05:18 <ryukafalz> Hey! So I have a bit of a concern about running Sandstorm on my own server. When first setting up Sandstorm on a server, you are given the options to configure Google and GitHub logins with API keys for the respective service. Isn't this a problem in that, if left unconfigured, anyone can just configure it with their own API key?

06:15 <zarvox> I think the plan is to hide all login options by default, admin does first login with the token-login flow, and then the admin configures additional login mechanisms.

06:17 <ryukafalz> that sounds like a much better system

07:22 <ocdtrekkie> ryukafalz You can already disable login methods from the admin panel. But they'll be moving those configure buttons to the admin panel very soon.

07:22 <ocdtrekkie> There's already a PR for it I think.

16:08 <phildini> ryukafalz: yes. If you don't configure a particular auth service, you should disable it in the admin panel.

16:13 <ryukafalz> oh, oops, I didn't see the admin panel settings

17:00 <paulproteus> Things I'm going to have to figure out soon (probably this week), partial list:

17:00 <paulproteus> - Automated tests for the install script

17:01 <pixelport> I fucked up sandstorm somehow by re- and disabling diffrent auth methods

17:01 <pixelport> any way I can reset sandstorm without reinstalling everything?

17:01 <dwrensha> `sudo sandstorm admin-token` maybe?

17:01 <pixelport> tryed that already

17:01 <paulproteus> Yeah, admin-token and/or reset-oauth

17:02 <pixelport> didn't work

17:02 <pixelport> the problem is that the admin-token won't give me the admin interface anymore

17:03 <pixelport> any way I can simply edit the mongo db?

17:04 <paulproteus> https://botbot.me/freenode/sandstorm/2015-05-07/?msg=38511567&page=1

17:04 <paulproteus> maybe try `sudo sandstorm mongo` and then `db.meteor_accounts_loginServiceConfiguration.remove({})`

17:04 <paulproteus> (quoth dwrensha )

17:04 <pixelport> paulproteus: thanks will try that

17:04 <paulproteus> Clearly thsi belongs in the https://github.com/sandstorm-io/sandstorm/wiki/Self-hosting-FAQ

17:05 <dwrensha> looks like `sudo sandstorm reset-oauth` should do the same thing

17:05 <pixelport> yeah this should be fixed

17:05 <paulproteus> pixelport: Hey, have you tried reset-oauth yet?

17:05 <pixelport> yes

17:06 <dwrensha> and clearly the short help message for `admin-token` is wrong

17:06 <dwrensha> it should not be the same as for `reset-oauth`

17:06 <paulproteus> I want to make sure we get the most information possible about how to fix this in Sandstorm.

17:07 <dwrensha> pixelport: can you describe more about what happens when you try to log in?

17:07 <paulproteus> I'll leave that to you two, but I just want to make sure this all happens slow enough for people to figure out what should we shouldc hange.

17:07 <pixelport> no problem just wait a second

17:07 <paulproteus> s/c hange/ change/

17:11 <pixelport> okay here is how I think its possible to reproduce the problem: 1) use sandstorm admin-token, create new google auth and account 2) create new admin-token, change auth to github only. 3) Do auth with github account over admin-token link. Problem: new github user is not marked as admin. But It should be since the auth was done over the admin token.

17:13 <dwrensha> interesting!

17:13 <dwrensha> you can add admin privileges through `sudo sandstorm mongo`

17:13 <pixelport> It should also be possible to use just the admin-token link to invite new users

17:16 <dwrensha> db.users(<userId>, {$set: {"isAdmin": true}})

17:16 <dwrensha> ^ might solve your immediate problems, but clearly we also need to fix some things that are broken

17:20 <pixelport> db.users.remove() did it for me

17:20 <pixelport> and than using a new admin token to register again

18:38 <aldeka> zarvox: I have sandstorm questions!

18:38 <aldeka> I'm the admin of a sandstorm install, but currently have zero apps/files/whatever shared with me. But I believe there are apps/files/whatevers on the install.

18:39 <aldeka> Mainly etherpad documents.

18:39 <aldeka> How can I see what documents are on here?

18:55 <paulproteus> aldeka: whoa, that's an interesting question

18:55 <paulproteus> cc: dwrensha

18:56 <dwrensha> aldeka: you can see some overview statistics in the "Usage Stats" tab

18:57 <dwrensha> but even if you're an admin, you're not allowed to access grains unless they've been shared with you

18:57 <jparyani> pixelport: the behavior you're seeing is due to only the first user becomes and admin. The `admin-token` doesn't turn a user into an admin, it merely allows you to access the admin settings page. This clearly needs to be better documented, and we need a simpler way to grant new users admin status.

18:57 <aldeka> dwrensha: I don't really understand the statistics on this page.

18:57 <aldeka> It says right now there are 0 users, 0 grains.

18:58 <aldeka> But then there's this daily/weekly/monthly thing.

18:58 <aldeka> And that has some users and grains in it, just not today.

18:59 <aldeka> dwrensha: also that's really unfortunate, since my goal is to get the data off of this sandstorm instance before it is turned off :(

18:59 <dwrensha> if you have shell access, that should be straightforward

19:00 <dwrensha> er, I suppose "shell" is overloaded, as we sometimes call the web UI the "Sandstorm Shell"

19:00 <aldeka> Looks like not.

19:00 <pixelport> jparyani: Yeah, the admin-token should definetly allow to set admin status of users. Its confusing and not clear that just the first user registerd via admin-token gets admin status.

19:01 <dwrensha> "admin" mostly means "can add other users and edit configuration"

19:03 <dwrensha> If you don't have access to the filesystem or to the mongo database, then you won't be able to get data that belongs to other users.

19:03 <dwrensha> (if everything is working properly)

19:05 <dwrensha> if, on the other hand, you can do `sudo sandstorm mongo`, then you could e.g. update the owner of all the grains to be you

19:06 <aldeka> right now I haven't yet found anyone who even has ssh access, so...

19:07 <aldeka> The person who set up the instance at my work is no longer with the company. So, hilarity may ensure.

19:07 <paulproteus> i,i Sadstorm Sadministrator's guide

19:08 <aldeka> Pretty much.

19:12 <paulproteus> It seems likely aldeka that you can find someone who manages VMs somehow to give you shell access.

19:12 <paulproteus> But I don't know much about the kind of VM that your Sandstorm is installed on.

19:12 <ocdtrekkie> So, email the whole company and tell people to download their stuff?

19:12 <paulproteus> Yeah, that's a pretty OK strategy too ocdtrekkie.

19:13 <ocdtrekkie> Your company doesn't like document all of the admin info for its boxes somewhere? One employee whipping up his own login and stuff to configure stuff with isn't a great idea.