Request signature is invalid

[mzch]

Hi,

Scoold reported an error when registering a new user and never sent any mails:

2019-12-19 18:34:32,822 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.0 on n11 with PID 21905 (/srv/scoold/scoold-1.36.0.jar started by scoold in /srv/scoold)
2019-12-19 18:34:32,832 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production
2019-12-19 18:34:35,555 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 8000...
2019-12-19 18:34:35,961 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'.
2019-12-19 18:34:37,531 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English.
2019-12-19 18:34:37,634 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@69b2283a, started on Thu Dec 19 18:34:33 PST 2019] and resource loader paths [classpath:templates/]
2019-12-19 18:34:38,804 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 7.319 seconds (JVM running for 8.908)
2019-12-19 18:34:54,644 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2019-12-19 18:34:54,728 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2019-12-19 18:34:54,745 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2019-12-19 18:35:08,469 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2019-12-19 18:35:09,880 [ERROR] com.erudika.para.client.ParaClient - Failed to authenticate user with 'password'. Check if user is active. - Failed to authenticate user with 'password'. Check if user is active.
2019-12-19 18:35:09,921 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.

• application.conf

  para.app_name = "Scoold"
  # the port for Scoold
  para.port = 8000
  # change this to "production" later
  para.env = "production"
  # the URL where Scoold is hosted, or http://localhost:8000
  para.host_url = "https://usersidea.com"
  # the URL of Para - could also be "http://localhost:8080"
  para.endpoint = "https://paraenv.com"
  # access key for your Para app
  para.access_key = "app:scoold"
  # secret key for your Para app
  para.secret_key = "xxxxx=="
  # needed for geolocation filtering of posts
  para.gmaps_api_key = "xxxx"
  # enable or disable email&password authentication
  para.password_auth_enabled = true
  # if false, commenting is allowed after 100+ reputation
  para.new_users_can_comment = true
  # the identifier of admin user - check Para user object
  para.admins = "mzch@mzch.org"
  # enables syntax highlighting in posts
  para.code_highlighting_enabled = true
  # If true, the default space will be accessible by everyone
  para.is_default_space_public = true
  # Mail settings
  # system email address
  para.support_email = "admin@usersidea.com"
  para.mail.host = "mx1.mail-services.net"
  para.mail.port = 587
  para.mail.username = "admin@example.com"
  para.mail.password = "xxxx"
  para.mail.tls = true
  para.mail.ssl = false
  para.mail.debug = true

Any idea?

[albogdano]

Your para.endpoint in the config doesn't match the one reported in the logs.

On Fri, 20 Dec 2019, 04:39 Koichi MATSUMOTO, notifications@github.com wrote:

Hi,

Scoold reported an error when registering a new user and never sent any mails:

2019-12-19 18:34:32,822 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.0 on n11 with PID 21905 (/srv/scoold/scoold-1.36.0.jar started by scoold in /srv/scoold) 2019-12-19 18:34:32,832 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production 2019-12-19 18:34:35,555 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 8000... 2019-12-19 18:34:35,961 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'. 2019-12-19 18:34:37,531 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English. 2019-12-19 18:34:37,634 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@69b2283a, started on Thu Dec 19 18:34:33 PST 2019] and resource loader paths [classpath:templates/] 2019-12-19 18:34:38,804 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 7.319 seconds (JVM running for 8.908) 2019-12-19 18:34:54,644 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid. 2019-12-19 18:34:54,728 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid. 2019-12-19 18:34:54,745 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid. 2019-12-19 18:35:08,469 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid. 2019-12-19 18:35:09,880 [ERROR] com.erudika.para.client.ParaClient - Failed to authenticate user with 'password'. Check if user is active. - Failed to authenticate user with 'password'. Check if user is active. 2019-12-19 18:35:09,921 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.

• application.conf

para.app_name = "Scoold"

the port for Scoold

para.port = 8000

change this to "production" later

para.env = "production"

the URL where Scoold is hosted, or http://localhost:8000

para.host_url = "https://usersidea.com"

the URL of Para - could also be "http://localhost:8080"

para.endpoint = "http://localhost:8080"

access key for your Para app

para.access_key = "app:scoold"

secret key for your Para app

para.secret_key = "xxxxx=="

needed for geolocation filtering of posts

para.gmaps_api_key = "xxxx"

enable or disable email&password authentication

para.password_auth_enabled = true

if false, commenting is allowed after 100+ reputation

para.new_users_can_comment = true

the identifier of admin user - check Para user object

para.admins = "mzch@mzch.org"

enables syntax highlighting in posts

para.code_highlighting_enabled = true

If true, the default space will be accessible by everyone

para.is_default_space_public = true

Mail settings

system email address

para.support_email = "admin@usersidea.com" para.mail.host = "mx1.mail-services.net" para.mail.port = 587 para.mail.username = "admin@example.com" para.mail.password = "xxxx" para.mail.tls = true para.mail.ssl = false para.mail.debug = true

Any idea?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Erudika/scoold/issues/141?email_source=notifications&email_token=AACUV6N4YXDBJLNLLSYDTALQZQV5BA5CNFSM4J5VUFTKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IB2ST7Q, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACUV6O7NC2PEGXLJN7GYKDQZQV5BANCNFSM4J5VUFTA .

[mzch]

Sorry, I copied and pasted wrong endpoint. I tried with above params once again. Then the result is same.

