PB-34421 - App/users page not load

Installation Issues
1

Checklist
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi everyone,

I’m having a problem accessing the users page. It was working normally but I didn’t notice exactly when it stopped working. I saw that there are several users who have gone through the same situation but I’ve already tried the steps that worked for these users and it still didn’t work for me.

I currently use passbolt through docker, and I have a docker compose as I will explain below.

---- start compose file ----

version: “3.9”
services:
db:
image: mariadb:10.11
container_name: passbolt_db
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: “true”
MYSQL_DATABASE: “passbolt”
MYSQL_USER: “passbolt”
MYSQL_PASSWORD: “P4ssb0lt”
volumes:
- database_volume:/var/lib/mysql

passbolt:
image: passbolt/passbolt:latest-ce
container_name: passbolt
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: URL_HIDDEN
DATASOURCES_DEFAULT_HOST: “db”
DATASOURCES_DEFAULT_USERNAME: “passbolt”
DATASOURCES_DEFAULT_PASSWORD: “P4ssb0lt”
DATASOURCES_DEFAULT_DATABASE: “passbolt”
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
“/usr/bin/wait-for.sh”,
“-t”,
“0”,
“db:3306”,
“–”,
“/docker-entrypoint.sh”,
]
ports:
- 8080:80
- 4443:443
#Alternatively for non-root images:
# - 80:8080
# - 443:4433

volumes:
database_volume:
gpg_volume:
jwt_volume:

---- end compose file ----

Healthcheck

Environment

[PASS] PHP version 8.2.18.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to HIDDEN URL
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings

SSL Certificate

[WARN] SSL peer certificate does not validate.
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate.

SMTP settings

[PASS] The SMTP Settings plugin is enabled.
[FAIL] SMTP Setting errors: App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint(): Argument #1 ($fingerprint) must be of type string, null given, called in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 109
[WARN] The SMTP Settings source is: undefined.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled.
[FAIL] The /etc/passbolt/jwt/ directory should not be writable.
[HELP] You can try:
[HELP] sudo chown -Rf root:www-data /etc/passbolt/jwt/
[HELP] sudo chmod 750 /etc/passbolt/jwt/
[HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.key
[HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.pem
[PASS] A valid JWT key pair was found.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server OpenPGP key is not set.
[HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in /etc/passbolt/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc” www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
[FAIL] The private key cannot be used to decrypt a message
[FAIL] The private key cannot be used to decrypt and verify a message
[FAIL] The public key cannot be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (4.8.0).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] The self registration provider is: Email domain safe list.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema up to date.

Database

[PASS] The application is able to connect to the database
[PASS] 31 tables found.
[PASS] Some default content is present.

[FAIL] 11 error(s) found. Hang in there!

Can someone help me?

2

Hi @jean,

Can you do like describe here: Troubleshooting Docker | Passbolt documentation.

and before doing a healthcheck do a source /etc/environment then instead of a ./bin/cake passbolt healthcheck can you do ./bin/status-report that way we will have more information

Thanks a lot

3

I will update all the attempts I made here. And simulations.

I no longer think the problem is related to some incorrect configuration on our part, but rather some problem related to the browser extension. What I did was the following: We have a dedicated Passbolt server internally, but we decided to create another server in the cloud for better remote access and we started using it while the internal Passbolt was on standby. At the time, the user screen still worked normally, even on the cloud server, but it was before the last update of the extension. After this update to version 4.9.1 of the extension, after a while we noticed this problem of not opening the user screen and we started investigating if we had made some incorrect configuration.

Since I didn’t find anything, I decided as a last test to delete all the information and create a new server in Docker from scratch. After I created and added the first user, even without any information on the server, the same error occurred, the user screen didn’t open. So I decided to go back to using the internal server that was working, but when I did that, I saw that the same error also occurred. At that time, I was using Microsoft Edge along with the extension downloaded from the Edge extension store. However, on another computer that was still pointed to the internal server, the user screen was working normally, but in Google Chrome. So I tried doing the same on my machine and, to my surprise, it worked perfectly. So I believed that the problem was with the extension from the Edge store and decided to uninstall this extension from Microsoft Edge and download the extension from the Google Chrome store on Edge, and voilà, it worked!
So with that in mind, I went back to pointing my computer to Passbolt in the cloud and did the same procedures as before. Unfortunately, in this case, it still didn’t work. It’s still the same. So, since the server was created from scratch, without any information, and yet the same thing happens, I can only believe that the problem is really something with the Extension, since it has nothing to do with the server itself.

