It appears that my locally hosted Passbolt freezes at login page when internet is not available, although my DNS local server resolves it correctly to local LAN address.
I found the root cause in src/Model/Validation/EmailValidationRule.php : the function rule() times out and the caller throws an Exception.
I made a local dirty fix on my installation by having the function returning unconditionnally true, but I’m sure I will find here how to fix the problem properly .
public function rule($value, $context): bool
{
$deep = $this->skipMxCheck ? false : Configure::read(self::MX_CHECK_KEY);
$regex = $this->skipRegexCheck ? null : Configure::read(self::REGEX_CHECK_KEY);
if ($regex !== null && !is_string($regex)) {
throw new InternalErrorException(__('The regular expression should be a valid string.'));
}
/** DIRTY FIX */
return true;
/**return Validation::email($value, $deep, $regex);*/
}
Hey @farfade, can you confirm if you’ve set passbolt.email.validate.mxconfiguration to true (false by default)? When this configuration is set to true it will try to lookup/check the MX and DNS records for the email. I suspect that’s why it’s timing out. You can set passbolt.email.validate.mxconfiguration in your config/passbolt.php file to false (or set PASSBOLT_EMAIL_VALIDATE_MX environment variable) and see if it fixes your issue.
You are right, email.validate.mx is set to true in my passbolt.php
But switching it to false generates a warning in the healthchecks
Wouldn’t it worth it managing better the passbolt behaviour for failing gracefully in validating mx, but without failing the whole application by timeout ?
Glad it got resolved. Regarding healthcheck, it’s fine since you are not exposing the instance publicly it’s acceptable.
Wouldn’t it worth it managing better the passbolt behaviour for failing gracefully in validating mx, but without failing the whole application by timeout ?
This is exactly why this configuration exist as some people like to have strict validation where MX / DNS lookup is involved. We will consider your feedback and see if we can improve this behaviour in the future.
In fact I’m exposing it to internet, so I appreciate MX validation. But when the internet connection is down, I would also appreciate keeping basic access from LAN.
Should I open an improvement request on git ?
I think for your use case it’s better to just set MX validation to false. In fact considering people are invited by admins to join MX validation doesn’t add much in terms of security. It’s a framework default, which I believe is made to prevent people to register without valid emails, in passbolt case, its an unlikely use case.
.
