Accounts page is empty (Console says: TypeError: a is null)

[matheustav]

Version

5.2.0

Details & Steps to reproduce

I am migrating from Authy to 2FAuth. I started adding the first account (Cloudflare) and everyting worked just fine, but then I tried to add a second account (a Cloudron user), which apparently was ok too, but as soon as I came back to the main page ("/accounts") it was empty. The console was printing the error "TypeError: a is null" and now I can't access any of my codes. Already tried refreshing the page and logging out/in in another browser.

Screenshot:

Expectation

"/accounts" page should list my accounts/codes, but is empty.

Error & Logs

No response

Execution environment

I installed 2FAuth using Cloudron with default settings.

Containerization

• [X] Docker

Additional information

No response

[Bubka]

Hi, Please switch to the network tab of your browser dev tools, filter XHR requests, then reload the page ( F5 ). You should see 3 requests. Is any of these requests has a state different from 200 ?

[matheustav]

Hi! Thanks for your attention and response. Every request returns a 200 status code.

Screenshot:

[matheustav]

The problem is only with the /accounts page.

/start page opens the form to add a new account normally. /settings/options opens the Settings panel just fine too.

[Bubka]

OK, great. Click the twofaccounts request then enable its response tab. You should see an object list. The first object should be the Cloudflare account, the second one should be for Cloudtron. Expand the Cloudron object, it should be defined like this:

{
    "id": 2,
    "group_id": null,
    "otp_type": "totp",
    "account": "[your_account_identifier]",
    "service": "[name_of_the_service]",
    "icon": "[name_of_the_service.png] or null",
    "digits": 6,
    "algorithm": "sha1",
    "period": 30,
    "counter": null
}

Do you something weird, like an empty property or special characters, for example in the account or service properties?

[matheustav]

Actually yes, "service" is null for the Cloudron account.

[Bubka]

Thx. Is there space in the cloudron account property?

[matheustav]

Yes. The account property follows this pattern: "Cloudron mydomain.com (myuser)".

[Bubka]

what is the language set in your user preferences?

[matheustav]

Brazilian Portuguese (pt-br)

Edit: At 2FAuth is "Browser preference" and my browser is in pt-br. Edit 2: Tested 2FAuth language set to English to check, but the result is the same.

[Bubka]

How data are exported from authy? You get a txt or json file? a QR code?

[matheustav]

Authy doesn't export data, so I was just disabling 2fa on each site and enabling it manually using QR Code.

[Bubka]

Seams to be the same as #342 😞

Right after the registration of your Cloudflare 2FA, the /accounts page was working as expected ?

[matheustav]

Oh, it really seems to be the same error.

Yes, after setting up Cloudflare I tested logging out and in (into Cloudflare) using 2FAuth and the whole process worked as expected.

The problem started after the setup of the Cloudron account.

[Bubka]

ok. For me, having the Cloudron QR code that broke the app would be very useful. Would you agree to send it to me? I know this is a sensitive data, so you would have to disable 2FA on your Cloudron account first, this will make the QR code obsolete.

[matheustav]

Sure. Where can i get your address?

[Bubka]

contact-at-2fauth.app

[Bubka]

Received 👍🏻

Can you please also paste here your user prefs. You can copy them from /admin/users/1/manage (replace 1 with your actual user id if necessary), at the bottom of the page.

[matheustav]

    showOtpAsDot: true
    revealDottedOTP: true
    closeOtpOnCopy: false
    copyOtpOnDisplay: true
    clearSearchOnCopy: false
    useBasicQrcodeReader: false
    displayMode: list
    showAccountsIcons: true
    kickUserAfter: 0
    activeGroup: 0
    rememberActiveGroup: true
    viewDefaultGroupOnCopy: false
    defaultGroup: 0
    defaultCaptureMode: upload
    useDirectCapture: false
    useWebauthnOnly: false
    getOfficialIcons: true
    theme: dark
    formatPassword: true
    formatPasswordBy: 0.5
    lang: browser
    getOtpOnRequest: true
    notifyOnNewAuthDevice: false
    notifyOnFailedLogin: false
    timezone: UTC

[Bubka]

Unfortunately I cannot reproduce the error 😞

The only difference between our setup is that I'm not using a docker+cloudron instance, all other settings are the same. The QR code you gave me registers without error, I don't understand.

If you mind, could you delete your user account (from /settings/account), recreate an account and submit the faulty qr code.

Can you also please check the app logs, they are stored in /srv/storage/logs. I don't think you will find something useful, but it's best to take a look.

[matheustav]

Hi! I tried to read the logs and even enabled APP_DEBUG setting in .env file, but all that Cloudron/logs folder was showing was the access logs and container/nginx logs. No error messages and nothing useful at all.

