Unable to complete iOS mobile setup

sr-oct · April 22, 2023, 10:34am

I already installed the iOS app in the beta and it worked then. I was very pleased! It’s great that you were able to build the feature after we talked about it at a MeetUP event in Mannheim.
Unfortunately, since the beta ended, the app no longer works.
Could it be that, between beta and final, something in my app or in the config was destroyed.
If I log the URL’s directly on the web server, I get well-formed JSON data.
With every new version I try again and again. Unfortunately without being able to access my entries on the go again. Very unfortunate

Env: Apache & PHP-FPM 8.1

Conf:
    /**
     * DEFAULT PASSBOLT CONFIGURATION
     *
     * This is the default configuration.
     * It enforces the use of ssl, and does not provide a default OpenPGP key.
     * If your objective is to try passbolt quickly for evaluation purpose, and security is not important
     * you can use the demo config example provided in the next section below.
     */
    'passbolt' => [

        'plugins' => [
            'mobile' => [
                'enabled' => true
            ],
            'jwtAuthentication' => [
                'enabled' => true
            ],
        ],

LOG:

Passbolt:
Device: iPhone iPhone
OS: 16.4.1
App: 1.13.0
[...]
[2023-04-22 10:13:22] Beginning authorization...
[2023-04-22 10:13:22] ...refreshing access token...
[2023-04-22 10:13:22] [4E7E6E80-9651-4F6D-9CE9-2F8B64874092] HTTP POST /auth/jwt/refresh.json
[2023-04-22 10:13:22] [4E7E6E80-9651-4F6D-9CE9-2F8B64874092] HTTP 200 /auth/jwt/refresh.json
[2023-04-22 10:13:22] ...authorization succeeded!
[2023-04-22 10:13:22] Updating account profile data...
[2023-04-22 10:13:22] [B5AB9B78-6350-4D50-BC54-1FF6EAE13BE0] HTTP GET /users/90d2117a-bbe6-407b-a650-eec215b5ec3e.json
[2023-04-22 10:13:22] [B5AB9B78-6350-4D50-BC54-1FF6EAE13BE0] HTTP 200 /users/90d2117a-bbe6-407b-a650-eec215b5ec3e.json
[2023-04-22 10:13:22] ...account profile data updated!
[2023-04-22 10:13:29] Refreshing users data...
[2023-04-22 10:13:29] [8EE0AEE8-E014-49FB-9163-5FD8002C1D85] HTTP GET /users.json
[2023-04-22 10:13:29] [8EE0AEE8-E014-49FB-9163-5FD8002C1D85] HTTP 200 /users.json
[2023-04-22 10:13:29] ...users data refresh finished!
[2023-04-22 10:13:29] Refreshing user groups data...
[2023-04-22 10:13:29] [24A733E4-2A4A-42A5-92EE-8445E67AA7C8] HTTP GET /groups.json
[2023-04-22 10:13:29] [24A733E4-2A4A-42A5-92EE-8445E67AA7C8] HTTP 200 /groups.json
[2023-04-22 10:13:29] ...user groups data refresh finished!
[2023-04-22 10:13:29] Refreshing folders data...
[2023-04-22 10:13:29] [2F0FFF43-FFEA-491F-A9E6-BD0E0DDBCB37] HTTP GET /folders.json
[2023-04-22 10:13:29] [2F0FFF43-FFEA-491F-A9E6-BD0E0DDBCB37] HTTP 200 /folders.json
[2023-04-22 10:13:29] ...folders data refresh finished!
[2023-04-22 10:13:29] Refreshing resources data...
[2023-04-22 10:13:29] [7B6C13D2-E041-44D2-B01D-132094B70E81] HTTP GET /resource-types.json
[2023-04-22 10:13:29] [7B6C13D2-E041-44D2-B01D-132094B70E81] HTTP 200 /resource-types.json
[2023-04-22 10:13:29] [E2C7F35D-3B65-491D-BBF2-731A81C5CBB3] HTTP GET /resources.json
[2023-04-22 10:13:29] [E2C7F35D-3B65-491D-BBF2-731A81C5CBB3] HTTP 200 /resources.json
[2023-04-22 10:13:29] Failed to decode bad request response
[2023-04-22 10:13:29] ...resources data refresh failed!

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------

Passbolt commands should only be executed as the web server user.

The command should be executed with the same user as your web server. By instance:
su -s /bin/bash -c "/homes/octlabs/passbolt.octlabs.com/passbolt/bin/cake COMMAND" HTTP_USER
where HTTP_USER match your web server user: www-data, nginx, apache, http

 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 8.1.7.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.octlabs.com
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 30 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /homes/octlabs/.gnupg.
 [PASS] The directory /homes/octlabs/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in {...}/passbolt/config/passbolt.php and readable.
 [PASS] The private key file is defined in {...}/passbolt/config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in {...}/passbolt/config/passbolt.php.
 [PASS] The server public key defined in the {...}/passbolt/config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.12.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in {...}/passbolt/config/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in {...}/passbolt/config/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The {...}/passbolt/config/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in {...}/passbolt/config/passbolt.php.

 [PASS] No error found. Nice one sparky!

garrett · April 22, 2023, 1:53pm

Hi @sr-oct Welcome to the forum, I moved your post to the Installation section so it will get attention.

Duffman · April 23, 2023, 12:49am

Beta, from a year ago? Are you are building the new version of the app from GitHub. Apple self-signed certs without Apple Developer accounts only last 7 days and then the app needs to be signed again.

Your log shows the current 1.13.0 app from the the iOS App Store and current Passbolt version. I have it running on my iPhone without issue.

The Passbolt health check is showing a few “Helps” have you tried fixing those issues.

Have you tried deleting the “beta” app and then reinstalling version 1.13.0 from the App Store

If you turn off your Wi-Fi and use your cell data does the app work?

Can you explain the beta and final part?

sr-oct · April 23, 2023, 3:21pm

Hello Duffman,

Thanks for your answer. I would like to try to make it clearer. I tried to keep my request as short as possible.

Can you explain the beta and final part?

When the mobile feature was announced, the menu item could not be found in the admin backend as it is now, but had to be “unlocked” via the config first:

I followed this blog post exactly and it works great That’s why I choose the label “Beta”.

But an update or so later, when the function was probably no longer a beta, the problem described occurred. As is well known, it happens that you change something in the software from a “Beta” to “RC” or “Final”. But I guess it’s not the server.

Have you tried deleting the “beta” app and then reinstalling version 1.13.0 from the App Store

I have also tried several times to delete the app including all data under iOS.

I also created a new user - unfortunately the same problem.

I can even create new entries under iOS. But these are not created “successfully” because the create dialog does not close. However, when I look through Firefox on the desktop, the new entry has been completely created! I also get an email notifying me that a new entry has been made.

Do you have a tip on how I might collect more useful debug information?

Duffman · April 23, 2023, 5:11pm

Hi @sr-oct

Your JWT looks good per Passbolt Health check but if you do see an issue in Health Check it can be fixed with

# Errors fix example
## If there’s an error in health check, Passbolt will give you a hint [help] on how to solve it. For example, if there’s no ## valid JWT key pair, then it will instruct you to run the following command to fix it.
sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

For issues you can look at your Passbolt log; logs are under /logs under the directory you installed passbolt in** (in /var/www/passbolt/logs or /var/log/passbolt most likely)

I think you should address the “[HELP]” issues that are listed when you run Passbolt health check.

[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in {…}/passbolt/config/passbolt.php.

Edit your config file and make the changes. sudo nano {…}/passbolt/config/passbolt.php

I think the links below should help.