Testing of Mobile application registration on docker integration

Hello,

Testing of Mobile application registration on docker integration

  • Docker server is ubuntu
  • Mobile app is iOS version

Behavior observed:
When trying to input the credential on my smartphone after having valided the pairing JWT the mobile app sign in is failing.
When checking unhidden the credential in the field, the credential seems correct.
And no error is displayed in the logs

Reproducing behavior:
1- Enabling JWT for Mobile tokens creation in docker : OK / Easy
2- Pairing user account in Passbolt:

  • Opening Mobile section requested to input credentials
  • Validated credentials
  • Clicked on Start pairing displayed the 1st QR code generated
  • Opened mobile app and clicked on Scan QR code started to scan each QR code generated with datas transfered to mobile
  • Finished correctly to scan QR codes displayed the login screen in mobile app
  • Tried to input credentials but is answering “Sign in failed”

Healthcheck:
____ __ ____
/ __ ____ _____ / / ____ / / /
/ /
/ / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

A JWT key pair was successfully created.
Public key path: /etc/passbolt/jwt/jwt.pem
Secret key path: /etc/passbolt/jwt/jwt.key

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.4.25.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.xxxxx.fr:4443
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

Application configuration

[PASS] Using latest passbolt version (3.3.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

[PASS] No error found. Nice one sparky!

Logs:

10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “POST /auth/login.json?api-version=v2 HTTP/2.0” 200 4703 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
2021-11-21 18:57:08,077 INFO reaped unknown pid 392 (exit status 0)
2021-11-21 18:57:08,078 INFO reaped unknown pid 394 (exit status 0)
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /app/settings/mobile HTTP/2.0” 200 1158 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /auth/is-authenticated.json HTTP/2.0” 200 338 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /resources.json?api-version=v2 HTTP/2.0” 200 177548 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /resources.json?api-version=v2 HTTP/2.0” 200 177548 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /auth/is-authenticated.json HTTP/2.0” 200 338 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /resources.json?api-version=v2 HTTP/2.0” 200 177548 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:08 +0000] “GET /auth/is-authenticated.json HTTP/2.0” 200 338 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /auth/is-authenticated.json HTTP/2.0” 200 338 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /account/settings.json?api-version=v2 HTTP/2.0” 200 1104 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /settings.json?api-version=v2 HTTP/2.0” 200 4062 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /users/9242a3a2-384f-48a8-a13e-679969badf4e.json?api-version=v2&contain%5Bprofile%5D=1 HTTP/2.0” 200 4761 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /resource-types.json?api-version=v2 HTTP/2.0” 200 5023 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:09 +0000] “GET /roles.json?api-version=v2 HTTP/2.0” 200 1385 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:45 +0000] “POST /mobile/transfers.json?api-version=v2 HTTP/2.0” 200 1260 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:46 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:46 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:46 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:47 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:47 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:47 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:48 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:48 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:48 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:49 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:49 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:49 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:50 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:50 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:50 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:51 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:51 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:52 