Next step would be to delete my user and recreate it as requested, but my users are managed in Cloudron and the login is made through OIDC, and I'd rather not messing with the users accounts in my Cloudron instance.

My original intention was to use my own main Cloudron's account as the admin of 2FAuth (which I would never use) and create an unprivileged "2fa" user with a different and very strong password to interact with 2FAuth.

Notice that 2fa user would hold the token for admin user (this shouldn't be a problem, but maybe it is related somehow). User "admin" -> Access to Cloudron, requires 2fa token to login. User "2fa" -> Access to 2FAuth, doesn't require 2fa token to login (very strong password), holds token/secret for "admin".

Today I reinstalled the app, which I already have tried a few times, but now I only created one user: the "2fa" admin. I then setup my Cloudron's "admin" 2FA and Cloudflare so far, and everything is working well.

I will continue to add accounts and hope 2FAuth to keep working. If I get any more info about this issue I'll post here. Thanks again!

(Just an unrelated suggestion: adding each account would be a lot easier/faster if I could just drag/drop the QR Codes. Right now I am saving the png manually and uploading using the form).

EDIT: I've already added 14 accounts (and counting). Everything is working flawlessly now, apparently.

[Bubka]

Thx for the feedback and the explanations.

I tried to read the logs and even enabled APP_DEBUG setting in .env file, but all that Cloudron/logs folder was showing was the access logs and container/nginx logs. No error messages and nothing useful at all.

I have no idea how 2FAuth is integrated with Cloudron or how Cloudron works, but I think you were trying to find logs at Cloudron (or docker) level. The 2FAuth logs, when using the Docker image, are stored in the folder that is mapped between the host and the Docker container. It is called /2fauth and contains the database and storage folders. Logs are in storage.

Next step would be to delete my user and recreate it as requested, but my users are managed in Cloudron and the login is made through OIDC, and I'd rather not messing with the users accounts in my Cloudron instance.

Indeed, it may be an unsafe move depending on how Cloudron binds the users. But for the record: Deleting a 2FAuth user registered with OIDC only cleans up 2FAuth, it does not affect the account provider (Cloudron). By the way, my suggestion was not relevant because it is impossible to delete a 2FAuth user if that user is the only one to have the admin flag 😅

I've already added 14 accounts (and counting). Everything is working flawlessly now, apparently.

Great 👍🏻

[Bubka]

I have no idea how 2FAuth is integrated with Cloudron or how Cloudron works, but I think you were trying to find logs at Cloudron (or docker) level. The 2FAuth logs, when using the Docker image, are stored in the folder that is mapped between the host and the Docker container. It is called /2fauth and contains the database and storage folders. Logs are in storage.

Ok, I checked the integration thx to the Cloudron demo instance. The Cloudron's 2FAuth app is set by default to send its logs to the errorlog channel with log level set to notice. Cloudron provides a dedicated log viewer for the app (in the toolbar bellow), but I cannot see any 2FAuth entries here. It probably shows the systemlog channel.

You have several choices to enhance this setup. Using the Cloudron File Manager you can edit the 2FAuth env file in /app/data/ and customize the log management. See https://docs.2fauth.app/getting-started/configuration/#logs-management for all available options. Once edited, you can restart the app, or simply refresh the app config cache by running php artisan config:cache from the Cloudron terminal.

I would recommend to set LOG_CHANNEL to daily. It gives you 7 daily rotated log files in /storage/logs/ that you can access easily using the Cloudron File Manager. This way your app logs are not drowned in the default channel. It's your choice 🙂

[matheustav]

Hi!

but I think you were trying to find logs at Cloudron (or docker) level

Actually I tried multiple ways to read the logs, including accessing the docker instance via terminal and reading /var/log. Also the root /srv folder as mentioned in your previous posts and the actual 2FAuth source folder to see if I could find any PHP error_log or something like that. Then I used File Manager from cloudron, which maps the storage folder and enables my access to the logs subfolder, but this folder was empty:

Docker logs (using Cloudron) was the only way that I managed to access it, but nothing there was really helpful (only Docker stuff and access logs).

Ok, I checked the integration thx to the Cloudron demo instance.

Oh, you problably already know this, but you can also access all the code from the 2FAuth integration with Cloudron using its repository, here: https://git.cloudron.io/cloudron/2fauth-app

You have several choices to enhance this setup [...] and customize the log management.

Thank you very much for the tips and attention. At this moment my 2FAuth is running really nice, so I won't bother changing the settings, but it is great to know this. I've already setup all of my accounts, made a backup of the exported JSON file and stored it safely with encryption, so even if the issue appears again I won't be locked out of my accounts. :smiley: