Search and grouping problems after upgrade

Installation Issues
1

We have upgrade our 1.6.9 (initial installation) to 1.6.10 and then upgrade centos from 7.4 to 7.5 and passbolt from 1.6.0 to 2.0.7.

All looks good but after the upgrade there are two problems:

  1. Not all items from a group are shown as used the ‘filter by groups’ option
  2. all inputs in the search field would select all items ~ there is no filtering

I see in my health check that we have 19 tables in database but normally the posts are show 23 db tables.

Here my db table list:

±-----------------------------+
| Tables_in_passbolt |
±-----------------------------+
| authentication_tokens |
| burzum_file_storage_phinxlog |
| comments |
| email_queue |
| email_queue_phinxlog |
| favorites |
| file_storage |
| gpgkeys |
| groups |
| groups_users |
| permissions |
| phinxlog |
| profiles |
| resources |
| roles |
| secrets |
| user_agents |
| users |
| users_resources_permissions |
±-----------------------------+

Any idea how to solve it? Thank You

Installation:

  • centos 7.4 -> centos 7.5
  • mariadb-server-5.5.56-2.el7.x86_64
  • nginx-1.13.12-1.el7_4.ngx.x86_64
  • php70w-fpm-7.0.29-1.w7.x86_64
  • passbolt 1.6.9 -> 1.6.10 -> 2.0.7

bash-4.2$ bin/cake passbolt healthcheck

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.0.29.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://passbolt1.lnwsoft.corp
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 19 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/cache/nginx/.gnupg.
[PASS] The directory /var/cache/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The public key can be used to sign a message.
[PASS] The public key can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.0.7).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

1 error(s) found. Hang in there!

2

@mebersbach the correct number of tables for the community edition is 18 (more if you are on pro). You have actually users_resources_permissions that should have been dropped but wasn’t, maybe because your database user running the migration didn’t have the permission to drop this view.

You can also check/fix for database integrity issues by running:

./bin/cake passbolt cleanup

Please check for any errors in the browser console, your two issues seems to be related to the front end, there might be some hints there.

3

The cleanup runs with this output:

bash-4.2$ bin/cake passbolt cleanup

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Cleanup shell (delete mode)

3 orphan records deleted in table Permissions (soft deleted resources)
3 orphan records deleted in table Secrets (soft deleted users)
3 orphan records deleted in table Secrets (soft deleted resources)
9 issues fixed!
bash-4.2$ bin/cake passbolt cleanup

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Cleanup shell (delete mode)

No issue found, data looks squeaky clean!

The grants are:
MariaDB [passbolt]> show grants for ‘passbolt’@‘localhost’;
±----------------------------------------------------------------------------------------------------------------+
| Grants for passbolt@localhost |
±----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO ‘passbolt’@‘localhost’ IDENTIFIED BY PASSWORD ‘*****************************************’ |
| GRANT ALL PRIVILEGES ON passbolt.* TO ‘passbolt’@‘localhost’ |
±----------------------------------------------------------------------------------------------------------------+

After cleanup the behavior is the same also after a server restart. The mentioned table was not deleted. It contains 1248 entries.

There is no error reported from browser (exceept the unsecure protocoll) and the logs/error.log shows no errors. The Frontend behavior is the same with actaul chrome and firefox. How can I check the correct installation and/or the root cause for my problem?

4

@mebersbach the cleanup function will not drop the view, you need to do it manually (as should have happened already during migration).

How can I check the correct installation and/or the root cause for my problem?

This would require further investigation, but I do not have access to your data set to do it. Try to find a way we could use to reproduce the issue and we can have a look. Otherwise consider purchasing professional support so we can get on a call with you.

5

I’ve tried to work with other versions (2.0.0 & 2.0.5) but the result is the same.

My browser console gives the following errors and warnings:

Controller id is defined by options and by template, the template id will be overriden by the option id.
passbolt.js:3:462466
TypeError: Port “000” is not a valid port
steal.production.js:3:800923

Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 14. The default protections will be applied.
passbolt.js:3 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user’s experience. For more help, check https://xhr.spec.whatwg.org/.
send @ passbolt.js:3
166passbolt.js:3 Controller id is defined by options and by template, the template id will be overriden by the option id.
init @ passbolt.js:3
passbolt.js:3 Uncaught TypeError: Port “000” is not a valid port
at Function.a.ensureValidPort (passbolt.js:3)
at Function.a.parseHost (passbolt.js:3)
at Function.a.parseAuthority (passbolt.js:3)
at Function.a.parse (passbolt.js:3)
at a.v.href (passbolt.js:3)
at new a (passbolt.js:3)
at a (passbolt.js:3)
at u.safeUri (passbolt.js:3)
at Object.eval (passbolt.js:3)
at t.getValueAndBind (passbolt.js:3)

Is this a hint?

Furthermore I’ve read the following issue:

At my database the same problem with character_set_name | collation_name exists.
Afterwards I’ve checked my database backups (holland-backup) and the the size of backup was 1,8 MB before Upgrade and only 725 KB after the upgrade.
Is there really such a great difference in the stored data???

Please give further advice, Thanks!

6

That’s very possibly the root cause of your problem. Try to change the collation / charset so that it’s the same everywhere. Normally the migration script does this for you, but in your case maybe the database user does not have the right to do it, or the utf8mb4 charset is not supported by your database.

Yes, we dropped some tables and optimized the schema for v2, most notably the controller_log table, as we will introduce a new audit log system that is less data hungry in the future.

7

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.