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:52 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:52 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:52 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:53 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:53 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:53 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:54 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:54 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:54 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:55 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:55 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:55 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 901 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:56 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
2021-11-21 18:57:56,294 INFO reaped unknown pid 397 (exit status 0)
2021-11-21 18:57:56,294 INFO reaped unknown pid 399 (exit status 0)
10.0.0.23 - - [21/Nov/2021:18:57:56 +0000] “PUT /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971/104289ba-02a2-4743-9eb4-fcb959db290f.json?contain%5Buser.profile%5D=1 HTTP/2.0” 200 1999 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
10.0.0.27 - - [21/Nov/2021:18:57:56 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:56 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:57 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:57 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:57 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.23 - - [21/Nov/2021:18:57:58 +0000] “PUT /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971/104289ba-02a2-4743-9eb4-fcb959db290f.json HTTP/2.0” 200 930 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
2021-11-21 18:57:58,199 INFO reaped unknown pid 402 (exit status 0)
2021-11-21 18:57:58,199 INFO reaped unknown pid 404 (exit status 0)
10.0.0.27 - - [21/Nov/2021:18:57:58 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:58 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:58 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:59 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:59 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:57:59 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.23 - - [21/Nov/2021:18:58:00 +0000] “PUT /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971/104289ba-02a2-4743-9eb4-fcb959db290f.json HTTP/2.0” 200 930 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
2021-11-21 18:58:00,232 INFO reaped unknown pid 407 (exit status 0)
2021-11-21 18:58:00,232 INFO reaped unknown pid 409 (exit status 0)
10.0.0.27 - - [21/Nov/2021:18:58:00 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:00 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:00 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:01 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:01 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:01 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 907 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.23 - - [21/Nov/2021:18:58:02 +0000] “PUT /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971/104289ba-02a2-4743-9eb4-fcb959db290f.json HTTP/2.0” 200 927 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
2021-11-21 18:58:02,082 INFO reaped unknown pid 430 (exit status 0)
2021-11-21 18:58:02,082 INFO reaped unknown pid 432 (exit status 0)
10.0.0.27 - - [21/Nov/2021:18:58:02 +0000] “GET /mobile/transfers/41cc49c6-e7cb-41b2-99e2-0a9389eda971.json?api-version=v2 HTTP/2.0” 200 904 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.27 - - [21/Nov/2021:18:58:08 +0000] “GET /auth/is-authenticated.json HTTP/2.0” 200 338 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36”
10.0.0.23 - - [21/Nov/2021:18:58:31 +0000] “GET /auth/jwt/rsa.json HTTP/2.0” 500 349 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
2021-11-21 18:58:31,343 INFO reaped unknown pid 436 (exit status 0)
2021-11-21 18:58:31,343 INFO reaped unknown pid 437 (exit status 0)
2021-11-21 18:58:31,344 INFO reaped unknown pid 441 (exit status 0)
2021-11-21 18:58:31,344 INFO reaped unknown pid 440 (exit status 0)
10.0.0.23 - - [21/Nov/2021:18:58:31 +0000] “GET /auth/verify.json HTTP/2.0” 200 2229 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”
10.0.0.23 - - [21/Nov/2021:19:43:19 +0000] “GET /auth/jwt/rsa.json HTTP/2.0” 500 349 “-” “Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0”

