Bubka
commented
3 months ago Hi,
I cannot reproduce 😕 Did the import complete successfully? When the blank page appears? After a click on the Close button of the Import page?
Closed Dzagonur closed 3 months ago
Bubka
commented
3 months ago Hi,
I cannot reproduce 😕 Did the import complete successfully? When the blank page appears? After a click on the Close button of the Import page?
Dzagonur
commented
3 months ago Hi,
the import list was shown and after "import all" the blank page is shown. At first I thought it might be the account, but I have the same phenomenon with a new account.
Bubka
commented
3 months ago Do you see any additional information in the log file? (how to check logs)
Dzagonur
commented
3 months ago Accesslog says
[03/Jun/2024:19:41:47 +0000] "GET /accounts HTTP/2.0" 200 1295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /build/assets/php_de-CnwWkLDo.js HTTP/2.0" 200 58118 "https://[redacted]/build/assets/app-BsP-5XS6.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /api/v1/user HTTP/2.0" 200 699 "https://[redacted]/accounts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /api/v1/twofaccounts?withOtp=1 HTTP/2.0" 200 24552 "https://[redacted]/accounts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /favicon_lg.png HTTP/2.0" 200 2410 "https://[redacted]/accounts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /api/v1/groups HTTP/2.0" 200 48 "https://[redacted]/accounts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
[03/Jun/2024:19:41:48 +0000] "GET /api/v1/twofaccounts?withOtp=1 HTTP/2.0" 200 24552 "https://[redacted]/accounts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"Errorlog is clear
Bubka
commented
3 months ago And the 2FAuth log? in [2FAuth_install_dir]/storage/logs
Dzagonur
commented
3 months ago laravel-2024-05-31.log
[2024-05-31 20:13:50] local.NOTICE: App setting 'lastRadarScan' set to 1717186430
[2024-05-31 20:13:50] local.NOTICE: App setting 'latestRelease' reset to default
[2024-05-31 21:30:20] local.NOTICE: User ID #1 set as administrator
[2024-05-31 21:31:11] local.NOTICE: App setting 'lastRadarScan' set to 1717191071
[2024-05-31 21:31:11] local.NOTICE: App setting 'latestRelease' reset to default
[2024-05-31 21:31:24] local.ERROR: Failed to authenticate on SMTP server with username "xxx@xxx.xx" using the following authenticators: "LOGIN", "PLAIN". Authenticator "LOGIN" returned "Expected response code "235" but got code "535", with message "535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6".". Authenticator "PLAIN" returned "Expected response code "235" but got code "535", with message "535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6".".
[2024-05-31 21:36:44] local.NOTICE: User ID #1 set as administrator
[2024-05-31 21:37:50] local.ERROR: Failed to authenticate on SMTP server with username "xxx@xxx.xx" using the following authenticators: "LOGIN", "PLAIN". Authenticator "LOGIN" returned "Expected response code "235" but got code "535", with message "535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6".". Authenticator "PLAIN" returned "Expected response code "235" but got code "535", with message "535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6".".
[2024-05-31 21:38:02] local.NOTICE: App setting 'enableSso' set to false
[2024-05-31 21:44:55] local.ERROR: {"userId":1,"exception":"[object] (App\\Exceptions\\UnsupportedMigrationException(code: 0): at /var/www/html/app/Factories/MigratorFactory.php:37)
[stacktrace]
#0 /var/www/html/app/Services/TwoFAccountService.php(58): App\\Factories\\MigratorFactory->create()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(355): App\\Services\\TwoFAccountService->migrate()
#2 /var/www/html/app/Api/v1/Controllers/TwoFAccountController.php(134): Illuminate\\Support\\Facades\\Facade::__callStatic()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\\Api\\v1\\Controllers\\TwoFAccountController->migrate()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(43): Illuminate\\Routing\\Controller->callAction()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(259): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(806): Illuminate\\Routing\\Route->run()
#8 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#9 /var/www/html/app/Http/Middleware/LogUserLastSeen.php(33): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#10 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\\Http\\Middleware\\LogUserLastSeen->handle()
#11 /var/www/html/app/Http/Middleware/KickOutInactiveUser.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#12 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\\Http\\Middleware\\KickOutInactiveUser->handle()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#14 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#15 /var/www/html/app/Http/Middleware/SetLanguage.php(68): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#16 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\\Http\\Middleware\\SetLanguage->handle()
#17 /var/www/html/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#18 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Auth\\Middleware\\Authenticate->handle()
#19 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(159): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#20 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(125): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequest()
