"Error The transfer is not authorized" when removing an user

#1

Following an issue with the keyring expiration now solved, we have few user users that can’t find their private key :frowning: so the idea was to remove the old account (and transfer ownership), and then create a new one. In the deletion process we have the above error, which does not provide enough hints and what is the problem.

#2

Hello @chicco785

This error happens when a user is sole owner of some shared passwords or sole manager of some groups he/she is not the sole member.

A popup should notify you about this and you should be able to transfer the permissions to other users / groups. Did you see such popup ?

To be able to help I will require more information.

  • Your browser name and version
  • Your current version of passbolt (If < 2.2.0 please upgrade)
  • Did you install passbolt with the install scripts or from scratch ?
  • Your browser console and network output
  • The error corresponding line of your /var/www/passbolt/logs/error.log file
#3

hi @cedric !
the popup appears and I select to whom transfer the different passwords, and when i confirm, the error happens.

Thanks!

  • Your browser name and version: Chrome Version 74.0.3729.131 (Official Build) (64-bit) (on Mac OSX)

  • Your current version of passbolt (If < 2.2.0 please upgrade): 2.9.0

  • Did you install passbolt with the install scripts or from scratch ?: it’s installed from the git repo

  • Your browser console and network output: can i send the privately:

    1. response to dry run:
    {
      "header": {
        "id": "b3706459-fbd6-4a03-ba57-5bc62b4aaaa2",
        "status": "error",
        "servertime": 1558087466,
        "title": "app_users_dryrun_error",
        "action": "bec65e6e-9c29-5217-aabc-49fe2256cfce",
        "message": "Not Found",
        "url": "/users/59142ae9-fc18-446d-b1a2-6f98ed862cc2/dry-run.json?api-version=v2",
        "code": 400
      },
      "body": {
        "errors": {
          "resources": {
            "sole_owner": [ <different resources having multiple permission where the user is sole owner> ]
              }
            ]
          }
        }
      }
    }
    
    1. response to actual delete:
    {
      "header": {
        "id": "1e99c6c2-a4cc-48f3-8dce-d544a57e4ecd",
        "status": "error",
        "servertime": 1558087641,
        "title": "app_users_delete_error",
        "action": "4a1f3ff7-02ff-5120-b08b-e13f4369df3f",
        "message": "The transfer is not authorized",
        "url": "/users/59142ae9-fc18-446d-b1a2-6f98ed862cc2.json?api-version=v2",
        "code": 400
      },
      "body": ""
    }
    
  • The error corresponding line of your /var/www/passbolt/logs/error.log file:

2019-05-17 10:07:06 Error: [App\Error\Exception\CustomValidationException] The user cannot be deleted. You need to transfer the ownership for the shared passwords owned by this user before deleting this user.

Request URL: /users/59142ae9-fc18-446d-b1a2-6f98ed862cc2/dry-run.json?api-version=v2

Referer URL: https://<server>/app/users

2019-05-17 10:07:21 Error: [Cake\Http\Exception\BadRequestException] The transfer is not authorized

Request URL: /users/59142ae9-fc18-446d-b1a2-6f98ed862cc2.json?api-version=v2

Referer URL: https://<server>/app/users
#4

I’m wondering if you could have some orphan permissions that are blocking this transfer.

What is the output of the following command su -s /bin/bash -c "./bin/cake passbolt cleanup --dry-run" www-data executed in your passbolt folder ?

#5

hi @cedric,

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
---------------------------------------------------------------
 Cleanup shell (dry-run)
---------------------------------------------------------------
8 orphan records found in table Permissions (soft deleted resources)
8 orphan records found in table Secrets (soft deleted resources)
16 issues detected, please run the same command without --dry-run to fix them.
#6

Hello @chicco785,

Executing the same command without the --dry-run option will remove the orphans from your database. Did you try it ? It might solve your issue.

Regards