An Internal error occured while decrypting the password from passbolt

sayujya · January 6, 2022, 8:08pm

I have migrated my passbolt old version to new version. But the new version is configured on the new server. All the data are restored perfectly but now when I try to decrypt, copy or export any password, it gives me the error: An internal error has occurred.

To solve the same I tried running below command which threw some errors:
sudo -u www-data /bin/cake migrations migrate

OUTPUT:
using migration paths

/etc/passbolt/Migrations
using seed paths
/etc/passbolt/Seeds
using environment default
using adapter mysql
using database passbolt
ordering by creation time

== 20180503135810 V210InstallAccountSettingsPlugin: migrating
PDOException: SQLSTATE[42S01]: Base table or view already exists: 1050 Table ‘account_settings’ already exists in /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php:192
Stack trace:
#0 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php(192): PDO->exec()
#1 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/MysqlAdapter.php(339): Phinx\Db\Adapter\PdoAdapter->execute()
#2 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/AdapterWrapper.php(356): Phinx\Db\Adapter\MysqlAdapter->createTable()
#3 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/TimedOutputAdapter.php(113): Phinx\Db\Adapter\AdapterWrapper->createTable()
#4 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/AdapterWrapper.php(356): Phinx\Db\Adapter\TimedOutputAdapter->createTable()
#5 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Plan/Plan.php(146): Phinx\Db\Adapter\AdapterWrapper->createTable()
#6 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Table.php(715): Phinx\Db\Plan\Plan->execute()
#7 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Table.php(611): Phinx\Db\Table->executeActions()
#8 /usr/share/php/passbolt/vendor/cakephp/migrations/src/Table.php(140): Phinx\Db\Table->create()
#9 /etc/passbolt/Migrations/20180503135810_V210InstallAccountSettingsPlugin.php(56): Migrations\Table->create()
#10 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Migration/Manager/Environment.php(111): V210InstallAccountSettingsPlugin->up()
#11 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Migration/Manager.php(376): Phinx\Migration\Manager\Environment->executeMigration()
#12 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Migration/Manager.php(351): Phinx\Migration\Manager->executeMigration()
#13 /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Console/Command/Migrate.php(122): Phinx\Migration\Manager->migrate()
#14 /usr/share/php/passbolt/vendor/cakephp/migrations/src/Command/Phinx/CommandTrait.php(37): Phinx\Console\Command\Migrate->execute()
#15 /usr/share/php/passbolt/vendor/cakephp/migrations/src/Command/Phinx/Migrate.php(85): Migrations\Command\Phinx\Migrate->parentExecute()
#16 /usr/share/php/passbolt/vendor/symfony/console/Command/Command.php(299): Migrations\Command\Phinx\Migrate->execute()
#17 /usr/share/php/passbolt/vendor/symfony/console/Application.php(978): Symfony\Component\Console\Command\Command->run()
#18 /usr/share/php/passbolt/vendor/symfony/console/Application.php(295): Symfony\Component\Console\Application->doRunCommand()
#19 /usr/share/php/passbolt/vendor/symfony/console/Application.php(167): Symfony\Component\Console\Application->doRun()
#20 /usr/share/php/passbolt/vendor/cakephp/migrations/src/Command/MigrationsCommand.php(126): Symfony\Component\Console\Application->run()
#21 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Console/BaseCommand.php(179): Migrations\Command\MigrationsCommand->execute()
#22 /usr/share/php/passbolt/vendor/cakephp/migrations/src/Command/MigrationsCommand.php(198): Cake\Console\BaseCommand->run()
#23 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Console/CommandRunner.php(336): Migrations\Command\MigrationsCommand->run()
#24 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Console/CommandRunner.php(172): Cake\Console\CommandRunner->runCommand()
#25 /usr/share/php/passbolt/bin/cake.php(13): Cake\Console\CommandRunner->run()
#26 {main}

garrett · January 6, 2022, 10:50pm

Hi @sayujya Welcome to the forum!

A recent post from another user - possibly related? An Internal Error has occurred (Firefox)

sayujya · January 10, 2022, 6:32am

Hello @garrett I tried the same steps but got the error as mentioned above.

Check this screenshot:

garrett · January 10, 2022, 11:50am

@sayujya We’ll need more info like old version, new version, which OS/install and what update method you are following, thanks.

sayujya · January 10, 2022, 11:53am

I was before running with the 2.04 version on the Ubuntu 18.04 server. Then I changed it on new Ubuntu 20.04 server with the latest verison of passbolt and added the backups in there.

I uploaded the old database from the old server to the new server.

garrett · January 10, 2022, 12:00pm

@sayujya Just to confirm, the upgrade process you followed is this one here correct? Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package

sayujya · January 10, 2022, 12:13pm

Yes this is the correct one @garrett

garrett · January 10, 2022, 1:12pm

@sayujya And there are no errors in the console?

AnatomicJC · January 10, 2022, 1:22pm

Hi !

Can you share the output of these commands:

sudo -u www-data bin/cake migrations status
sudo -u www-data bin/cake passbolt healthcheck
sudo -u www-data bin/cake passbolt datacheck --hide-success-details

Thanks,

sayujya · January 10, 2022, 1:28pm

@_jc please check below outputs:

1.) sudo -u www-data bin/cake migrations status
OUTPUT:

using migration paths
 - /etc/passbolt/Migrations
using seed paths
 - /etc/passbolt/Seeds
using environment default

 Status  Migration ID    Migration Name
-----------------------------------------
     up  20170830064410  V162InitialMigration
     up  20170830065037  V200ActiveMustBeBoolean
     up  20170830065038  V200DropUnusedProfileFields
     up  20170830065039  V200IncreaseEmailSize
     up  20170830065040  V200DropUnusedCreatedBy
     up  20170830065041  V200MigrateUUID
     up  20170830065042  V200MigrateKeyField
     up  20171002061834  V200DropUnusedResourceFields
     up  20171006141922  V200AddFavoriteModifiedField
     up  20171009093000  V200DropUnusedPermissionTypesTable
     up  20171009093001  V200MigrateEmailsTable
     up  20171009093002  V200MigrateFileStorageTable
     up  20171025154754  V200AddCommentsUserIdField
     up  20180102065042  V200MigrateForeignIdField
     up  20180102180000  V200DropUnusedTables
     up  20180102221500  V200AddMissingTablesIndexes
     up  20180413171600  V202ForceColumnsCharset
   **down  20180503135810  V210InstallAccountSettingsPlugin**
     up  20180930151500  V240AddAuthenticationTokenType
   **down  20181002171600  V240ExtendAccountSettingsPlugin**
     up  20181210170000  V270AddMissingIndexes
     up  20190106170300  V280AdditionalEmailMigration
     up  20190106170301  V280AdditionalFileStorageMigration
     up  20190106170302  V280FileDirectoryPathsMigrations
     up  20190112124290  V270AddActionsTable
     up  20190112124300  V270AddActionLogsTable
     up  20190121111100  V270AddEntitiesHistoryTable
     up  20190121121100  V270AddPermissionsHistoryTable
     up  20190211124300  V270AddSecretsHistoryTable
     up  20190221124300  V270AddSecretAccessesTable
     up  20190512115400  V2100AddOrganizationSettingsTable
     up  20190623143400  V2110ExtendKeyIdSizeField
     up  20190923103000  V2120UpdateEmailQueue
     up  20191119160000  V2120DropUnusedTables
   **down  20200108135000  V2130DropLegacyAnonymousUser**
**   down  20200319135000  V2130SoftDeleteGpgKeysForSoftDeletedUsers**
**   down  20200501182000  V2130ReconcileLoginHistory**
**   down  20200806110200  V300ExtendSecretsDataField**
**   down  20200806110201  V300AddResourceTypeIdField**
**   down  20200806110202  V300AddResourceTypesTable**
**   down  20200806110203  V300AddResourceTypesDefaultData**
**   down  20200806110204  V300AddResourceTypesToResources**
**   down  20200824191900  V2136CleanupUnusedActionLogs**
**   down  20200824191901  V2136AddActionLogsRelatedIndexes**
**   down  20201221093528  V300DeleteMetadataOfSoftDeletedResources**
**   down  20210111163200  V300AddActionLogsExtraIndex**
**   down  20210121141742  V320AddAvatarsTable**
**   down  20210125212543  V320TransferFileStorageToAvatars**
**   down  20210206521254  V320DropFileStorage**
**   down  20210329110000  V320FixResourceTypesDefaultData**
**   down  20210427124200  V330AddMobileTransferTable**
**   down  20211027202137  V331ConvertEmailVariablesToJson**
**   down  20211121231300  V340MigrateASCIIFieldsEncoding**

