iOS Mobile Application is out! Beta testers wanted!

Hi,

We’ve just released the beta version of the iOS passbolt app!
Please read our blog article if you are interested to beta test it.

Feel free to comment on this thread if you have feedback or issue.

4 Likes

Hi,

Thanks for the good instruction.
After scanning the QR-Code, the iOS APP asked for Passphrase.
Now I entered my Passphrase and I get the error “Sign In failed”.

Log:
2021-11-17 10:34:31 Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/Authe$
Request URL: /auth/is-authenticated.json

Thanks,
Julian

Hi,

Can you perform an healthcheck like I described in the blog article:
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data
I want to eliminate the issue of JWT keys.

Thanks!

The log that you shared is related to the browser extension on desktop and not the mobile app

Hi,

The healtcheck status:

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

Thanks,
Julian

Hi @jskribek

Can you send us logs of both nginx and Passbolt application while trying to log in ?

Nginx log path: /var/log/nginx/*.log

If you are using Passbolt from Debian or Ubuntu package, application logs are in /var/log/passbolt/, else in /var/www/passbolt/logs/

Thanks and regards,

Hi,

I’m facing the same issue running with docker image passbolt/passbolt:3.3.0-ce-non-root.

Healthcheck:

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[FAIL] The /etc/passbolt/jwt/ directory is writable
[HELP] You can try:
[HELP] sudo chown -R www-data:www-data /etc/passbolt/jwt/
[HELP] sudo chmod 444 /etc/passbolt/jwt/
[PASS] A valid JWT key pair was found

The fail also seems to be broken here, since neither the folder nor the files are writable by the web user:

$ ls -al /etc/passbolt/jwt
total 20
dr-xr-x— 2 root www-data 4096 Nov 12 15:45 .
drwxrwx— 1 root www-data 4096 Nov 18 13:11 …
-r–r----- 1 root www-data 3268 Nov 12 15:45 jwt.key
-r–r----- 1 root www-data 800 Nov 12 15:45 jwt.pem

Logs when clicking on “Sign In” Button in the iOS App:

10.253.1.193 - - [18/Nov/2021:13:24:52 +0000] “GET /auth/jwt/rsa.json HTTP/1.1” 200 1085 “-” “Passbolt/1634501321 CFNetwork/1325.0.1 Darwin/21.1.0”
2021-11-18 13:24:52,239 INFO reaped unknown pid 822 (exit status 0)
2021-11-18 13:24:52,240 INFO reaped unknown pid 824 (exit status 0)
10.253.1.193 - - [18/Nov/2021:13:24:52 +0000] “GET /auth/verify.json HTTP/1.1” 200 3581 “-” “Passbolt/1634501321 CFNetwork/1325.0.1 Darwin/21.1.0”
10.253.1.193 - - [18/Nov/2021:13:24:52 +0000] “POST /auth/jwt/login.json HTTP/1.1” 200 2935 “-” “Passbolt/1634501321 CFNetwork/1325.0.1 Darwin/21.1.0”
2021-11-18 13:24:52,840 INFO reaped unknown pid 827 (exit status 0)
2021-11-18 13:24:52,840 INFO reaped unknown pid 829 (exit status 0)
2021-11-18 13:24:52,841 INFO reaped unknown pid 832 (exit status 0)
2021-11-18 13:24:52,842 INFO reaped unknown pid 834 (exit status 0)
2021-11-18 13:24:52,842 INFO reaped unknown pid 837 (exit status 0)
2021-11-18 13:24:52,842 INFO reaped unknown pid 839 (exit status 0)
2021-11-18 13:24:52,842 INFO reaped unknown pid 841 (exit status 0)
2021-11-18 13:24:52,842 INFO reaped unknown pid 843 (exit status 0)
2021-11-18 13:24:52,843 INFO reaped unknown pid 846 (exit status 0)
2021-11-18 13:24:52,843 INFO reaped unknown pid 849 (exit status 0)

I’m also getting an “Sign In failed” error. Passbolt logs don’t show anything. Running the latest Pro version on debian from source. Healthcheck has 0 fails.

