From 79df56251927adefb3b1a7487290b764cfcca77a Mon Sep 17 00:00:00 2001 From: Ben West Date: Thu, 24 Aug 2023 17:12:27 -0700 Subject: [PATCH 1/2] npm install nightscout-connect@^0.0.11 --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8879fc3d5ce..10c5ff1aeb9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6367,9 +6367,9 @@ "dev": true }, "nightscout-connect": { - "version": "0.0.10", - "resolved": "https://registry.npmjs.org/nightscout-connect/-/nightscout-connect-0.0.10.tgz", - "integrity": "sha512-4jZG9OcrbBwofEvmz154j0K5U/WxWlZ3gVvPNZelSP5fwXVPfZvnivgjg6k8dPoxDErTqvBcmOC9IeMv5ydosw==", + "version": "0.0.11", + "resolved": "https://registry.npmjs.org/nightscout-connect/-/nightscout-connect-0.0.11.tgz", + "integrity": "sha512-O7wMMG6BgW7Wxm0hr4Fj9SO1IH/7f29obKSnN8V9I2Ko4v5XxL5FqoONpmvlgI6So0MwksoMCcedSCiCL6Lj4A==", "requires": { "axios": "^1.3.4", "axios-cookiejar-support": "^4.0.6", diff --git a/package.json b/package.json index 99781555669..1464611841d 100644 --- a/package.json +++ b/package.json @@ -116,7 +116,7 @@ "mongo-url-parser": "^1.0.2", "mongodb": "^3.6.0", "mongomock": "^0.1.2", - "nightscout-connect": "0.0.10", + "nightscout-connect": "^0.0.11", "node-cache": "^4.2.1", "parse-duration": "^0.1.3", "process": "^0.11.10", From 9f2f98b76ad4c123a6063b453ef071e6319a2310 Mon Sep 17 00:00:00 2001 From: Ben West Date: Sat, 2 Sep 2023 17:54:11 -0700 Subject: [PATCH 2/2] allow client to load successfully without requiring API SECRET This patch allows the operator to control whether or not the API Secret authentication dialog will display by default or not. Historically Nightscout allows a configuration to be readable and to send alarm information to all displays. A change in in dev in February to support authentication and api v3 introduced a new configuration where websocket communication is authenticated, and the API Secret modal will display if it authenticates in error. The side-effect is that all new instances, even readable instances with glucose data, can't be seen or monitored without putting in the API Secreet or explicitly dismissing it. This patch returns to the default behavior while allowing to select the new one using authenticationPromptOnLoad in the settings communicated from server to client. If people strongly prefer, we can reverse to the new behavior over time. To select the old behavior with no API Secret needed for readabable data, do nothing. To select the new behavior where the API Secret prompts occur on load, set `AUTHENTICATION_PROMPT_ON_LOAD=1`. --- lib/client/index.js | 2 +- lib/settings.js | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/client/index.js b/lib/client/index.js index bee6134e947..0f0d17b7d64 100644 --- a/lib/client/index.js +++ b/lib/client/index.js @@ -1146,7 +1146,7 @@ client.load = function load (serverSettings, callback) { } console.log('Subscribed for alarms', data); - if (!data.success) { + if (client.settings.authenticationPromptOnLoad && !data.success) { client.hashauth.requestAuthentication(function afterRequest () { client.hashauth.updateSocketAuth(); if (callback) { diff --git a/lib/settings.js b/lib/settings.js index d538f226591..8de44d64a73 100644 --- a/lib/settings.js +++ b/lib/settings.js @@ -72,6 +72,7 @@ function init () { , adminNotifiesEnabled: true , obscured: '' , obscureDeviceProvenance: '' + , authenticationPromptOnLoad: false }; var secureSettings = [ @@ -111,6 +112,7 @@ function init () { , bgTargetBottom: mapNumber , authFailDelay: mapNumber , adminNotifiesEnabled: mapTruthy + , authenticationPromptOnLoad: mapTruthy }; function filterObj(obj, secureKeys) {