Using these commands at the end of Docker container run:
docker exec passbolt su -s /bin/bash -c ‘sed -i -E “s/(server_name )_/\1xxxx.fr passbolt.xxxx.fr/” /etc/nginx/sites-available/default’
docker exec passbolt su -s /bin/bash -c “sed -i -E “s/(listen\s+[::]:)443/\1${NGINX_PORT}/” /etc/nginx/snippets/passbolt-ssl.conf”
docker exec passbolt su -s /bin/bash -c “sed -i -E “s/(listen\s+)443/\1${NGINX_PORT}/” /etc/nginx/snippets/passbolt-ssl.conf”

We will release a new version next week with the following items:

  • Dark theme for the full app
  • Create / Edit / Delete passwords from the app
  • Various small UI bug fixes
  • Enrich logs

So basically with the latest point and if you have a mac, you would be able to connect your phone and use the Console.app to have more logs.

Several people seems to have an issue during the login phase and its still not clear to us what can cause the error.

@yle are you accessing the passbolt container directly or via a reverse proxy? Can you precise the type of SSL certificate that you have (self-signed, save on device, letsencript)?
Also, the logs that you shared are from nginx, any luck from the PHP logs?

@yle, like it is precise on the repo, can you try to set the env var APP_FULL_BASE_URL (passbolt_docker/README.md at master · passbolt/passbolt_docker · GitHub) with the port like
docker run --name passbolt
-p 80:80
-p 443:8089
-e DATASOURCES_DEFAULT_HOST=<mariadb_container_host>
-e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password>
-e DATASOURCES_DEFAULT_USERNAME=<mariadb_user>
-e DATASOURCES_DEFAULT_DATABASE=<mariadb_database>
-e APP_FULL_BASE_URL=https://mydomain.com:8089
passbolt/passbolt:latest-ce

or use the docker-compose.yml and set the APP_FULL_BASE_URL via an env file

Accessing the passbolt container directly with the port binding -p 4443:443

SSL certificates used is letsencrypt with access to certificates from
–mount type=bind,source="$(pwd)"/certs,target=/etc/ssl/certs,bind-propagation=shared
–mount type=bind,source="$(pwd)"/letsencrypt,target=/etc/letsencrypt,bind-propagation=shared \

Did new tests and got once
root@passbolt:/usr/share/php/passbolt/bin# cat /var/log/passbolt/cli-error.log
2021-11-22 05:44:26 Warning: Warning (512): SplFileInfo::openFile(/var/lib/passbolt/tmp/cache/persistent/myapp_cake_core_translations.default.en_UK): failed to open stream: Permission denied in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2021-11-22 05:44:26 Warning: Warning (512): SplFileInfo::openFile(/var/lib/passbolt/tmp/cache/persistent/myapp_cake_core_translations.default.en_UK): failed to open stream: Permission denied in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2021-11-22 05:44:26 Warning: Warning (512): SplFileInfo::openFile(/var/lib/passbolt/tmp/cache/models/myapp_cake_model_default_organization_settings): failed to open stream: Permission denied in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2021-11-22 05:44:26 Warning: Warning (512): SplFileInfo::openFile(/var/lib/passbolt/tmp/cache/models/myapp_cake_model_default_organization_settings): failed to open stream: Permission denied in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2021-11-22 05:44:27 Warning: Warning (2): file_get_contents(/etc/passbolt/jwt/jwt.pem): failed to open stream: Permission denied in [/usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]

I don’t see any PHP logs. Is the logs in /var/log/php7.4-fpm.log ? seems linked to stderr

Will try to collect logs from mobile.

@max
New test pairing with iOS mobile syslog file.
iOS Passbolt mobile app syslogs

Same behavior issue when trying to sign in from Mobile app.

@max

Runned a new test pairing today and got this log response at signin from nginx logs (if it can help):

10.0.0.27 - - [23/Nov/2021:15:33:51 +0000] "GET /mobile/transfers/2aea68fe-0d05-41ed-bcfe-2d495342eaa9.json?api-version=v2 HTTP/2.0" 200 904 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.23 - - [23/Nov/2021:15:34:13 +0000] "GET /auth/jwt/rsa.json HTTP/2.0" 500 349 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"
2021-11-23 15:34:13,356 INFO reaped unknown pid 328 (exit status 0)
2021-11-23 15:34:13,357 INFO reaped unknown pid 330 (exit status 0)
10.0.0.23 - - [23/Nov/2021:15:34:13 +0000] "GET /auth/verify.json HTTP/2.0" 499 0 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"
2021/11/23 15:34:13 [info] 149#149: *46 client canceled stream 9 while sending request to upstream, client: 10.0.0.23, server: _, request: "GET /auth/verify.json HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "passbolt.xxxx.fr:4443"

Hi @yle :wave:

Many thanks for your logs. We got feedbacks from some other iOS users who are unable to connect too. A new iOS release will be shipped soon with some new features, but also with more debugging on this part.

We will keep you informed here as soon as it will be ready on Apple store.

Many thanks for your help ! :hugs:

Welcome.

