Can't create new users after API/Plugin update. Keeps failing plugin check

I upgraded the Passbolt API to 2.13.5 on 18th Jan and I see the browser plugin was updated very recently.

I can see from the DB that the last user I created that successfully registered was on the 20th Jan. Which indicates that the problem started with the browser plugin update. Since then two different users have been unable to respond to the invite because the Plugin check during setup fails even after the plugin is installed. They have tried both Chrome and Firefox on Windows. I have also replicated the problem with Edge/Windows. The plugin is definitely installed and if I hit the root URL I get the message, “The plugin is installed but not configured”.

I raised a ticket "Get the plugin" does not recognise installed plugin after retry. Unable to sign up new users. · Issue #118 · passbolt/passbolt_browser_extension · GitHub but it was not reproducible and I (maybe mistakenly) closed the ticket because I believed it was an API issue due to the error message I was seeing in the logs.

I since created a temporary symlink to provide the missing file at the location it was looking for it and now I am not seeing any message in any JS console or server error log at all. So I guess that error message was an unrelated problem. I also tried re-clearing the API cache. I have tried enabling debug but there does not seem to be any new output in the API logs directory. All the files there are writable.

I updated the API from another version 2 to 2.13.5 using these instructions : Passbolt Help | Update passbolt server component (v2)
Health check is all-green (except for the Debug warning as I just enabled it).

In the absence of any console or debug/log output I would be grateful for any suggestions on how to resolve this. The only log messages I see expected authentication timeouts from users etc.

@SimonBlandford Something broke, but it’s not clear what. More information is needed.

Two users are unable to access your passbolt but other users are not having this problem? Did you try using their invite link on your own machine and browser to check the server is handling that path properly?

Although the extension did update, other things could have also happened since the 20th, including server updates? Plus, the recent update you performed, if I understand you correctly. If you’re convinced it’s the extension an extension downgrade back to the version that worked before should resolve the problem temporarily. Did you try a downgrade on the extension?

You can try: sudo -H -u www-data bash -c "./bin/cake passbolt cleanup" from your passbolt root directory and see if it reports anything.

@SimonBlandford

Note that the logs we are looking for are the ones relative to the browser extension and not only the one you get with the tab debug tool. Can you confirm us that you were looking at these logs?

You can access these logs as following:

• On Chrome:
  New tab > go to chrome://extensions > look for passbolt card > details > inspect views section > click index.html > copy errors under console tab
• On Firefox:
  New tab > go to about:debugging#/runtime/this-firefox > look for passbolt card > Click inspect > copy errors under console tab

Thanks @cedric

OK, now I’m getting some visible error. In the Javascript console I am getting:

Uncaught (in promise) TypeError: Cannot read property 'emit' of undefined
    at Port.<anonymous> (index.min.js:9584)

    index.min.js:9583 PassboltBadResponseError: An internal error occurred. The server response could not be parsed. Please contact your administrator.
        at ApiClient.fetchAndHandleResponse (chrome-extension://didegimhafipceonhjepacocaffmoppf/index.min.js:32481:13)
        at async SetupService.findSetupInfo (chrome-extension://didegimhafipceonhjepacocaffmoppf/index.min.js:33980:22)
        at async SetupModel.findSetupInfo (chrome-extension://didegimhafipceonhjepacocaffmoppf/index.min.js:28511:22)
        at async SetupController.retrieveSetupInfo (chrome-extension://didegimhafipceonhjepacocaffmoppf/index.min.js:6930:24)
        at async Port.<anonymous> (chrome-extension://didegimhafipceonhjepacocaffmoppf/index.min.js:9580:27)
    (anonymous) @ index.min.js:9583

If I debug this then it is failing after trying to GET the URL (partially redacted)
https://passbolt.mydomain.com/setup/install/5b4d6c7a-xxxx-xxxx-xxxx-db7135d20fb3/ff076927-b64e-4a59-xxxx-12d3f7f2c414.json?api-version=v2

When I call this URL in a new browser tab it just returns the following, which appears to be the inner HTML of the Start page. An error is thrown when it tries to call response.json() on line 32477. I guess because it isn’t JSON.