AnatomicJC · January 10, 2022, 2:52pm

It is weird, as account_settings table migrations didn’t pass, but the table seems to exists

If you have backups, I’d try to drop the account_settings table, then run migration command again.

sayujya · January 11, 2022, 5:41am

sudo -u www-data bin/cake passbolt healthcheck

 Database

 [PASS] The application is able to connect to the database
 [PASS] 27 tables found
 [PASS] Some default content is present
 [FAIL] The database schema is not up to date.
 [HELP] Run the migration scripts:
 [HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake migrations migrate --no-lock" www-data
 [HELP] See. https://www.passbolt.com/help/tech/update

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.4.0).
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in config/passbolt.php.
 [FAIL] App.fullBaseUrl is not set to HTTPS.
 [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [WARN] Registration is open to everyone.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set passbolt.registration.public to false in config/passbolt.php.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [FAIL] The /etc/passbolt/jwt/ directory should not be writable.
 [HELP] You can try:
 [HELP] sudo chown -R www-data:www-data /etc/passbolt/jwt/
 [HELP] sudo chmod 550 /etc/passbolt/jwt/
 [HELP] sudo chmod 440 $(find /etc/passbolt/jwt/ -type f)
 [FAIL] A valid JWT key pair is missing
 [HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:
 [HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys" www-data

sayujya · January 11, 2022, 5:42am

Will I loose any data?

AnatomicJC · January 11, 2022, 6:09am

I assume you have backups

On the other hand, the migration for the account_settings table has not been run. I’m pretty sure this table is empty on your server, so you can delete this table and only this table.

To check its content:

SELECT * FROM account_settings;

It should return 0 rows.

Drop it:

DROP TABLE account_settings;

Then run migrations again:

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake migrations migrate --no-lock" www-data

sayujya · January 11, 2022, 6:21am

SHould I backup and delete?? Or it must be something else making the issue??

sayujya · January 11, 2022, 6:39am

@AnatomicJC I backed up the data and dropped the account_settings table.

Got the new error now.

AnatomicJC · January 11, 2022, 7:45am

Hi,

It is the same story, you have to drop the resource_types table. This happens because you have installed a new passbolt with its new tables, then you restored your old database who don’t contains the new tables. So all new tables have to be deleted.

sayujya · January 11, 2022, 7:47am

@AnatomicJC Headed towards success!! Thanks to you! I cleared resource_types, transfers and avatars table and boom!! I am able to copy passwords now… But there is a bit thing happening now.

When I try to decrpyt the password, I am getting little more information… something like this.

{“description”:“Password for gmail account is also same.”,“password”:“XXXXXXX”}

AnatomicJC · January 11, 2022, 7:54am

Great !

You are getting more information because description field is encrypted by default:

sayujya · January 11, 2022, 10:22am

@AnatomicJC this is an abnormal behavior. It won’t autfill the correct password then and also it should copy only password not with description.