Android Mobile "Internal Error" after successful QR transfer

0x0ffset · October 29, 2022, 5:38pm

Been struggling with this for a little while.
I am trying to get a second user setup on the android mobile app. I already have my mobile app set up OK and working fine (Google Pixel 6). I am trying to get a Samsung A50 installed onto the same server.

It is a container hosted on my Proxmox server and all works fine with the desktop installations.

My healthcheck is all OK about the self-signed cert error that I know about. The QR transfer works fine and then when the passphrase is entered is displays an internal error. The debug log is below and I have checked the JWT token permissions in accordance with other posts on here.

Device: samsung SM-A715F
Android 12 (31)
Passbolt 1.10.0-13


13:13:14 App went background
13:13:14 Passphrase cache cleared
13:13:27 Checking biometry state
13:13:52 Passphrase cache cleared
13:13:52 Passphrase cached
13:13:52 Getting server pgp and rsa keys
13:13:52 --> GET https://passbolt.tr/auth/verify.json h2
13:13:52 <-- 200 https://passbolt.tr/auth/verify.json (52ms, unknown-length body)
13:13:52 --> GET https://passbolt.tr/auth/jwt/rsa.json h2
13:13:52 <-- 200 https://passbolt.tr/auth/jwt/rsa.json (42ms, unknown-length body)
13:13:52 Getting server pgp and rsa keys succeeded
13:13:52 Verifying server fingerprint
13:13:52 Server key fingerprint is valid
13:13:52 Preparing sign in challenge
13:13:53 Prepared sign in challenge
13:13:53 Signing in
13:13:53 --> POST https://passbolt.tr/auth/jwt/login.json h2 (1621-byte body)
13:13:54 <-- 200 https://passbolt.tr/auth/jwt/login.json (107ms, unknown-length body)
13:13:54 Sign in success
13:13:54 Decrypting challenge.
13:13:54 Challenge decrypted successfully
13:13:54 Verifying challenge
13:13:54 io.fusionauth.jwt.JWTExpiredException
	at io.fusionauth.jwt.JWTDecoder.validate(JWTDecoder.java:205)
	at io.fusionauth.jwt.JWTDecoder.decode(JWTDecoder.java:62)
	at com.passbolt.mobile.android.feature.authentication.auth.challenge.ChallengeVerifier.verify(ChallengeVerifier.kt:38)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.verifyChallenge(SignInVerifyInteractor.kt:183)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.decryptChallenge(SignInVerifyInteractor.kt:156)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.access$decryptChallenge(SignInVerifyInteractor.kt:38)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor$decryptChallenge$1.invokeSuspend(Unknown Source:20)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
	at android.os.Handler.handleCallback(Handler.java:938)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:226)
	at android.os.Looper.loop(Looper.java:313)
	at android.app.ActivityThread.main(ActivityThread.java:8663)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)

io.fusionauth.jwt.JWTExpiredException
	at io.fusionauth.jwt.JWTDecoder.validate(JWTDecoder.java:205)
	at io.fusionauth.jwt.JWTDecoder.decode(JWTDecoder.java:62)
	at com.passbolt.mobile.android.feature.authentication.auth.challenge.ChallengeVerifier.verify(ChallengeVerifier.kt:38)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.verifyChallenge(SignInVerifyInteractor.kt:183)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.decryptChallenge(SignInVerifyInteractor.kt:156)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor.access$decryptChallenge(SignInVerifyInteractor.kt:38)
	at com.passbolt.mobile.android.feature.authentication.auth.usecase.SignInVerifyInteractor$decryptChallenge$1.invokeSuspend(Unknown Source:20)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
	at android.os.Handler.handleCallback(Handler.java:938)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:226)
	at android.os.Looper.loop(Looper.java:313)
	at android.app.ActivityThread.main(ActivityThread.java:8663)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)
13:13:54 Challenge verification error: token expired
13:14:10 App went background
13:14:10

AnatomicJC · October 30, 2022, 9:46am

Hi @0x0ffset,

Can you check if your Samsung A50 is well synchronized with a time server and check date and time ? Is your LXC container well synchronized too ? You can compare the date and time with https://time.is

On the other hand can you provide a full healthcheck output ? I assume you installed passbolt with the debian/ubuntu package:

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data

Finally, you can also check this FAQ page.

Best regards,

0x0ffset · October 30, 2022, 1:09pm

Synced the server with ntp, no change.
Made sure the cellphones are synced, no change.

