Plugin-check gpg error and "Oops, something went wrong"when trying to login

hirantha · November 3, 2017, 11:34am

Hi,

I have the same issue highlighted here even though I followed these guides:

https://book.cakephp.org/2.0/en/installation/url-rewriting.html#pretty-urls-on-nginx

I noticed this http://10.1.200.93/auth/auth/verify and it gives plugin-check gpg error.

If I run curl http://10.1.200.93/auth/verify.json I get the following.
{"header":{"id":"49cadf37-0eaf-3689-a8f7-430b02908cac","status":"success","title":"app_auth_verify_success","servertime":1509704089,"message":null,"controller":"Auth","action":"verify"},"body":{"fingerprint":"12165C90BB8584E58E4DAF19B2C4B036B252BB7B","keydata":"-----BEGIN...

Server is CentOS v7/ Nginx 1.12 / php-7.1

This is only log entries that I get from nginx access.log file

172.16.10.2 - - [03/Nov/2017:17:00:02 +0530] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-"
172.16.10.2 - - [03/Nov/2017:17:00:02 +0530] "GET /auth/login HTTP/1.1" 200 1730 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-"
172.16.10.2 - - [03/Nov/2017:17:00:03 +0530] "POST /auth/verify.json HTTP/1.1" 200 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-"

Appreciate little support here.

hirantha · November 3, 2017, 11:35am

Here is my nginx config. and here is my passbolt healthcheck.

remy · November 3, 2017, 12:05pm

@hirantha which error message do you get and on which step? The initial github ticket is not clear.
Can you check in the browser logs if there are any network errors / error code on some specific calls?

hirantha · November 3, 2017, 12:21pm

Hi Remy,

This triggers when trying to login. Here I attached the screenshot on the landing page and right widget do not load and ask to “retry”.

When I enable the debug window, the plugin-check gpg error shows for GnuPG widget and please find the attached screenshot.

I don’t see any network errors nor application log errors from the server side.

remy · November 3, 2017, 12:25pm

Can you go to chrome://extensions/ and click on “inspect view” for the login page, that will show the extension log. Let’s see if there are information there.

hirantha · November 3, 2017, 12:38pm

Here what I can see. It gives Failed to load resource: the server responded with a status of 403 (Forbidden) and this not recored at nginx error log.

If I catch the GnuPG entry while fast refresh the browser, I can see it tries to connect http://10.1.200.93/auth/auth/verify which is not exist. I assume this is nginx rewrite rule issue but still I can’t get this sorted even check the CackePHP nginx guides.

Appreciate your support.

remy · November 3, 2017, 1:19pm

Alright i’ll try to redo the tutorial and see if I can reproduce the issue.

hirantha · November 3, 2017, 2:50pm

Hi Remy,

I found followings once I enabled debug on Nginx. It says there is no user associated with the key.

Server: Nginx/1.12.0
Date: Fri, 03 Nov 2017 14:28:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.10
X-GPGAuth-Version: 1.3.0
X-GPGAuth-Login-URL: /auth/login
X-GPGAuth-Logout-URL: /auth/logout
X-GPGAuth-Verify-URL: /auth/verify
X-GPGAuth-Pubkey-URL: /auth/verify
X-GPGAuth-Authenticated: false
X-GPGAuth-Progress: stage0
X-GPGAuth-Error: true
X-GPGAuth-Debug: There is no user associated with this key
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip

However, if I brows http://10.1.200.93/auth/verify.json following output prints

{
header: {
    id: "49cadf37-0eaf-3689-a8f7-430b02908cac",
    status: "success",
    title: "app_auth_verify_success",
    servertime: 1509720013,
    message: null,
    controller: "Auth",
    action: "verify"
    },
    body: {
    fingerprint: "12165C90BB8584E58E4DAF18B2C4B036B252BB7B",
    keydata: "-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuP...

title: "app_auth_verify_success", which means the key is valid?

Here is the complete log 2017/11/03 19:58:09 [debug] 25571#25571: *12 http keepalive handler2017/11/03 - Pastebin.com

Appreciate your support.

remy · November 4, 2017, 7:07am

Actually a GET /auth/verify.json only display the public key of the server. See Passbolt Help | Authentication in passbolt

The “There is no user associated with this key” is more interesting it means that when the client is sending the user fingerprint the server cannot find the key and/or the user associated with it.

How did you perform the setup? Did you import and existing key or generate a new one?

Can you try creating a new user and following the setup again to see if you get the same error?

hirantha · November 6, 2017, 9:04am

Hi Remy,

I have created a new one initially.

Again, I created another user and same plugin-check error fired.

Can I reinstall the server and send you the details that I followed and see whether it appears again?

remy · November 6, 2017, 9:06am

Yes that would help, we’ve tried to reproduce the issue but we couldn’t so far.

hirantha · November 6, 2017, 3:31pm

Hi remy,

It works on the new machine; maybe I had configuration errors on previous setup.

We started evaluating it for our dev/test environments and hope to see rest of the features soon.