6 posts were split to a new topic: Testing of Mobile application registration on docker integration

We will release a new version next week with the following items:

  • Dark theme for the full app
  • Create / Edit / Delete passwords from the app
  • Various small UI bug fixes
  • Enrich logs

So basically with the latest point and if you have a mac, you would be able to connect your phone and use the Console.app to have more logs.

Several people seems to have an issue during the login phase and its still not clear to us what can cause the error.

@Patrick are you accessing Passbolt directly or via a reverse proxy? Can you precise the type of SSL certificate that you have (self-signed, save on device, letsencript)?
Also, the logs that you shared are from nginx, any luck from the PHP logs?

I had this issue with passbolt pro, docker version. It turns out the health check suggestions are not entirely correct in my situation. I persist /etc/passbolt/jwt with a bind mount in docker.

the suggestion is to chown www-data:www-data (this is correct) and chmod 444, this results in www-data user not being able to get proper permissions needed. You can see this in the running container, there’s a whole bunch of question marks:

www-data@6a3877efb9ed:/usr/share/php/passbolt$ ls -la /etc/passbolt/jwt/
ls: cannot access '/etc/passbolt/jwt/..': Permission denied
ls: cannot access '/etc/passbolt/jwt/.': Permission denied
ls: cannot access '/etc/passbolt/jwt/jwt.key': Permission denied
ls: cannot access '/etc/passbolt/jwt/jwt.pem': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..
-????????? ? ? ? ?            ? jwt.key
-????????? ? ? ? ?            ? jwt.pem

If you chmod -R 0755 the /etc/passbolt/jwt directory, the permissions become useable.

End result: my passbolt app on my iPhone and that of a coworker now work.

1 Like

Hi @okami :wave:

You’re right, the help message chmod 444 is wrong.

Correct rights should be set with chmod 0550 /etc/passbolt/jwt

Cheers,

2 Likes

@_jc Yes we use Cloudflare. We use indeed a selfsigned certificate via cloudflare.

I didn’t share any logs haha, i’ll keep you posted about the logs.

@_jc
this is what i get when trying to sign in via the mobile app

XX.XX.XXX.XX- - [25/Nov/2021:18:43:20 +0100] "GET /auth/jwt/rsa.json HTTP/2.0" 200 1075 "-" "Passbolt/1634501321 CFNetwork/1312 Darwin/21.0.0"
XX.XX.XXX.XX- - [25/Nov/2021:18:43:20 +0100] "GET /auth/verify.json HTTP/2.0" 200 2197 "-" "Passbolt/1634501321 CFNetwork/1312 Darwin/21.0.0"
XXX.XX.XXX.XX- - [25/Nov/2021:18:43:20 +0100] "POST /auth/jwt/login.json HTTP/2.0" 200 2542 "-" "Passbolt/1634501321 CFNetwork/1312 Darwin/21.0.0"

error logs of passbolt shows the following:

2021-11-25 17:34:04 Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /var/www/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: XXX.XXX.XX.XXX

Regards,

Just to throw it out there I went and go a digikey cert just in case self signed was an issue. It still says sign in failed.

I tried creating a new account and adding it still says sign in failed

I tried wiping out the app on my iphone and reinstalling, still failed.

I even tried creating a new password and it failed.

keep getting

Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /var/www/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json

Thanks @shalgabe11 for your report, a new iOS version will be released soon with more debug to understand what is wrong with some certificates.
We will keep you informed :slight_smile:

Cool that would be great! are you thinking the sign in issue is cert related?

Thank you!!!

We got some feedbacks about sign-in problems, and we need some extra debug who will come in a future iOS release

Just tried to login into iOS application, same problem: “sign in failed”.
No error logs on server, healthcheck is ok. SSL certificate issued by Cloudflare.
Android app on the other hand works perfectly.
Hope it helps.