Issues with Authentication in RStudio Server as an Interactive App on Open OnDemand

Get Help
1

Hello everyone,

I am facing a challenge in configuring RStudio Server as an interactive application within Open OnDemand. I am using a container from the Rocker Project for RStudio Server. My script.sh.erb and bin/auth scripts are set up as described below, but I encounter errors either saying “Temporary server error, please try again,” or “Invalid username/password” when attempting to log in.

image
image666×743 14.7 KB

Here’s the setup for my script.sh.erb:


#!/bin/bash
source /etc/profile.d/modules.sh
TMPDIR=~/rstudio-tmp
mkdir -p $TMPDIR/tmp/rstudio-server
module load Python/3.10.8-GCCcore-12.2.0
python -c 'from uuid import uuid4; print(uuid4())' > "$TMPDIR/tmp/rstudio-server/secure-cookie-key"
chmod 600 $TMPDIR/tmp/rstudio-server/secure-cookie-key
mkdir -p $TMPDIR/var/{lib,run}
export RSTUDIO_AUTH="${PWD}/bin/auth"
echo ${RSTUDIO_AUTH}
export RSESSION_WRAPPER_FILE="${PWD}/rsession.sh"
(
umask 077
cat > "${RSESSION_WRAPPER_FILE}" << EOL
  #!/usr/bin/env bash
  export RSESSION_LOG_FILE="${PWD}/rsession.log"
  exec &>>"\${RSESSION_LOG_FILE}"
  echo "Launching rsession..."
  set -x
  exec /usr/lib/rstudio-server/bin/rsession --r-libs-user /usr/local/lib/R/site-library "\${@}"
EOL
)
chmod 700 "${RSESSION_WRAPPER_FILE}"
SIF=/mnt/apptainer-images/rstudio_4.1.sif
TMPDIR=$HOME/rstudio-tmp
apptainer exec -B $TMPDIR/var/lib:/var/lib/rstudio-server -B $TMPDIR/var/run:/var/run/rstudio-server -B $TMPDIR/tmp:/tmp $SIF rserver --www-port "${port}" --server-user=$(whoami) --auth-none=0  --auth-pam-helper-path /var/www/ood/apps/sys/RStudio/template/bin/auth --auth-encrypt-password 0 --rsession-path=${PWD}/rsession.sh --server-data-dir='/tmp/run'

And my bin/auth script looks like this:

#!/usr/bin/env bash
if [[ $# -ne 1 ]]; then
  echo "Usage: auth USERNAME"
  exit 1
fi
USERNAME="${1}"
if [[ -z ${RSTUDIO_PASSWORD} ]]; then
  echo "The environment variable RSTUDIO_PASSWORD is not set"
  exit 1
fi
read -s -p "Password: " PASSWORD
echo ""
if [[ ${USERNAME} == ${USER} && ${PASSWORD} == ${RSTUDIO_PASSWORD} ]]; then
  echo "Successful authentication"
  exit 0
else
  echo "Invalid authentication"
  exit 1
fi

and my view.html.erb:

function setCookie(cname, cvalue, exdays) {
    var d = new Date();
    d.setTime(d.getTime() + (exdays*24*60*60*1000));
    var expires = "expires="+ d.toUTCString();
    document.cookie = cname + "=" + cvalue + "; " + expires + "; path=/rnode/<%= host %>/<%= port %>; secure";
}
setCookie("csrf-token=", "<%= csrftoken %>", 7)
setCookie("rs-csrf-token=", "<%= csrftoken %>", 7)
</script> 



<form action="/rnode/<%= host %>/<%= port %>/auth-do-sign-in" method="post" target="_blank">
  <input type="hidden" name="username" value="<%= ENV["USER"] %>">
  <input type="hidden" name="password" value="<%= password %>">
  <input type="hidden" name="staySignedIn" value="1">
  <input type="hidden" name="appUri" value="">
  <input type="hidden" name="csrf-token" value="<%= csrftoken %>">
  <input type="hidden" name="rs-csrf-token" value="<%= csrftoken %>">
  <button class="btn btn-primary" type="submit">
    <i class="fa fa-registered"></i> Connect to RStudio Server
  </button>
</form>

When I remove --auth-none=0, everything works fine; however, pasting the link allows others to access my RStudio session, which is not desirable.

Could anyone suggest what might be causing these authentication issues or how to troubleshoot them further? Any help would be greatly appreciated!

Thank you!

2

This is incorrect. /var/www/ood directory doesn’t exist on the compute nodes.

We export this auth helper as a file that’s in the staged directory of the job (i.e., ~/ondemand/data/sys/dashboard…`).

You should have this auth file in the template/ directory of your application, so it’ll be copied to the $WORKING_DIR of the job.