<input type="hidden" id="js_setup_user_username" value="home@simonb.org.uk"/>
<input type="hidden" id="js_setup_user_first_name" value="Test"/>
<input type="hidden" id="js_setup_user_last_name" value="User"/>

<!-- first header -->
<div class="header first">
    <nav>
        <div class="primary navigation top">
            <!-- no top links at setup -->
        </div>
    </nav>
</div>

<!-- second header -->
<div class="header second">
    <div class="col1">
        <div class="logo no-img">
            <h1><span>Passbolt</span></h1>
        </div>
    </div>
    <div class="col2_3">
        <h2 id="js_step_title">Welcome to passbolt! Let's take 5 min to setup your system.</h2>
    </div>
</div>

<div class="panel main ">
    <!-- wizard steps -->
    <div class="panel left">
        <div class="navigation wizard">
            <ul>
                <li class="selected">
                    1. Get the plugin                </li>
                <li class="disabled">
                    2. Define your keys                </li>
                <li class="disabled">
                    3. Set a passphrase                </li>
                <li class="disabled">
                    4. Set a security token                </li>
                <li class="disabled">
                    5. Login!                </li>
            </ul>
        </div>
    </div>
    <!-- main -->
    <div class="panel middle">
        <div class="grid grid-responsive-12">
            <div class="row">
                <div class="col7">
                    <div class="plugin-check-wrapper">
    <h3>Plugin check</h3>
    <div class="plugin-check chrome error">
        <p class="message">
            A web extension is required to use passbolt.<br>
            <a href="https://www.passbolt.com/download/chrome" target="_blank" rel="noopener">
                Download it here            </a>.
        </p>
    </div>
</div>
<div class="why-plugin-wrapper">
    <h3>Why do I need a plugin</h3>
    <p>
        Passbolt requires a browser add-on to guarantee that your secret key and your passphrase are never
			accessible to any website (including passbolt.com itself). This is also the only way to guarantee that
			the core cryptographic libraries cannot be tampered with.    </p>
</div>
<div class="submit-input-wrapper">
    <a id="js_setup_plugin_check" class="button primary big">retry</a>
</div>
                </div>
                <div class="col5 last">
                </div>
            </div>
        </div>
    </div>
</div>

The json entry point will be released with passbolt API v3.
For backward compatibility, if the json entry point doesn’t exist, then the application should call the legacy url (the same without.json) to retrieve the setup information. Can you confirm me that you have a second call made to this entry point right after the .json which failed?

There is no call made after the .json call. These are the calls made…

image1275×101 17.3 KB

@SimonBlandford Would you mind contacting us on support(at)passbolt(dot)com, we’d like to organize a call to dig into this issue with you.

Update after call:

@cedric, feel free to correct if I have misrepresented anything

The API is being upgrade from v2 to v3 and currently the API is still at v2 and the plugin is v3-ready. So the 3.x plugin will try to access a URL that the API is currently unable to respond to. This should trigger a 500 error that is handled by the API to return a JSON error message. The plugin will then send the correct v2 API request.

We found that the problem was due to Nginx hijacking 404 and 50x responses with its own error message which was obviously not in JSON and so the plugin was unable to parse it.

The solution was to comment out the nginx error redirects.

# redirect server error pages to the static page /40x.html
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }

# redirect server error pages to the static page /50x.html
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }

It’s correct thank you for the follow-up on the ticket.
And thank you for using passbolt since many years now.

Hi There,

New to Passbolt - giving it a fly today.
Can you confirm which file we edit for this?

I’m using Ubuntu 18.04 and suffering the same issue in the JS Console.

Thanks.
Oliver.

Hi @ODickins,

This was in the file /etc/nginx/nginx.conf.

Regards,
Simon

Thank you for replying so quickly.
Unfortunately it’s not the same issue for me then.
Will keep looking about, thanks.

Edit: My issue (although the JS console said issue getting promise) was completely different.
Mine was: “Groups” is a reserved word in MySQL 8.0.2+ · Issue #325 · passbolt/passbolt_api (github.com)

@ODickins Sorry about that - we are in the process of getting the help site updated and I mentioned this to the team just the other day. It is our fault the minimum requirements do not also note we don’t support MySQL v8. My apologies for the confusion!