Demo not accessible via given credentials

[a13ph]

No description provided.

[elsbrock]

Works for me.

[blobinabottle]

Not working here (401, no much info in the console)

[ignatz]

Thank you for raising this. You're probably all correct, there are two straightforward reasons why it may not work:

1. The working-as-implemented: The instance gets wiped every 60min, which also wipes the private keys used for signing the authentication tokens. Means, if you happen to hit that window or come back later, your existing token will be rejected.
2. The more malevolent case: once logged in there's nothing preventing you from dropping system tables like users or deleting existing users.

Maybe there's other reasons but these are the ones that pop to mind. Fortunately, these are non issues for private instances but these issues can be improved on nonetheless.

For one, we should carry over the private key between wipes. #2 is a bit harder to tackle, since one can run arbitrary SQL queries. That said, we should better protect against accidents like deleting the last admin or deleting oneself. TrailBase does parse the SQL queries into an AST, so we could best-effort protect against schema changes of system tables.

[ignatz]

Looking into this a bit more, I had already fixed the key persistence issue in the past. It's likely just #2 or even simpler: folks logging in and changing the password.

I started to wipe the instance more often now. Not a solution but should at least make the impact less severe.

[rrrodzilla]

The more malevolent case: once logged in there's nothing preventing you from dropping system tables like users or deleting existing users.

...and this is why we can't have nice things. ☹️