Another test:

  • Installed a new docker container from scratch with blank DB
  • Tried a new pairing with the mobile iOS

Result:
Same behavior issue

10.0.0.4 - - [24/Nov/2021:00:17:08 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:08 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:09 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:09 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:09 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:09 +0000] "GET /auth/is-authenticated.json HTTP/2.0" 200 338 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
2021-11-24 00:17:09,800 INFO reaped unknown pid 802 (exit status 0)
10.0.0.23 - - [24/Nov/2021:00:17:09 +0000] "PUT /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20/e637745e-f4e4-4aca-8f40-d37d548cc025.json HTTP/2.0" 200 971 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"
2021-11-24 00:17:09,895 INFO reaped unknown pid 804 (exit status 0)
10.0.0.4 - - [24/Nov/2021:00:17:10 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:10 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:10 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:11 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.4 - - [24/Nov/2021:00:17:11 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 948 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.23 - - [24/Nov/2021:00:17:11 +0000] "PUT /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20/e637745e-f4e4-4aca-8f40-d37d548cc025.json HTTP/2.0" 200 968 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"
2021-11-24 00:17:11,781 INFO reaped unknown pid 807 (exit status 0)
2021-11-24 00:17:11,782 INFO reaped unknown pid 809 (exit status 0)
10.0.0.4 - - [24/Nov/2021:00:17:11 +0000] "GET /mobile/transfers/84d051c0-dd42-42ae-a867-2ef01d840d20.json?api-version=v2 HTTP/2.0" 200 945 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
10.0.0.23 - - [24/Nov/2021:00:17:37 +0000] "GET /auth/verify.json HTTP/2.0" 200 2270 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"
10.0.0.23 - - [24/Nov/2021:00:17:37 +0000] "GET /auth/jwt/rsa.json HTTP/2.0" 500 349 "-" "Passbolt/1634501321 CFNetwork/1240.0.4 Darwin/20.6.0"

@yle we release a fix on the login, can you make a try and tell us if you still have login issue?

Hello @max

New test done.

  • Replaced the passolt container with the new latest Passbolt release
  • Updated the last iOS app version on the smartphone (iPhone X with sw version 14.8.1)

Same behavior “Signin failed” with the signin after pairing the smartphone with mobile configuration feature.

iOS mobile logs

Container passbolt logs

@yle I can see a 500 on /auth/jwt/rsa.json
Are you sure that you have correctly created your JWT key pair?
Please run a healthcheck:

runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt healthcheck

And look for the JWT section (FYI JWT keys are located under /etc/passbolt/jwt)

Let me know,
Max

@max Yes i have a JWT key pair correctly created.

root@passbolt:/usr/share/php/passbolt# ls -l /etc/passbolt/jwt
total 8
-rw-r--r-- 1 root root 3272 Dec  2 15:04 jwt.key
-rw-r--r-- 1 root root  800 Dec  2 15:04 jwt.pem

But i have 2 differents healthcheck results depending on the user launching the command:

  • runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt healthcheck
    result:
root@passbolt:/usr/share/php/passbolt# runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt healthcheck

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell........Warning Error: file_get_contents(/etc/passbolt/jwt/jwt.pem): failed to open stream: Permission denied
In [/usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]

2021-12-02 15:12:32 Warning: Warning (2): file_get_contents(/etc/passbolt/jwt/jwt.pem): failed to open stream: Permission denied in [/usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]

-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.25.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.lidie.fr:4442
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server OpenPGP key is not set
 [HELP] Create a key, export it and add the fingerprint to config/passbolt.php
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
 [HELP] Double check the key fingerprint, example:
 [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
 [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.

 Application configuration

 [PASS] Using latest passbolt version (3.3.1).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [FAIL] The /etc/passbolt/jwt/ directory is writable
 [HELP] You can try:
 [HELP] sudo chown -R www-data:www-data /etc/passbolt/jwt/
 [HELP] sudo chmod 444 /etc/passbolt/jwt/
 [FAIL] A valid JWT key pair is missing
 [HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:
 [HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys" www-data

 [FAIL] 6 error(s) found. Hang in there!
  • root@passbolt:/usr/share/php/passbolt/bin/cake passbolt healthcheck --application --configFiles --core --database --environment --ssl --jwt
    result:
root@passbolt:/usr/share/php/passbolt# ./bin/cake passbolt healthcheck --application --configFiles --core --database --environment --ssl --jwt

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.25.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.lidie.fr:4442
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 Application configuration

 [PASS] Using latest passbolt version (3.3.1).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [PASS] No error found. Nice one sparky!