#21 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(87): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequestUsingNamedLimiter()
#22 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle()
#23 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#24 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\\Pipeline\\Pipeline->then()
#25 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\\Routing\\Router->runRouteWithinStack()
#26 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\\Routing\\Router->runRoute()
#27 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\\Routing\\Router->dispatchToRoute()
#28 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\\Routing\\Router->dispatch()
#29 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#30 /var/www/html/app/Http/Middleware/ForceJsonResponse.php(19): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#31 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\\Http\\Middleware\\ForceJsonResponse->handle()
#32 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#33 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#34 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#35 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#37 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#38 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#40 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(99): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#42 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\HandleCors->handle()
#44 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#47 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\\Pipeline\\Pipeline->then()
#48 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#49 /var/www/html/public/index.php(51): Illuminate\\Foundation\\Http\\Kernel->handle()
#50 {main}
"}
[2024-05-31 21:45:53] local.NOTICE: App setting 'lastRadarScan' set to 1717191953
[2024-05-31 21:45:53] local.NOTICE: App setting 'latestRelease' reset to default
[2024-05-31 22:13:58] local.NOTICE: Sensible data are now encrypted
[2024-05-31 22:13:58] local.NOTICE: App setting 'useEncryption' set to truelaravel-2024-06-01.log
[2024-06-01 15:46:16] local.NOTICE: App setting 'lastRadarScan' set to 1717256776
[2024-06-01 15:46:16] local.NOTICE: App setting 'latestRelease' reset to defaultlaravel-2024-06-03.log
[2024-06-03 11:46:08] local.NOTICE: App setting 'lastRadarScan' set to 1717415168
[2024-06-03 11:46:08] local.NOTICE: App setting 'latestRelease' reset to default
The Stacktrace was a error with a encrypted aegis.json
Dzagonur
commented
3 months ago TypeError: a is null
makeReplacements /build/assets/app-BsP-5XS6.js:36
makeReplacements /build/assets/app-BsP-5XS6.js:36
wTrans /build/assets/app-BsP-5XS6.js:36
effect /build/assets/app-BsP-5XS6.js:15
run /build/assets/app-BsP-5XS6.js:15
get value /build/assets/app-BsP-5XS6.js:15
trans /build/assets/app-BsP-5XS6.js:36
$t /build/assets/app-BsP-5XS6.js:36
setup /build/assets/Accounts-CpCPbGQG.js:6
xu /build/assets/app-BsP-5XS6.js:19
setup /build/assets/Accounts-CpCPbGQG.js:6
La /build/assets/app-BsP-5XS6.js:19
M /build/assets/app-BsP-5XS6.js:19
run /build/assets/app-BsP-5XS6.js:15
update /build/assets/app-BsP-5XS6.js:19
nn /build/assets/app-BsP-5XS6.js:19
cu /build/assets/app-BsP-5XS6.js:19
[app-BsP-5XS6.js:19:584](/build/assets/app-BsP-5XS6.js)
xp /build/assets/app-BsP-5XS6.js:19
ra /build/assets/app-BsP-5XS6.js:19
La /build/assets/app-BsP-5XS6.js:19
M /build/assets/app-BsP-5XS6.js:19
run /build/assets/app-BsP-5XS6.js:15
update /build/assets/app-BsP-5XS6.js:19
nn /build/assets/app-BsP-5XS6.js:19
cu /build/assets/app-BsP-5XS6.js:19The Error from DEV-Tools of Firefox
Dzagonur
commented
3 months ago Reinstalled twice and always the same error. Seems to be something with the Javascript, but unfortunately I'm too far away from it.
Bubka
commented
3 months ago Please try to import the following aegis data:
Create a txt file
Paste in this content:
{
"version": 1,
"header": {
"slots": null,
"params": null
},
"db": {
"version": 2,
"entries": [
{
"type": "totp",
"uuid": "5be1c189-240d-5fe1-930b-a78xb669zd86",
"name": "John DOE",
"issuer": "Facebook",
"note": "",
"icon": null,
"info": {
"secret": "A4GRFTVVRBGY7UIW",
"algo": "SHA1",
"digits": 6,
"period": 30,
"counter": 30
}
}
]
}
}Import to 2FAuth
Does the error occur at all?
Dzagonur
commented
3 months ago Hello, unfortunately the error still occurs
Bubka
commented
3 months ago Tested in several browser? What you report makes me think of a browser cache issue. Is ctrl+F5 helps?
Dzagonur
commented
3 months ago Serveral Browser, incognito mode, serveral OS. Nothing works
mauricew
commented
3 months ago The same error is also happening to me with an Aegis import, and I was able to reproduce with a fresh install.
Bubka
commented
3 months ago Which language is set?
Dzagonur
commented
3 months ago The language does not matter (German, English, browser language), the page remains empty
Bubka
commented
3 months ago Whereas the js error is thrown by the translation layer 😬 Really weird...
Is the blank page permanent at /accounts or you faced it only after an import?
Dzagonur
commented
3 months ago only faced after an import
Bubka
commented
3 months ago In dev tools > network, is there any XHR request with a response code other than 200? What is the last request before the blank page?
