
    #

    $Result = [Security.AuthenticationResult]::new()
    if ($Credential.UserName -eq 'Admin' -and $Credential.GetNetworkCredential().password -eq 'mypass') {
        #Maintain the out of box admin user
        $Result.UserName = 'Default Admin'
        $Result.Success = $true
    }
    $Result
}

Now when a roles.ps1 file is added to this dir, but is completely empty, the auth form breaks by just redirecting right back to the auth form in an endless loop. I confirmed this with service restarts between having the file present and not present, as well as using a private browser session to avoid any potential variables being introduced by way of cookies.

I enabled debug logging and compare the logs between the two states and found the following differences:

When roles file is present but empty

Log shows the following additional chunk:

[INF] Executing ChallengeResult with authentication schemes ([]). (f3dca807)
[INF] AuthenticationScheme: "Cookies" was challenged. (d45f1f38)

When roles file is NOT present

Log shows the following additional chunk:

[INF] Default Admin is part of role Administrator (91a8dc43)
[INF] Default Admin is part of role Operator (106d094b)
[INF] Default Admin is part of role Reader (6d90490e)
[INF] Default Admin is part of role Execute (375cefd2)

Then the log continues on past where it stopped (when roles was present but empty), starting with this line:

[DBG] AuthenticationScheme: "Cookies" was successfully authenticated. (1805f3b3)

Here is the full log for the empty but present roles file (timestamps removed for easier diff)
Here is the full log for the missing roles file (timestamps removed for easier diff)

2

I’m not sure if this is meant to behave this way or not, however If you’ve not already, I’d suggest submitting an issue here: Issues · ironmansoftware/issues · GitHub

3

@rbleattler good call. Done: Universal login screen broken when empty roles.ps1 file present · Issue #102 · ironmansoftware/issues · GitHub

1 Like
4

@rbleattler Can you shed some light on which “issues” board we should be posting to? I posted to the one you suggested, but noticed that there is another one specifically for Universal: Issues · ironmansoftware/powershell-universal · GitHub
Thanks

5

We are using the single ironmansoftware/issue repo for all issues. We used to have a bunch of repos for issues but it was wayyy to hard to manage.

This is totally a bug but you should be able to delete the roles.ps1 file and revert back to the default behavior. If you want to create a default roles.ps1 file, make a tiny edit in one of the roles within the admin console (like a space or something) and it will generate the file and you can edit it from there.

What’s effectively happening is that you have no roles defined so no one can access the admin console and you are being redirected to the login page.

EDIT: I really appreciate the detailed issue. Makes it easier to fix!

1 Like