The server is currently on version 4.9.0 with the client 4.9.1.

Sorry for the length of the report, but it was necessary to explain everything I did so that you can understand the conclusion I reached. Now it remains to be seen whether the extension will work normally again when they update again. Until then, we will continue using the internal one that is working.

4

Hey there,

we have the same issue on multible instances - is there a solution?

5

Hello @maieredv.manuel,

Can you checkout the response of Max and give us more information about the status of the API?

6

Oh sorry, ive missed that, we are running our Instances directly installed on Debian 12 (installed via Script).

Here ist my Statuscheck output: mh-privatebin.vmd5888.de

7

Opening the output of the status report on third paty website is not something we consider safe. Please, could you share the full output in a direct post on this thread ?

1 Like
8

Aaaah ok, sorry …

i hope its ok this way:

root@passbolt:~# sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/status-report” www-data

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Passbolt CE 4.9.1
Cakephp 4.5.2
Linux passbolt 6.8.8-2-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.8-2 (2024-06-24T09:00Z) x86_64 GNU/Linux
PHP 8.2.20 (cli) (built: Jun 17 2024 13:33:14) (NTS)
mysql Ver 15.1 Distrib 10.11.6-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
gpg (GnuPG) 2.2.40
libgcrypt 1.10.1

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.2.20.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.vmd55888.de
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[WARN] SSL peer certificate does not validate.
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate
[WARN] Hostname does not match when validating certificates.
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate
[WARN] Using a self-signed certificate.
[HELP] Check Troubleshooting SSL/TLS | Passbolt documentation.
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate

SMTP settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.9.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema is up to date.

Database

[PASS] The application is able to connect to the database
[PASS] 31 tables found.
[PASS] Some default content is present.

[PASS] No error found. Nice one sparky!

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Cleanup shell (dry-run)

No issue found, data looks squeaky clean!

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Data check shell
[PASS] Data integrity for AuthenticationTokens.
[PASS] Can validate: 1868/1868
[PASS] Data integrity for Comments.
[PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
[PASS] Can validate: 23/23
[PASS] Data integrity for Gpgkeys.
[PASS] Can encrypt: 4/4
[PASS] Pass validation service checks: 4/4
[PASS] Entity data and armored key data matches: 4/4
[PASS] Is not expired: 4/4
[PASS] Is armored key format valid: 4/4
[PASS] Data integrity for Groups.
[PASS] Can validate: 0/0
[PASS] Data integrity for Profiles.
[PASS] Can validate: 5/5
[PASS] Data integrity for Resources.
[PASS] Can validate: 9164/9164
[PASS] Data integrity for Secrets.
[PASS] Can validate: 25264/25264
[PASS] Data integrity for Users.
[PASS] Can validate: 5/5

9

Everything seems good to me. I think that the issues may be somewhere else.

Do you see any errors on the passbolt container? docker logs passbolt-container-name

Also, do you see any errors in the console tab or any requests errors in the network tab of the browser extension logs? You can share the console errors as well as any failling request but do not share the HAR since it can contains sensitive information.

10

Sorry, we arent using docker.
My instances are running directly on debian 12 (installed via apt).

