[Resolved] Cannot login after migration to debian package (3.6.0-1)

I have been following this guide to migrate from the git-based installation the debian package and upgrade at the same time from 2.x to the latest version.

The upgrade process went smoothly, no errors reported there (apart from a note on avatar images not found during db migrations).

However, after finishing the upgrade, I’m unable to log in. In one browser, the window just stays “blank” with no console errors at all. In a private browsing window, I’m seeing an error message similar to this thread only that I am on chromium 103, not firefox. Opening this new thread as recommended by @remy .

Something went wrong.
The operation failed with the following error:

Could not verify the server key. x-gpgauth-authenticated should be set to false during the verify stage

I checked the headers and the x-gpgauth-authenticated is set to false.

In the server logs however, I can see the following line if I try to log in using the tab that is not in private browsing mode:

2022-07-04 08:07:54 error: [Cake\Routing\Exception\MissingRouteException] A route matching “/auth/checksession.json” could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /auth/checksession.json

This does not happen for the private browsing mode where I’m seeing the x-gpgauth-authenticated error.

I was able to log back in using the following steps:

  1. Disable the extension
  2. Delete all passbolt related cookies
  3. Reload the page
  4. Go through the account recovery process

I’m happy that works and I can only hope that everyone on our team has properly saved their private key as they were supposed to…

Hi @kwisatz

Thanks for joining passbolt community forum, I am glad to read you were able to fix your issue and successfully migrated from 2.x on sources to latest version with our Debian package.

Yes, it is very important for each user to save their private key in a safe place, otherwise they won’t be able to recover their account and non-shared passwords will be lost.

Did you ever hear about last account recovery PRO feature ? You can watch a youtube video here: Account recovery - YouTube

Don’t hesitate to ask if you have further questions.