Here is the contents of the healthcheck file as suggested;


     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.30.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.tr/
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
 [HELP] Check that the domain name is correct in config/passbolt.php
 [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 [HELP] fopen(): php_network_getaddresses: getaddrinfo failed: Name or service not known
fopen(https://passbolt.tr/healthcheck/status.json): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.7.3).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [FAIL] 3 error(s) found. Hang in there!

JamesBond · October 30, 2022, 6:40pm

0x0ffset:

 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
 [HELP] Check that the domain name is correct in config/passbolt.php
 [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 [HELP] fopen(): php_network_getaddresses: getaddrinfo failed: Name or service not known
fopen(https://passbolt.tr/healthcheck/status.json): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known

Hi @0x0ffset,

You have quite a few issues here that need to be resolved.

The first one would be your hostname is not resolving getaddrinfo failed: Name or service not known
Have you correctly configured your LXC container ?

The second issue is your server needs to have a vaild hostname and SSL certificate.

In your hosts file:
you will need to set an ip to match the hostname, for example
Here is one of my ProxMox LxC containers hosts file

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
# --- BEGIN PVE ---
10.0.100.10 example.com
# --- END PVE ---

Now if i ping example.com, i would get the following result

PING example.com (10.0.100.10) 56(84) bytes of data.
64 bytes from example.com (10.0.100.10): icmp_seq=1 ttl=64 time=0.024 ms
64 bytes from example.com (10.0.100.10): icmp_seq=2 ttl=64 time=0.027 ms
^C
--- example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1016ms
rtt min/avg/max/mdev = 0.024/0.025/0.027/0.001 ms

Once those are configured correctly and the healthcheck passes. Everything should be good to go

Regards,
Bond

0x0ffset · October 30, 2022, 10:47pm

Thank you for the pointers. I changed the host in the LXC options to the correct hostname and the healthcheck passes but I get the same error when I try and login after the QR codes have transferred. Here is the new healthcheck;

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.30.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.tr/
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writabl                                                                                                                                                             e by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.ph                                                                                                                                                             p.
 [PASS] The server public key defined in the config/passbolt.php (or environment                                                                                                                                                              variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.7.3).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [PASS] No error found. Nice one sparky!

garrett · October 31, 2022, 2:08am

Just to confirm, the error you are getting still is related to the JWT expiration, correct?

If you sync and there’s no change, you should also confirm with server and phone what difference you see between them. On server you can run date and in Clock settings you can show seconds for your phone. How far off are they from each other?

0x0ffset · October 31, 2022, 11:23am

I checked the server time and the timezone was incorrect, changed this but still got the same issue.
I pasted the cellphone log as well as the time and date from the server… allowing for human copy paste time they are 12 secs or so…

Checked and synced the server clock;

Mon Oct 31 07:20:14 EDT 2022
@passbolt:~# ntpstat
synchronised to NTP server (216.197.228.230) at stratum 2
   time correct to within 26 ms
   polling server every 64 s

I copied the end of the log to the top for clarity

07:20:03 Signing in
07:20:04 --> POST https://passbolt.tr/auth/jwt/login.json h2 (1621-byte body)
07:20:04 <-- 500 https://passbolt.tr/auth/jwt/login.json (144ms, unknown-length body)
07:20:04 Failure during sign in: An internal error occurred.

