Could not validate group data on add user

Hello I recently upgraded to 2.10.0 and I am running into an issue where I can’t add new users to a group that has 2000+ passwords. Before the upgrade this was not an issue. Load time of put request is 41 seconds therefore it is unlikely that it’s hitting a timeout

HTTP/1.1 400 Bad Request
Date: Thu, 13 Jun 2019 11:37:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
Content-Length: 297
Connection: close
Content-Type: application/json; charset=UTF-8

{"header":{"id":"f1ba2dXXXXXee1b2","status":"error","servertime":1560425895,"title":"app_groups_update_error","action":"3303ccc6XXXXXXXX756217d","message":"Not Found","url":"\/groups\/5aXXXX1aa.json?api-version=v1","code":400},"body":[]}

passbolt error log says:

2019-06-13 11:38:15 Error: [App\Error\Exception\ValidationException] Could not validate group data.
Request URL: /groups/5ab4eXXXX9c1aa.json?api-version=v1

I attempted to clean the database there where 7 records but it didn’t solve the issue.

 Open source password manager for teams
 Cleanup shell (delete mode)
No issue found, data looks squeaky clean!



[PASS] PHP version 7.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to …
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate


[PASS] The application is able to connect to the database
[PASS] 24 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.10.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[WARN] Some email notifications are disabled by the administrator.

No error found. Nice one sparky!

ps. I attempted setting passbolt to debug mode. Which worked however no further info was shown it was just formatted.

Hello @eddie4,

If you still have the error message returned by the API, can you copy/paste it here.
You might be in a state that is not handle by the cleanup command. Can you tell me if you have inactive users who are member of the target group ? This case happened previously for users who migrated from the V1.

The only errors I have I posted in the first post. Both the from the log and API. There where users in the group that where deleted (while i was running v2.0+). Removing these users and running the cleanup did however not solve the issue.

Also note that i was able to add users in version 2.5.0

@eddie4 I think cedric means the error message in the console of the browser. If you can isolate the request, you will get the details of which validation failed.

The addon says: The group could not be saved. Not Found

@eddie4 there is something weird there, can you get in touch with us at, we can provide you with instructions on how to generate an obfuscated dump of the data, we can then have a look at the problem.

I want to try a few things first.

I manually checked that all group members are still present in mysql. I am currently checking a wireshark dump to see if i can spot the sql query that returns 0.

If that doesn’t work ill look into the request and see if i can spot an ID that no longer exists.

Sounds good, let us know how it goes.

So the wireshark wasn’t much help there where way to many query’s. I took the json that was being send to the server broke it down into

  • Group
  • GroupUsers
  • Secrets

All the ID’s are in the database, the user_id and the resource_id. Which means that it must be checking other id’s

I then checked every resource_id in secrets every single one returns 1 record.

I then checked every user_id in secrets every single one returns 1 record.

I think am going to take you up on your offer to send a obfuscated dump.

I might have found it. Unsure what do you think
SELECT * FROM users WHERE deleted = 1 ORDER BY deleted DESC

SELECT * FROM secrets WHERE user_id LIKE

This gives results. Deleted users seem to have have secrets could this be the issue?

Yes that could be the issue

Shit I thought i found it. But i was echo’ing the user_id’s not the secrets. There where no secrets for deleted users.

back to the drawing board.

Yeah and that kind of issue is checked in the cleanup task, so I was a bit surprised.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.