Console Errors as soon as i click on “Users-Tab”:

app.js:2 Uncaught (in promise) {stack: ‘PassboltBadResponseError: An internal error occurr…jhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:438026)’, message: ‘An internal error occurred. The server response co…not be parsed. Please contact your administrator.’, name: ‘PassboltBadResponseError’}message: "An internal error occurred. The server response could not be parsed. Please contact your administrator."name: "PassboltBadResponseError"stack: “PassboltBadResponseError: An internal error occurred. The server response could not be parsed. Please contact your administrator.\n at Ke.parseResponseJson (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:36995)\n at async ks.findAll (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:133680)\n at async Eo.findAll (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:222423)\n at async Eo.updateLocalStorage (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:221856)\n at async Ip.exec (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:435697)\n at async Ip._exec (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:435543)\n at async _. (chrome-extension://ljeppgjhohmhpbdhjjjbiflabdgfkhpo/index.min.js:2:438026)”[[Prototype]]: Objectconstructor: ƒ Object()assign: ƒ assign()create: ƒ create()defineProperties: ƒ defineProperties()defineProperty: ƒ defineProperty()entries: ƒ entries()freeze: ƒ freeze()fromEntries: ƒ fromEntries()getOwnPropertyDescriptor: ƒ getOwnPropertyDescriptor()getOwnPropertyDescriptors: ƒ getOwnPropertyDescriptors()getOwnPropertyNames: ƒ getOwnPropertyNames()getOwnPropertySymbols: ƒ getOwnPropertySymbols()getPrototypeOf: ƒ getPrototypeOf()groupBy: ƒ groupBy()hasOwn: ƒ hasOwn()is: ƒ is()isExtensible: ƒ isExtensible()isFrozen: ƒ isFrozen()isSealed: ƒ isSealed()keys: ƒ keys()length: 1name: "Object"preventExtensions: ƒ preventExtensions()prototype: {defineGetter: ƒ, defineSetter: ƒ, hasOwnProperty: ƒ, lookupGetter: ƒ, lookupSetter: ƒ, …}seal: ƒ seal()setPrototypeOf: ƒ setPrototypeOf()values: ƒ values()arguments: (…)caller: (…)[[Prototype]]: ƒ ()[[Scopes]]: Scopes[0]hasOwnProperty: ƒ hasOwnProperty()isPrototypeOf: ƒ isPrototypeOf()propertyIsEnumerable: ƒ propertyIsEnumerable()toLocaleString: ƒ toLocaleString()toString: ƒ toString()valueOf: ƒ valueOf()defineGetter: ƒ defineGetter()defineSetter: ƒ defineSetter()lookupGetter: ƒ lookupGetter()lookupSetter: ƒ lookupSetter()length: 1name: "lookupSetter"arguments: (…)caller: (…)[[Prototype]]: ƒ ()[[Scopes]]: Scopes[0]proto: (…)get proto: ƒ proto()set proto: ƒ proto()
(anonym) @ app.js:2
_onMessage @ app.js:2
(anonym) @ app.js:2

11

any news here? :frowning:
Saadly its still not working - are you need some more Infos?

12

Hello, sorry for the delay (:

Since you are not using Docker, I have some questions :

  • Do you see any errors in /var/log/passbolt/error.log ?
  • Are you the only one who cannot access the users page or all of your users are not able too?
  • Was it working previously or it never worked?
  • Do you have the same behavior on another browser ? This will involve performing an account recovery
  • How did you install passbolt ? Ideally if you can send me the link and all of the actions you may have taken.
13

Hey Antony,

no problem :slight_smile: Its not very urgent, but a strange problem.

  • var/log/passbolt/error.log is clean - no entrys.
  • Nope, no one can access the User Panel, ive running multible Instances, i have the Problem with all instances.
  • Worked without any Problem until some weeks Ago (im not every Day in the User Management, so i cant say exactly when its happend)
  • Ive tried it with Edge, Chrome and Firefox - always the same behaivior, loads forever and nothing happens.
  • Ive installled the instaces via this link: Install Passbolt on Debian 12 (Bookworm) | Passbolt documentation.
14

Did you made any changes in the database manually like, deleting a user or a group or a gpg key? That could be an explanation why you have that issue.
For example I see from your datacheck, 5 users and 4 gpgkeys, Does one user did not register or did you make any changes?

The error that you shared from the browser extension log should be also present on the server.

15

Ouh Sorry, now i didnt saw your response.

I think there is one User, that never finished the Setup.
But we dont changed anything manually, always via the Web UI.