07:19:23 Checking biometry state
07:19:50 --> PUT https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json h2 (41-byte body)
07:19:50 <-- 200 https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json (73ms, unknown-length body)
07:19:51 --> PUT https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json h2 (41-byte body)
07:19:51 <-- 200 https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json (46ms, unknown-length body)
07:19:51 --> PUT https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json h2 (41-byte body)
07:19:51 <-- 200 https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json (52ms, unknown-length body)
07:19:51 --> PUT https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json h2 (41-byte body)
07:19:51 <-- 200 https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json (54ms, unknown-length body)
07:19:52 Saving private key.
07:19:52 --> PUT https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json?contain%5Buser.profile%5D=1 h2 (38-byte body)
07:19:52 <-- 200 https://passbolt.tr/mobile/transfers/fcfef86f-95ce-47d7-a82c-d3875bf58581/12e8b3d4-8dac-44d3-89e1-9e592ca7809e.json?contain%5Buser.profile%5D=1 (47ms, unknown-length body)
07:19:53 Checking biometry state
07:19:54 Received fill request
07:19:54 Visiting view node with id: -1 scheme + domain: null://null package: null content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131361857 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131361873 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131362114 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131362114 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131362531 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: -1 scheme + domain: null://null package: null content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362282 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362063 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362040 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362328 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131362528 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362510 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362170 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints passwordAuto hint: null html autocomplete attr: null important for autofill: 1 input type: 129 
07:19:54 Visiting view node with id: -1 scheme + domain: null://null package: null content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: -1 scheme + domain: null://null package: null content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 0 input type: 0 
07:19:54 Visiting view node with id: 2131362524 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131361920 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131361918 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Visiting view node with id: 2131362113 scheme + domain: null://null package: com.passbolt.mobile.android content description: null autofill hints null hint: null html autocomplete attr: null important for autofill: 1 input type: 0 
07:19:54 Parsed domain: 
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: mail,username,mobile,number,name,mail,username,mobile,number,name,username
Structure hint: passwordAuto
07:19:54 Marking input as fillable. 
Hint values: password,secret,passphrase,password,secret,passphrase,password
Structure hint: passwordAuto
07:19:54 Showing authentication prompt
07:20:03 Passphrase cache cleared
07:20:03 Passphrase cached
07:20:03 Getting server pgp and rsa keys
07:20:03 --> GET https://passbolt.tr/auth/verify.json h2
07:20:03 <-- 200 https://passbolt.tr/auth/verify.json (42ms, unknown-length body)
07:20:03 --> GET https://passbolt.tr/auth/jwt/rsa.json h2
07:20:03 <-- 200 https://passbolt.tr/auth/jwt/rsa.json (33ms, unknown-length body)
07:20:03 Getting server pgp and rsa keys succeeded
07:20:03 Verifying server fingerprint
07:20:03 Server key fingerprint is valid
07:20:03 Preparing sign in challenge
07:20:03 Prepared sign in challenge
07:20:03 Signing in
07:20:04 --> POST https://passbolt.tr/auth/jwt/login.json h2 (1621-byte body)
07:20:04 <-- 500 https://passbolt.tr/auth/jwt/login.json (144ms, unknown-length body)
07:20:04 Failure during sign in: An internal error occurred.

AnatomicJC · October 31, 2022, 11:39am

You have a 500 error, you should find what is wrong on passbolt server logs: /var/log/passbolt/error.log

Best,

0x0ffset · October 31, 2022, 12:30pm

Here is that log. Some sort of Auth issue by the looks of it;

2022-10-31 11:20:02 error: An internal error occurred.
2022-10-31 11:20:02 error: #0 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/Controller.php(539): Passbolt\JwtAuthentication\Controller\JwtLoginCon                                                                           troller->loginPost()
#1 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(140): Cake\Controller\Controller->invokeAction()
#2 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(115): Cake\Controller\ControllerFactory->handle()
#3 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/BaseApplication.php(317): Cake\Controller\ControllerFactory->invoke()
#4 /usr/share/php/passbolt/src/Application.php(130): Cake\Http\BaseApplication->handle()
#5 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(77): App\Application->handle()
#6 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/SecurityHeadersMiddleware.php(255): Cake\Http\Runner->handle()
#7 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\SecurityHeadersMiddleware->process()
#8 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php(138): Cake\Http\Runner->handle()
#9 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\CsrfProtectionMiddleware->process()
#10 /usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Middleware/JwtCsrfDetectionMiddleware.php(55): Cake\Http\Runner->handle()
#11 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtCsrfDetectionMiddleware->process()
#12 /usr/share/php/passbolt/src/Middleware/GpgAuthHeadersMiddleware.php(40): Cake\Http\Runner->handle()
#13 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\GpgAuthHeadersMiddleware->process()
#14 /usr/share/php/passbolt/plugins/Passbolt/Locale/src/Middleware/LocaleMiddleware.php(47): Cake\Http\Runner->handle()
#15 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\Locale\Middleware\LocaleMiddleware->process()
#16 /usr/share/php/passbolt/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php(124): Cake\Http\Runner->handle()
#17 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Authentication\Middleware\AuthenticationMiddleware->process()
#18 /usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Middleware/JwtDestroySessionMiddleware.php(43): Cake\Http\Runner->handle()
#19 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtDestroySessionMiddleware->process()
#20 /usr/share/php/passbolt/src/Middleware/SessionAuthPreventDeletedUsersMiddleware.php(46): Cake\Http\Runner->handle()
#21 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionAuthPreventDeletedUsersMiddleware->process()
#22 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php(172): Cake\Http\Runner->handle()
#23 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\BodyParserMiddleware->process()
#24 /usr/share/php/passbolt/src/Middleware/SessionPreventExtensionMiddleware.php(66): Cake\Http\Runner->handle()
#25 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionPreventExtensionMiddleware->process()
#26 /usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Middleware/JwtRouteFilterMiddleware.php(47): Cake\Http\Runner->handle()
#27 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtRouteFilterMiddleware->process()
#28 /usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Middleware/JwtAuthDetectionMiddleware.php(58): Cake\Http\Runner->handle()
#29 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtAuthDetectionMiddleware->process()
#30 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(161): Cake\Http\Runner->handle()
#31 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\RoutingMiddleware->process()
#32 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(77): Cake\Http\Runner->handle()
#33 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\AssetMiddleware->process()
#34 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(126): Cake\Http\Runner->handle()
#35 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Error\Middleware\ErrorHandlerMiddleware->process()
#36 /usr/share/php/passbolt/src/Middleware/ContentSecurityPolicyMiddleware.php(39): Cake\Http\Runner->handle()
#37 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContentSecurityPolicyMiddleware->process()
#38 /usr/share/php/passbolt/src/Middleware/ContainerInjectorMiddleware.php(54): Cake\Http\Runner->handle()
#39 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContainerInjectorMiddleware->process()
#40 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(58): Cake\Http\Runner->handle()
#41 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Server.php(90): Cake\Http\Runner->run()
#42 /usr/share/php/passbolt/webroot/index.php(40): Cake\Http\Server->run()
#43 {main}
2022-10-31 11:44:02 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakeph                                                                           p/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.2.177