Dzagonur
commented
3 months ago no request with other response than 200 (OK)
Last xhr is twofaccounts?withOtp=1 (/api/v1/twofaccounts?withOtp=1)
Bubka
commented
3 months ago Hum, so you have Always On OTPs, which I do not. Can you please copy/paste your user preferences here, I need to set mine like yours. Go to Admin > Users tab > Manage for (your account) > Preferences. Thx
Dzagonur
commented
3 months ago showOtpAsDot: false revealDottedOTP: false closeOtpOnCopy: false copyOtpOnDisplay: false clearSearchOnCopy: false useBasicQrcodeReader: false displayMode: list showAccountsIcons: true kickUserAfter: 15 activeGroup: 0 rememberActiveGroup: false viewDefaultGroupOnCopy: false defaultGroup: 0 defaultCaptureMode: livescan useDirectCapture: false useWebauthnOnly: false getOfficialIcons: true theme: system formatPassword: true formatPasswordBy: 0.5 lang: de getOtpOnRequest: false notifyOnNewAuthDevice: false notifyOnFailedLogin: false timezone: Europe/Berlin
Bubka
commented
3 months ago It didn't help, I don't get it, I'm running out of options 😞
Last xhr is twofaccounts?withOtp=1 (/api/v1/twofaccounts?withOtp=1)
Would you mind sending me the response body of /api/v1/twofaccounts?withOtp=1 by email? contact-at-2fauth.app
Copy the body and wait a few minutes before sending, this will make any OTPs in the body obsolete.
Dzagonur
commented
3 months ago You mean what is displayed in the browser?
I don't have to hide anything:
{
“message”: “Unauthenticated.”
}When I work with the token and curl, it looks different on the console
Bubka
commented
3 months ago Using your browser:
/import page and load the aegis exportFrom what you wrote previously, I understand that you face a blank page at this point, and the last xhr request in the dev tools should be a request to /api/v1/twofaccounts?withOtp=1, with a 200 status. Do you confirm?
If so, please send me the response of this last request. Otherwise please explain what happen and when. thx.
Dzagonur
commented
3 months ago The last point in my Dev Console is a request to groups with an 200 staus
Bubka
commented
3 months ago Yes, sorry, I forgot this one.
So before /api/v1/groups, you should have /api/v1/twofaccounts?withOtp=1. Its state should be 200 and the response body should contain the list of your 2FAs in json format. If so, please email me this json content.
Dzagonur
commented
3 months ago As much as I would like to have the problem solved, I do not send a complete list of my accounts that I have secured with 2FA.
The whole thing is supposed to be a security feature and then someone knows all my accounts, no that's not possible.
Thanks for the help and the idea of using 2FA on a web server.
I will set up the whole thing again and import the accounts piece by piece, then I will see which one is causing the problem and if it doesn't work I will have to draw a line under the attempts here.
Bubka
commented
3 months ago I understand.
I will set up the whole thing again and import the accounts piece by piece
If the import of my test data (https://github.com/Bubka/2FAuth/issues/342#issuecomment-2149666856) failed, I'm afraid this is a waste of time. This dataset is very basic and works on the Demo app. It should work on your instance.
But for this last attempt, can you install the Testing branch of 2FAuth? It's v5.2 but with js source maps I built for you. It will be much easier to analyse the js error.
Dzagonur
commented
3 months ago Thank you very much for your help.
I will be happy to use the test branch, but I will only be able to do so in the late afternoon/evening.
As soon as I have installed the version and carried out the test import I will report back here
Dzagonur
commented
3 months ago Testing is installed your Testfile is running fine
Ok, now it looks line an error @ one of mine OTPs
And all OTPs r imported 😐
Bubka
commented
3 months ago Great, a bit of progress 👍🏻
Ok, now it looks line an error @ one of mine OTPs
Did you get an explicit error? I'm not sure to understand, the import has completed whereas one of the OTPs is detected as invalid?
If you know which OTP is the problem, I would like you to edit your aegis export to check its definition. The definition block looks like this:
{
"type": "totp",
"uuid": "5be1c189-240d-5fe1-930b-a78xb669zd86",
"name": "John DOE",
"issuer": "Facebook",
"note": "",
"icon": null,
"info": {
"secret": "A4GRFTVVRBGY7UIW",
"algo": "SHA1",
"digits": 6,
"period": 30,
"counter": 30
}
}The interesting field is name (and maybe issuer). It probably contains some invalid/unexpected characters that cause the issue in 2FAuth. Without revealing its value, can you tell how it is formed? For example: It contains a @ or :
Dzagonur
commented
3 months ago Sorry, I've been a bit busy the last few days.
No, with the sentence I meant that I suspect that it is a bug in one of the OTPs.
However, the import worked without error and everything runs as expected.
There was only one difference during the installation: I got the normal release with the CLI installation, the testing was the ZIP file.
Thanks again for the help and I think the error can be closed. A little attention follows ;-)
Version
5.2.0
Details & Steps to reproduce
Expectation
SHow all OTPs on /accounts
Error & Logs
Execution environment
Containerization
Additional information
No response