Passbolt migration requires user to recover their account

I Migrated passbolt v2.12 from Ubuntu 18.04 to Ubuntu 20.04 using the migration guide offered by passbolt. The final version is 3.50. When i ran the healthcheck, all keys were okay. Only problem I had with ssl.
However, when i load the new setup ( after migration), it requires every user to recover their account.

Is there a way to avoid everyone doing recovery? Or is it an expected issue?

Thanks

I have noticed it’s an issue with plugin not connecting to my account. Plugin is greyed out and on clicking it redirects to passbolt home page.
I cannot understand why.

Hi @Blacky Welcome to the forum!

When changing from http to https it is handled like a different domain so users will need to perform an account recovery.

When the plugin/extension is greyed out that is because the user is not logged in. It may flash the colored version momentarily as it checks in with the server but then will go to grey. Once logged in, it should no longer be greyed out.

1 Like

Thank you

I enabled HTTPS. But still, it requests recovery. My issue was Is there any way to avoid users recovering their accounts after the update? Like a newly updated server to pick plugins automatically without requesting a recovery.

Hi @Blacky,

If you are changing your domain from HTTP to HTTPS , you will unlink the browser extension of all the users. As the extension is linked with an HTTP domain, if you move to HTTPS, it is like you are connecting to another passbolt instance, so it triggers an account recovery.

Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account .

Cheers,

Thank you @_jc and @garrett.
In the new update, I am updating HTTPS to HTTPS (I am only updating I didn’t edit anything SSL). I am updating the same server, which was installed from sources (v 2.x) to the current version. All is Okay. No errors when I run healthcheck. What I needed is, after the update, users should not be asked to recover.

Hi,

From my understanding, you were using HTTP. If your users have registered their extension to your server with HTTP, it is mandatory for them to perform an account recovery if you moved to HTTPS. Even if it is the same domain name and the same data.

Cheers,

@_jc

I have run several trials for upgrade. This is what i have

  1. A working passbolt on HTTPS (v 2.x)
  2. At first (when I asked the initial question), I had done a migration but did not export SSL certs.
  3. I repeated the migration this time with SSL, but still, it requested recovery.
  4. So I resorted to updating, where I took a snapshot and worked on an update. All went well except that after loading there was a blank page (which was an issue with the plugin, I guess). I cleared the cache and reloaded the page. I was prompted with the recovery page.
  5. I wanted to avoid recovery as we have many users.

Thank you.

@Blacky the plugin will not require a recovery if you kept the exact same URL, it is not affected by certificate changes. However If you switched from http:// to https:// it will require a recover. If you switch domain names https://domain to https://another it will require a recovery.

Most likely you experienced needing recover because you did many tests and changed the URLs associated with your webextension.

Thank @remy

My issue is now solved. Before running the update, i had not run the healthcheck first. So on running healthcheck on my existing passbolt, I found it had an issue with the URL not being accessed and resolved. Consequently, the SSL would not be validated correctly. I added the entry on /etc/hosts and rerun the healthcheck again where the issues were solved except for the old version of passbolt. I then proceeded with migration succesfully.