2022-10-31 11:44:34 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakeph                                                                           p/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.2.177

JamesBond · October 31, 2022, 12:53pm

Do you by any chance have mod security installed and active ?

Something similar happened to me when I enabled Mod Security.

Regards,
Bond

0x0ffset · October 31, 2022, 1:00pm

Not sure. I certainly haven’t deliberately enabled it. Just done a quick “find” and i cannot find a reference to it so probably not.

garrett · October 31, 2022, 1:29pm

The error is the default case in this switch, so it’s not the other cases:

            switch ($result->getStatus()) {
                case Result::FAILURE_CREDENTIALS_MISSING:
                    $message .= __('The credentials are missing.');
                    throw new BadRequestException($message);
                case Result::FAILURE_IDENTITY_NOT_FOUND:
                    $message = __('The user does not exist or is not active or has been deleted.');
                    throw new NotFoundException($message);
                case Result::FAILURE_CREDENTIALS_INVALID:
                    $message = __('The credentials are invalid.');
                    throw new BadRequestException($message);
                default:
                case Result::FAILURE_OTHER:
                    $message = __('An internal error occurred.');
                    throw new InternalErrorException($message);
            }

Found in /usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Controller/JwtLoginController.php

0x0ffset · October 31, 2022, 2:09pm

Yes, Failure_OTHER is the error I am getting…

garrett · October 31, 2022, 10:23pm

This is possibly a generally error. Clearing cache may help, restarting services, etc.

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"

0x0ffset · October 31, 2022, 11:29pm

Thank you for the suggestion. Tried the command, cleared the cache and rebooted. Still get the same error

AnatomicJC · November 1, 2022, 9:40am

For this case, my guess is we need advice from a passbolt backend developer and/or android developer.

Maybe @remy can help?

Cheers,

remy · November 1, 2022, 6:16pm

@0x0ffset we can have a look, can you get in touch with us at support@passbolt.com with a link to this thread and mentioning ticket PB-19703. We can organize a call and see if we can get to the bottom of it.

0x0ffset · November 2, 2022, 1:49pm

Thanks for holding the support call. All fixed now. I will let the guys add the solution to the ticket as they will be able to put the correct info in.

Excellent job and a better support experience than a lot of expensive paid-for capabilities. Passbolt is an awesome app and I will be recommending it to everyone.

cedric · November 3, 2022, 12:20pm

The issue was relative to the JWT key pair stored in the passbolt/config folder. The keys were not accessible by the web server, changing the permissions to make it readable fixed the issue.

0x0ffset · November 3, 2022, 12:49pm

Like I say thanks Cedric and folks… you guys were awesome!!! Really worked hard at the support and got me to a solution!!