Hi,
this is the x-th topic about not scannable QR-Codes in Android (“something went wrong”). But on all topics I read it was related to invalid certificates. This is not the case for me - at least on the first sight. https://www.ssllabs.com/ tells everything fine. Almost full score (not full because I support some weak TLS 1.2 Ciphers). I use Let’s Encrypt and via browser it works fine.
I used this guide to setup my environment: Passbolt Help | Install Passbolt CE on Debian 12 (Bookworm)
One thing to mention: I have a reverseproxy in between, but this was not a problem until now. This reverseproxy handles the external Certificate as it also handles other webservers behind it and theire certificates. Internal (between Passbolt server and reverseproxy) a Self-Signed Certificate is in place.
Is this the problem? If not: where can I see more information what went wrong to continue troubleshooting?
Hi @Hunv and welcome to the forum!
Regarding the “something went wrong”, if it’s a message shown in the browser then it should be fine actually. The key should be transferred to your mobile and you should be able to use it. It’s a known bug that should be fixed in the upcoming v4.4.0 of the browser extension.
If it’s a message shown in the mobile application then it’s different and some more insight of what happens is needed. For that you can export the logs of the mobile application and send it there if it’s okay for you it will help to understand the root cause.
To export logs you can click on the question mark icons on the top right corner of the mobile screen and click on logs. From there you should see a bunch of texts that you could export.
1 Like
Hi Steph, thanks for your attention.
This are the logs in the App (I anonymized the URL and the GUIDs):
Device: Google Pixel 6
Android 14 (34)
Passbolt 1.16.0-26
17:29:05 File logging tree planted
17:29:13 --> PUT https://mydomain.com/mobile/transfers/12345678-1234-1234-1234-123456789012/12345678-1234-1234-1234-123456789012.json h2 (41-byte body)
17:29:13 <-- 403 https://mydomain.com/mobile/transfers/12345678-1234-1234-1234-123456789012/12345678-1234-1234-1234-123456789012.json (36ms, 44-byte body)
17:29:13 retrofit2.HttpException: HTTP 403
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:519)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
retrofit2.HttpException: HTTP 403
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:519)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
17:29:13 Encountered a non-standard backend error response
17:29:13 There was an error during checking if MFA is required
java.lang.NullPointerException: null cannot be cast to non-null type kotlin.collections.Map<kotlin.String, kotlin.collections.List<kotlin.String>>
at com.passbolt.mobile.android.core.networking.ErrorHeaderMapper.checkMfaRequired(SourceFile:69)
at com.passbolt.mobile.android.core.networking.ResponseHandler.checkIfMfaRequired(SourceFile:76)
at com.passbolt.mobile.android.core.networking.ResponseHandler.handleException(SourceFile:50)
at com.passbolt.mobile.android.passboltapi.registration.MobileTransferRepository.turnPage(SourceFile:97)
at com.passbolt.mobile.android.passboltapi.registration.MobileTransferRepository$turnPage$1.invokeSuspend(Unknown Source:16)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(SourceFile:115)
at kotlinx.coroutines.scheduling.TaskImpl.run(SourceFile:103)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:584)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:793)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:697)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:684)
java.lang.NullPointerException: null cannot be cast to non-null type kotlin.collections.Map<kotlin.String, kotlin.collections.List<kotlin.String>>
at com.passbolt.mobile.android.core.networking.ErrorHeaderMapper.checkMfaRequired(SourceFile:69)
at com.passbolt.mobile.android.core.networking.ResponseHandler.checkIfMfaRequired(SourceFile:76)
at com.passbolt.mobile.android.core.networking.ResponseHandler.handleException(SourceFile:50)
at com.passbolt.mobile.android.passboltapi.registration.MobileTransferRepository.turnPage(SourceFile:97)
at com.passbolt.mobile.android.passboltapi.registration.MobileTransferRepository$turnPage$1.invokeSuspend(Unknown Source:16)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(SourceFile:115)
at kotlinx.coroutines.scheduling.TaskImpl.run(SourceFile:103)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:584)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:793)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:697)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:684)
17:29:13 There was an error during transfer update
retrofit2.HttpException: HTTP 403
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:519)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
retrofit2.HttpException: HTTP 403
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:519)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
And just to answer the question because the log tells “There was an error during checking if MFA is required”: Currently it’s not (and until today never was).
Hello @Hunv ,
going from the top:
the PUT mobile/transfers endpoint is used to switch to the next QR code during transfer and I see the return response is 403 followed by Encountered a non-standard backend error response log which suggests that the response is not in a standard format from Passbolt backend (maybe HTML or other). Can the proxy be blocking the client from accessing the endpoint? To see exactly what is in the 403 response body you would have to set up a proxy in the Android device.
Hi @mmichalek ,
I don’t use a Proxy. The connection (at Home) has just a standard home-internet setup. The same happens by the way using the mobile network.
At the server side it is installed as described: Internet => Reverse Proxy, which delivers the SSL Certificate => Passbolt server, which is using a self-signed certificate
I also checked what happens if I open the mentioned URL manually.
It tells me “Not found”.
and if I run a PUT using Postman (but on a PC, not on the Smartphone), it returns the following:
