I’m having an issue where the Passbolt instance is working fine but I am not able to access the instance with the iOS of Android mobile apps. The Mobile App on iOS just kicks me back to the login screen where it keeps asking me for my passphrase. The Android app logs in but keeps spinning and not passwords are shown. I’ll save you from posting the Android logs but below are the logs from the iOS app.
[2024-08-15 22:13:52] Session created…
[2024-08-15 22:13:52] …authorization succeeded!
[2024-08-15 22:13:52] …account transfer succeeded!
[2024-08-15 22:13:52] Session auto locking enabled!
[2024-08-15 22:13:52] Verifying data integrity…
[2024-08-15 22:13:52] …data integrity verification finished
[2024-08-15 22:13:52] Fetching server configuration…
[2024-08-15 22:13:52] [8E61878A-B59D-47C8-BCF9-F9D26C443527] HTTP GET /settings.json
[2024-08-15 22:13:53] [8E61878A-B59D-47C8-BCF9-F9D26C443527] HTTP 200 /settings.json
[2024-08-15 22:13:53] …server configuration fetched!
[2024-08-15 22:13:53] [82EE28A7-C4D3-49F6-B3CE-86EEBFB456F9] HTTP GET /lookup
[2024-08-15 22:13:53] [82EE28A7-C4D3-49F6-B3CE-86EEBFB456F9] HTTP 200 /lookup
[2024-08-15 22:13:53] Refreshing users data…
[2024-08-15 22:13:53] [AC754750-8356-430E-818C-F7DC409C2818] HTTP GET /users.json
[2024-08-15 22:13:53] Updating account profile data…
[2024-08-15 22:13:53] [8BBE1075-F093-4FC2-98F0-327ED82842E7] HTTP GET /users/7806d415-7542-4c89-a9a3-5ba476a563e5.json
[2024-08-15 22:13:53] [548D77F3-80B8-428E-8F19-78BA1419B65D] HTTP GET /img/avatar/user_medium.png
[2024-08-15 22:13:53] [AC754750-8356-430E-818C-F7DC409C2818] HTTPUnauthorized
DiagnosticsContext:
•HTTPUnauthorized OSFeatures/NetworkRequestExecutor.swift:465
[2024-08-15 22:13:53] Invalidating access token…
[2024-08-15 22:13:53] Requesting authorization…
[2024-08-15 22:13:53] [548D77F3-80B8-428E-8F19-78BA1419B65D] HTTP 200 /img/avatar/user_medium.png
[2024-08-15 22:13:53] [DB84E13A-A4AF-464E-A92E-58A42C795D7D] HTTP GET /img/avatar/user_medium.png
[2024-08-15 22:13:53] [DB84E13A-A4AF-464E-A92E-58A42C795D7D] HTTP 200 /img/avatar/user_medium.png
[2024-08-15 22:13:53] [8BBE1075-F093-4FC2-98F0-327ED82842E7] HTTPUnauthorized
DiagnosticsContext:
•HTTPUnauthorized OSFeatures/NetworkRequestExecutor.swift:465
[2024-08-15 22:13:53] Invalidating access token…
[2024-08-15 22:13:53] Requesting authorization…
[2024-08-15 22:13:54] Beginning importing account kit…
The Passbolt server is running with a valid SSL certificate (LetsEncrypt). The installation method used was the one pointed out here:
API from source:
The passbolt server is installed in a “Virtual Server” instance on Virtualmin. The base operating system is Ubuntu 22.04 LTS running Apache 2.4.52, PHP 8.1.2, and MariaDB 10.6.18.
I guess the weird thing about running it in Virtualmin is that if I create a new server called “passbolt.domain.com” and the username for the instance is “pbadmin”, then Apache is running under the username “pbadmin” for that Virtual Server instance. Virtualmin is setup to automatically request and renew LetsEncrypt certificates as long as the public DNS entry for that instance is pointing to that Virtualmin Server.
I mention this only because I didn’t have to su over to any other user. I was able to perform all the steps as the logged in virtual server user pbadmin. For example, I was able to run:
/home/pbadmin/public_html/bin/cake passbolt install
I did not have to run:
sudo su -s /bin/bash -c “/home/pbadmin/public_html/bin/cake passbolt install” pbadmin
Anyway, the install worked perfectly fine with a couple of hiccups:
- I needed to set the permissions on the jwt directory manually, generate the keys, and then remove write access to the jwt folder before installing.
chmod 750 config/jwt
./bin/cake passbolt create_jwt_keys
chmod -w config/jwt
Then I was able to run the install without any issues:
./bin/cake passbolt install
In the example here. All files within the public_html directory are owned by pbadmin and group pbadmin:
Healthchecks look good, and I am able to work without any issues Google, Edge, and Firefox browsers and plugins.
Here are the healthcheck results. Keep in mind that I corrected the username and real domain below:
pbadmin@ubuntu1:~/public_html$ ./bin/cake passbolt healthcheck
____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/Open source password manager for teams
Passbolt commands should only be executed as the web server user.
The command should be executed with the same user as your web server. By instance:
su -s /bin/bash -c “/home/pbadmin/public_html/bin/cake COMMAND” HTTP_USER
where HTTP_USER match your web server user: www-data, nginx, apache, httpHealthcheck shell
Environment
[PASS] PHP version 8.1.2-1ubuntu2.18.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.Config files
[PASS] The application config file is present
[PASS] The passbolt config file is presentCore config
[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.domain.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.SSL Certificate
[PASS] SSL peer certificate validates.
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate.SMTP settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /home/pbadmin/public_html/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /home/pbadmin/public_html/config/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.JWT Authentication
[PASS] The JWT Authentication plugin is enabled.
[PASS] The /home/pbadmin/public_html/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/pbadmin/.gnupg.
[PASS] The directory /home/pbadmin/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /home/pbadmin/public_html/config/passbolt.php and readable.
[PASS] The private key file is defined in /home/pbadmin/public_html/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /home/pbadmin/public_html/config/passbolt.php.
[PASS] The server public key defined in the /home/pbadmin/public_html/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.Application configuration
[FAIL] This installation is not up to date. Currently using 4.8.0 and it should be 4.9.1.
[HELP] See Update | Passbolt documentation.
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /home/pbadmin/public_html/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /home/pbadmin/public_html/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema up to date.Database
[PASS] The application is able to connect to the database
[PASS] 31 tables found.
[PASS] Some default content is present.[FAIL] 1 error(s) found. Hang in there!
pbadmin@ubuntu1:~/public_html$
Lastly I want to mention that I was on version 4.9.0 and had the same issue. I downloaded 4.8.0 to try because it was a stable release at the time that I know was working with my iOS app.
Any insight that you can provide would be appreciated and I’ll try and provide anything that you ask for.