Keep asking to verify/recover email on web interface

Hello everyone !

I’ve setup passbolt on a linux server, i’ve managed the installation successfully.
The SSL/GPG/MYSQL DB instance works perfectly.
I can enjoy all the features, but…

When i try to login thru the web interface via my email, i got the message to check my mailbox
We sent you a link to verify your email.
Check your spam folder if you do not hear from us after a while.

And on my email i get the recovery process.

This happens for users that are already register and had already access to the web interface.
However, when i try to login via the chrome extension there is no problem at all, i can easily access to my passwords.
Funny thing too is, once im logged on my browser extension, when i click on the passbolt logo, it redirect me to the web interface logged in…
I do really need the access from the web url alone as well, i have some team member that don’t have/want to install the browser extension

I’ve read in some threads that the GPG key could be the problem, but after doing a clean install it happened again…

I might suspect that:

  • I have failed to input a correct server name on the installation process for the gpg (i’ve inputed my domain where i host the app)
  • The GPG key or something expire too early

If not im really lost on it, thanks in advance for the time taken to help me guys !

Have a great evenning

Hi @Sadhill :wave: and welcome to passbolt community forum :people_holding_hands:

If I understand well, you are able to connect via the extension:

But not via the passbolt login page:

Which version of Chrome are you using on which operating system ?

Do you have the same behavior with another browser such as Firefox, or Edge ?

Do you have other extensions installed ? If yes, can you try to disable them ? Can you also try to create a fresh new profile on Chrome and install only passbolt extension ?

If you still have the issue, can you please go to: chrome://extensions

  • Activate the Developer mode in the top right corner
  • Look for the Passbolt card and click details button
  • Look for the Inspect views and the index.html link
  • A new window will appear this is the debugger of the browser extension
  • Go to network tab
  • Try to reproduce the error and see if you have errors logged

Thank you for your help, it will give us a clearer picture on your problem.

Best regards,

Hello _jc ! First of all thank you very much for your time taken on my problem. You understood my problem correctly.

After seeing your screenshot i realize that there is something different, when i try to connect to my webpage directly i have this instead of being asked my passphrase:

Then regarding your questions:

  1. Chrome version : 102.0.5005.63 on Windows / Linux
  2. Same behavior with Chrome, Firefox and Edge
  3. I’ve tried with a fresh session and it ended up with the same behavior, my firefox browser doesn’t have any extensions and the same happened.

However, when i enabled developer mode, the login process ran smoothly, i am not asked any time to log my email to recover my account, i just end up on the login page like it should. With that it is really difficult to get the error i used to have since it does work on developer mode. But as soon as i disable it, the debug windows is gone and the problem comes back again

By the way my passbolt version is 3.6.0

Thanks again !

ANSWER
The matter is closed, it is not a problem coming from Passbolt but from my own lack of knowledge.

Basically i was trying to achieve something that is not designed, i wanted to reach to my subdomain where i host my linux passbolt instance without having the need of a passbolt browser extension installation.

I thought there was a bug because the login page did render, but i wasn’t able to access the GUI where my passwords were stored. After a call with @_jc, he explained to me that it is the passbolt browser extension that actually render the GUI where all your passwords are listed, the linux instance is only an API and not a web application with a frontend.

So when i understood that concept, it went all clear. You must have the browser extension, otherwise you won’t be able to access the GUI. You can still make up your own GUI by using the API i guess, but that’s a hell of a redo work for nothing IMHO.

Why ?
_jc explained that it was designed this way to increase security, so people that want to access your GUI couldn’t put malicious scripts on my Linux server directly, they must have control of my desktop as well. Im sure there is more detailed answer regarding this matter, but i’ll stay within the issue scope.

Special shout out to @_jc for his fast replies and for having taken the time for a one-to-one meeting to help me find the problem and then even explain to me how it is designed and why it was made that way. Thanks a lot.

1 Like

You’re welcome @Sadhill and don’t hesitate if you have further questions. For the ones who will come to this post, I will just add a link to this help page: Passbolt Help | Why do I need a browser extension?

It explains why passbolt extension is helpful in matter of security.

Best,