Could not validate group data on add user

Hello I recently upgraded to 2.10.0 and I am running into an issue where I can’t add new users to a group that has 2000+ passwords. Before the upgrade this was not an issue. Load time of put request is 41 seconds therefore it is unlikely that it’s hitting a timeout

HTTP/1.1 400 Bad Request
Date: Thu, 13 Jun 2019 11:37:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
Content-Length: 297
Connection: close
Content-Type: application/json; charset=UTF-8

{"header":{"id":"f1ba2dXXXXXee1b2","status":"error","servertime":1560425895,"title":"app_groups_update_error","action":"3303ccc6XXXXXXXX756217d","message":"Not Found","url":"\/groups\/5aXXXX1aa.json?api-version=v1","code":400},"body":[]}

passbolt error log says:

2019-06-13 11:38:15 Error: [App\Error\Exception\ValidationException] Could not validate group data.
Request URL: /groups/5ab4eXXXX9c1aa.json?api-version=v1

I attempted to clean the database there where 7 records but it didn’t solve the issue.

 Open source password manager for teams
---------------------------------------------------------------
 Cleanup shell (delete mode)
---------------------------------------------------------------
No issue found, data looks squeaky clean!

Checklist

Environment

[PASS] PHP version 7.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to …
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 24 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.10.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[WARN] Some email notifications are disabled by the administrator.

No error found. Nice one sparky!

ps. I attempted setting passbolt to debug mode. Which worked however no further info was shown it was just formatted.

Hello @eddie4,

If you still have the error message returned by the API, can you copy/paste it here.
You might be in a state that is not handle by the cleanup command. Can you tell me if you have inactive users who are member of the target group ? This case happened previously for users who migrated from the V1.

The only errors I have I posted in the first post. Both the from the log and API. There where users in the group that where deleted (while i was running v2.0+). Removing these users and running the cleanup did however not solve the issue.

Also note that i was able to add users in version 2.5.0

@eddie4 I think cedric means the error message in the console of the browser. If you can isolate the request, you will get the details of which validation failed.

The addon says: The group could not be saved. Not Found

@eddie4 there is something weird there, can you get in touch with us at support@passbolt.com, we can provide you with instructions on how to generate an obfuscated dump of the data, we can then have a look at the problem.

I want to try a few things first.

I manually checked that all group members are still present in mysql. I am currently checking a wireshark dump to see if i can spot the sql query that returns 0.

If that doesn’t work ill look into the request and see if i can spot an ID that no longer exists.

Sounds good, let us know how it goes.

So the wireshark wasn’t much help there where way to many query’s. I took the json that was being send to the server broke it down into

  • Group
  • GroupUsers
  • Secrets

All the ID’s are in the database, the user_id and the resource_id. Which means that it must be checking other id’s

I then checked every resource_id in secrets every single one returns 1 record.

I then checked every user_id in secrets every single one returns 1 record.

I think am going to take you up on your offer to send a obfuscated dump.

EDIT:
I might have found it. Unsure what do you think
SELECT * FROM users WHERE deleted = 1 ORDER BY deleted DESC

SELECT * FROM secrets WHERE user_id LIKE user.id

This gives results. Deleted users seem to have have secrets could this be the issue?

Yes that could be the issue

Shit I thought i found it. But i was echo’ing the user_id’s not the secrets. There where no secrets for deleted users.

back to the drawing board.

Yeah and that kind of issue is checked in the cleanup task, so I was a bit surprised.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.