Yes, that’s your issue, the command that I sent is to execute the command as the user www-data
This user will from the ls command on /etc/passbolt/jwt that you sent can’t read the key.
In the blog article there was two commands:

sudo chown www-data:www-data /etc/passbolt/jwt/
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys" www-data

First one is to give the ownership of the folder to the www-data user
The second, that could also be

runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys

Is creating the keys with www-data user as owner.

Can you:

  • Delete your keys
  • Recreate them with the command that I shared
  • Test again

@max

Deleted the keys

and executed the following but it does not succeed to create the keys with user www-data

root@passbolt:/usr/share/php/passbolt# chmod 664 /etc/passbolt/jwt/
root@passbolt:/usr/share/php/passbolt# runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
The JWT private key could not be written.
root@passbolt:/usr/share/php/passbolt# ls -l /etc/passbolt
total 128
drwxr-x--- 2 root     www-data  4096 Nov 24 14:47 Migrations
drwxr-xr-x 2 www-data www-data  4096 Dec  2 15:04 Seeds
-rw-r----- 1 root     www-data 18421 Nov 24 14:35 app.default.php
-rw-r----- 1 root     www-data 18421 Nov 24 14:36 app.php
-rw-r----- 1 root     www-data  6189 Nov 24 14:35 bootstrap.php
-rw-r----- 1 root     www-data   886 Nov 24 14:35 bootstrap_cli.php
-rw-r----- 1 root     www-data    65 Nov 24 14:35 bootstrap_plugins.php
-rw-r----- 1 root     www-data 11798 Nov 24 14:36 default.php
-rw-r----- 1 root     www-data  1465 Nov 24 14:35 file_storage.php
drwxrwxr-x 2     1000     1000  4096 Nov 20 23:01 gpg
drw-rw-r-- 2 www-data www-data  4096 Dec  2 15:41 jwt
-rw-r----- 1 root     www-data  5601 Nov 24 14:35 passbolt.default.php
-rw-r----- 1 root     www-data  2642 Nov 24 14:36 paths.php
-rw-r----- 1 root     www-data  1328 Nov 24 14:35 requirements.php
-rw-r----- 1 root     www-data 14237 Nov 24 14:35 routes.php
drwxr-x--- 2 root     www-data  4096 Nov 24 14:47 schema
-rw-r----- 1 root     www-data   106 Nov 24 14:35 version.php
root@passbolt:/usr/share/php/passbolt# ls -l /etc/passbolt/jwt
total 0
root@passbolt:/usr/share/php/passbolt# su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys" www-data

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
The JWT private key could not be written.
root@passbolt:/usr/share/php/passbolt# runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
The JWT private key could not be written.
root@passbolt:/usr/share/php/passbolt# ls -la /etc/passbolt/jwt/
total 8
drw-rw-r-- 2 www-data www-data 4096 Dec  2 15:41 .
drwxrwx--- 1 root     www-data 4096 Dec  2 15:04 ..

@max

I finally found my mistake !
This is working properly now, i am able to signin with the mobile pairing.

I had to fix these lines after the docker run container:

+ sleep 10
+ docker exec passbolt_v3 su -s /bin/bash -c 'mkdir -m=770 -p /etc/passbolt/jwt'
+ docker exec passbolt_v3 su -s /bin/bash -c 'chown -R www-data:www-data /etc/passbolt/jwt/'
+ docker exec passbolt_v3 su -s /bin/bash -c '/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys' www-data
1 Like

Hi @yle ,

As the mobile feature is still in beta, it is not yet fully integrated with the docker image. You should create a new docker volume to store the jwt keys, as we recommend also for GPG keys.
Because with your modification, each time your container will restart, new jwt keys will be created and your mobile users will be logged out.

Best

1 Like