search

Bubka / 2FAuth

A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
https://docs.2fauth.app/
GNU Affero General Public License v3.0
2.28k stars 151 forks source link

WEBAUTHN_NAME .env variable set as null generates server error #115

Closed cougz closed 2 years ago

cougz commented 2 years ago

Describe the bug Laravel returning server error

To Reproduce Steps to reproduce the behavior:

Expected behavior Webapp should be displayed

Screenshots

ezgif-5-5542d6985b

Additional context Logfile:

/var/www/2fauth/storage/logs/laravel-2022-08-09.log

[2022-08-09 08:15:12] local.ERROR: Webauthn\PublicKeyCredentialRpEntity::__construct(): Argument #1 ($name) must be of type string, null given, called in /var/www/2fauth/vendor/darkghosthunter/larapass/src/LarapassServiceProvider.php on line 187 {"exception":"[object] (TypeError(code: 0): Webauthn\\PublicKeyCredentialRpEntity::__construct(): Argument #1 ($name) must be of type string, null given, called in /var/www/2fauth/vendor/darkghosthunter/larapass/src/LarapassServiceProvider.php on line 187 at /var/www/2fauth/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialRpEntity.php:25)
[stacktrace]
#0 /var/www/2fauth/vendor/darkghosthunter/larapass/src/LarapassServiceProvider.php(187): Webauthn\\PublicKeyCredentialRpEntity->__construct()
#1 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(873): DarkGhostHunter\\Larapass\\LarapassServiceProvider::DarkGhostHunter\\Larapass\\{closure}()
#2 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(758): Illuminate\\Container\\Container->build()
#3 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(851): Illuminate\\Container\\Container->resolve()
#4 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(694): Illuminate\\Foundation\\Application->resolve()
#5 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(836): Illuminate\\Container\\Container->make()
#6 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(1027): Illuminate\\Foundation\\Application->make()
#7 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(947): Illuminate\\Container\\Container->resolveClass()
#8 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\\Container\\Container->resolveDependencies()
#9 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(292): Illuminate\\Container\\Container->build()
#10 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(873): Illuminate\\Container\\Container->Illuminate\\Container\\{closure}()
#11 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(758): Illuminate\\Container\\Container->build()
#12 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(851): Illuminate\\Container\\Container->resolve()
#13 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(694): Illuminate\\Foundation\\Application->resolve()
#14 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(836): Illuminate\\Container\\Container->make()
#15 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Container/Container.php(1419): Illuminate\\Foundation\\Application->make()
#16 /var/www/2fauth/app/Providers/AuthServiceProvider.php(44): Illuminate\\Container\\Container->offsetGet()
#17 [internal function]: App\\Providers\\AuthServiceProvider::App\\Providers\\{closure}()
#18 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/CreatesUserProviders.php(32): call_user_func()
#19 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(123): Illuminate\\Auth\\AuthManager->createUserProvider()
#20 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(94): Illuminate\\Auth\\AuthManager->createSessionDriver()
#21 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(68): Illuminate\\Auth\\AuthManager->resolve()
#22 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(54): Illuminate\\Auth\\AuthManager->guard()
#23 [internal function]: Illuminate\\Auth\\AuthManager->Illuminate\\Auth\\{closure}()
#24 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/AuthServiceProvider.php(97): call_user_func()
#25 [internal function]: Illuminate\\Auth\\AuthServiceProvider->Illuminate\\Auth\\{closure}()
#26 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Http/Request.php(550): call_user_func()
#27 /var/www/2fauth/app/Http/Middleware/CustomCreateFreshApiToken.php(18): Illuminate\\Http\\Request->user()
#28 /var/www/2fauth/vendor/laravel/passport/src/Http/Middleware/CreateFreshApiToken.php(70): App\\Http\\Middleware\\CustomCreateFreshApiToken->requestShouldReceiveFreshToken()
#29 /var/www/2fauth/vendor/laravel/passport/src/Http/Middleware/CreateFreshApiToken.php(52): Laravel\\Passport\\Http\\Middleware\\CreateFreshApiToken->shouldReceiveFreshToken()
#30 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Laravel\\Passport\\Http\\Middleware\\CreateFreshApiToken->handle()
#31 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#32 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#33 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#34 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#35 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#37 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
#38 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#40 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#42 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then()
#44 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack()
#45 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute()
#46 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute()
#47 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
#48 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#49 /var/www/2fauth/app/Http/Middleware/ForceJsonResponse.php(20): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#50 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\ForceJsonResponse->handle()
#51 /var/www/2fauth/app/Http/Middleware/SetLanguage.php(41): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#52 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetLanguage->handle()
#53 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#54 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#55 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#56 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#57 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#58 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#59 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#60 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#61 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#62 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#63 /var/www/2fauth/vendor/fruitcake/laravel-cors/src/HandleCors.php(38): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#64 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fruitcake\\Cors\\HandleCors->handle()
#65 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#66 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#67 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#68 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
#69 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#70 /var/www/2fauth/public/index.php(73): Illuminate\\Foundation\\Http\\Kernel->handle()
#71 {main}
"}

/var/www/2fauth/.env

# You can change the name of the app

APP_NAME=2FAuth

# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".

