Infinite loops (email->passbolt->email...)

As a sysadmin of a medium-sized company with around 100 users on Passbolt, I periodically have an issue of this sort:

  1. A user using the same browser as normal is unexpectedly asked to enter their email address at the passbolt URL
  2. Passbolt tells the user to check their email
  3. Email initiates account recovery
  4. Account recovery is completed, including putting in private key
  5. Passbolt asks for email
  6. Link is sent to email
  7. Click on link
  8. Repeat from step 5 ad infinitum

I cannot stress how irritating this is. I have no idea what causes it, although it does tend to be with newer account (often seems to be the second ever time a user logs in).

Does anyone have any similar experiences? Were you able to fix this?

Kind regards,

Hello @joe,

It looks like it could be a persisting issues, could you give us more info about this for example are you using a specific environment e.g. air gap? Does this issue is happening on every browsers? Do every users that are experiencing this issue are using the same browser or same environment?

Hi @antony, our users are accessing a Passbolt URL on the plain web; the server is hosted in Google cloud. We only ever use Chrome, but on occasion when I have tried on Firefox (when the issue comes up) I seem to recall we still got stuck in the email loop.

We do have many errors of this type:
2023-10-02 06:13:42 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177 (155 so far today). I don’t know if that could be relevant.

Have you had similar reports from other end users?


Could you tell me which PHP version are you using and which distribution are you running?

Also, have you already tried to clear the cache?

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake cache clear_all" www-data