APP_ENV=local

# Set to true if you want to see debug information in error screens.

APP_DEBUG=false

# This should be your email address

SITE_OWNER=**redacted**

# The encryption key for your database and sessions. Keep this very secure.
# If you generate a new one all existing data must be considered LOST.
# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it

APP_KEY=base64:kaXK8pTH5G13jCVCantj3wVuF71jT/TWx10E732lWrM=

# This variable must match your installation's external address but keep in mind that
# it's only used on the command line as a fallback value.

APP_URL=**redacted**

# Turn this to true if you want your app to react like a demo.
# The Demo mode reset the app content every hours and set a generic demo user.

IS_DEMO_APP=false

# The log channel defines where your log entries go to.
# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.

LOG_CHANNEL=daily

# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.

LOG_LEVEL=notice

# If you're looking for performance improvements, you could install memcached.

CACHE_DRIVER=file
SESSION_DRIVER=file
FILESYSTEM_DRIVER=local

#### Database config & credentials ####

DB_CONNECTION=mysql

# or if you want to use SQL (uncomment lines)

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=**redacted**
DB_USERNAME=**redacted**
DB_PASSWORD=**redacted**

#### Mail settings ####

# Refer your email provider documentation to configure your mail settings
# Set a value for every available setting to avoid issue

MAIL_DRIVER=log
MAIL_HOST=**redacted**
MAIL_PORT=465
MAIL_FROM=**redacted**
MAIL_USERNAME=**redacted**
MAIL_PASSWORD=**redacted**
MAIL_ENCRYPTION=null
MAIL_FROM_NAME=null
MAIL_FROM_ADDRESS=null

#### Authentication settings ####

# The default authentication guard
#
# Supported:
#   'web-guard' : The Laravel built-in auth system (default if nulled)
#   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
#
# WARNING
# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
# trust him as long as headers are presents.

AUTHENTICATION_GUARD=web-guard

# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')

AUTH_PROXY_HEADER_FOR_USER=null
AUTH_PROXY_HEADER_FOR_EMAIL=null

# Custom logout URL to open when using an auth proxy.

PROXY_LOGOUT_URL=null

#### WebAuthn settings ####

# Relying Party name, aka the name of the application. If null, defaults to APP_NAME

WEBAUTHN_NAME=null

# Relying Party ID. If null, the device will fill it internally.
# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#how-to-determine-the-relying-party-id

WEBAUTHN_ID=null

# Optional image data in BASE64 (128 bytes maximum) or an image url
# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#relying-party-icon

WEBAUTHN_ICON=null

# Use this setting to control how user verification behave during the
# WebAuthn authentication flow.
#
# Most authenticators and smartphones will ask the user to actively verify
# themselves for log in. For example, through a touch plus pin code,
# password entry, or biometric recognition (e.g., presenting a fingerprint).
# The intent is to distinguish one user from any other.
#
# Supported:
#   'required': Will ALWAYS ask for user verification
#   'preferred' (default) : Will ask for user verification IF POSSIBLE
#   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)

WEBAUTHN_USER_VERIFICATION=preferred

# Use this setting to declare trusted proxied.
# Supported:
#   '*': to trust any proxy
#   A comma separated IP list: The list of proxies IP to trust

TRUSTED_PROXIES=null

# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.

BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
SESSION_LIFETIME=120

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

MIX_ENV=local

/etc/nginx/conf.d/2fa.conf

server {
        listen 443;
        server_name **redacted**;
        root /var/www/2fauth/public;
        include /etc/nginx/snippets/ssl.conf;
        include /etc/nginx/snippets/error_location;

        index index.php;

        charset utf-8;

        location / {
        try_files $uri $uri/ /index.php?$query_string;
        }

      location = /favicon.ico { access_log off; log_not_found off; }
      location = /robots.txt  { access_log off; log_not_found off; }

      location ~ \.php$ {
                fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                include fastcgi_params;
      }

      location ~ /\.(?!well-known).* {
          deny all;
      }
}

I suspect my error to be inside .env - but unfortunately I'm not sure what is wrong there. According to the first error log row, there seems to be no value set (null) in order to execute AuthenticatorSelectionCriteria(). Documentation doesn't mention this, sadly.

Bubka commented 2 years ago

Hi, Set any other value than null for the WEBAUTHN_NAME .env variable. I was able to reproduce the bug and this fixed it.

cougz commented 2 years ago

Hi,

thank you very much - issue resolved.