[albogdano]

Make sure that:

• app:scoold is not the root app but a child app
• app:scoold is active: true
• data is persisted to database and you don't have database errors
• Scoold has a direct connection to Para
• try connecting to Para with a tool like Postman using the keys for app:scoold and a request like GET https://paraenv.com/v1/_me

[mzch]

• app:scoold is not the root app but a child app Yes.
• app:scoold is active: true Yes.
• data is persisted to database and you don't have database errors No errors with MongoDB.
• Scoold has a direct connection to Para Yes. Both run on the same VPS.
• try connecting to Para with a tool like Postman using the keys for app:scoold and a request like GET https://paraenv.com/v1/_me para-cli runs without problem but doing curl -X GET https://paraenv.com/v1/_me returns 401 error as below:

  107.178.108.173 - - [22/Dec/2019:05:10:24 -0800] "GET /v1/_me HTTP/1.1" 401 0 "-" "curl/7.64.0"
  107.178.108.173 - - [22/Dec/2019:05:11:20 -0800] "GET /v1/_me HTTP/1.1" 401 0 "-" "curl/7.64.0"

[mzch]

p.s. I can login by using Oauth2, i.e. Github, but can't sign up and login using mail and password.

[mzch]

Oh,

Welcome mail is sent at every login thru Github... And Scoold never records a pin on Google Maps.

[albogdano]

I think you have a problem with the database. Check what data you have in MongoDB after you login with GitHub - are there user and profile objects for that user?

[mzch]

I recreated Mongo database and reinstalled para and scoold freshly on another VPS instance. Then tried to sign up, but scoold says as below:

2020-01-04 20:55:41,551 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 10.012 seconds (JVM running for 11.721)
2020-01-04 20:55:56,775 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2020-01-04 20:55:56,858 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2020-01-04 20:55:56,882 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2020-01-04 20:56:12,485 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.
2020-01-04 20:56:15,408 [ERROR] com.erudika.para.client.ParaClient - Failed to authenticate user with 'password'. Check if user is active. - Failed to authenticate user with 'password'. Check if user is active.
2020-01-04 20:56:15,452 [ERROR] com.erudika.para.client.ParaClient - Request signature is invalid. - Request signature is invalid.

• para/appliation.conf

  # the name of the root app
  para.app_name = "Para"
  # or set it to 'production'
  para.env = "production"
  # Plugins
  para.plugin_folder = "plugins/"
  # database
  para.dao = "MongoDBDAO"
  para.mongodb.host = "192.168.207.12"
  para.mongodb.database = "para"
  para.mongodb.user = "para"
  para.mongodb.password = "xxxx"
  # Google
  para.gp_app_id = "xxx"
  para.gp_secret = "xxx"
  # Facebook
  para.fb_app_id = "xxx"
  para.fb_secret = "xxx"
  # Github
  para.gh_app_id = "xxx"
  para.gh_secret = "xxx"
  # Administrator
  para.admin_ident = "mzch@mzch.org"
  # Support email
  para.support_email = "admin@paraenv.com"
  # if true, users can be created without verifying their emails
  para.security.allow_unverified_emails = false
  # if hosting multiple apps on Para, set this to false
  para.clients_can_access_root_app = false
  # if false caching is disabled
  para.cache_enabled = true
  # root app secret, used for token generation, should be a random string
  para.app_secret_key = "DjWNpEgJNeP4f6XALD3pRVB5k8KPkVUS"
  # enable API request signature verification
  para.security.api_security = true
  # the node number from 1 to 1024, used for distributed ID generation
  para.worker_id = 1
  # system email address
  para.mail.host = "192.168.207.21"
  para.mail.port = 25
  para.mail.tls = false
  para.mail.ssl = false
  # enable SMTP debug logging
  para.mail.debug = true

• scoold/application.conf

  
  para.app_name = "Scoold"
  # the port for Scoold
  para.port = 18080
  # Session cookie name
  para.auth_cookie = "scoold-auth"
  # change this to "production" later
  para.env = "production"
  # the URL where Scoold is hosted, or http://localhost:8000
  para.host_url = "https://usercounsel.com"
  # the URL of Para - could also be "http://localhost:8080"
  para.endpoint = "https://paraenv.com"
  # access key for your Para app
  para.access_key = "app:scoold"
  # secret key for your Para app
  para.secret_key = "WR1QQX6+2JvnDfZmv1XY6eiHiJl78T7IPlG7rfXTRnQv7kKITeB9Yg=="
  # enable or disable email and password authentication
  para.password_auth_enabled = true
  # if false, commenting is allowed after 100+ reputation
  para.new_users_can_comment = true
  # if true, posts by new users require approval from moderator
  para.posts_need_approval = false
  # reputation needed for posts to be auto-approved
  para.posts_rep_threshold = 100
  # needed for geolocation filtering of posts
  para.gmaps_api_key = "xxx"
  # Enable/disable near me feature (geolocation)
  para.nearme_feature_enabled = false
  # the identifier of admin user - check Para user object
  para.admins = "admin@paraenv.com"
  # GA code
  para.google_analytics_id = ""
  # enables syntax highlighting in posts
  para.code_highlighting_enabled = true
  # Facebook - create your own Facebook app first!
  para.fb_app_id = "xxx"
  # Google - create your own Google app first!
  para.google_client_id = "xxx"
  # Github
  para.gh_app_id = "xxx"
  # Twitter

If true, the default space will be accessible by everyone

para.is_default_space_public = true

If true, users can change their profile pictures

para.avatar_edits_enabled = true

If true, users can change their names

para.name_edits_enabled = true

Enable/disable webhooks support

para.webhooks_enabled = true

Enable/disable wiki style answers

para.wiki_answers_enabled = true

Comment limits

para.max_comments_per_id = 1000 para.max_comment_length = 255

Post body limit (characters)

para.max_post_length = 20000

Sets the default tag for new questions

para.default_question_tag = "question"

system email address

para.support_email = "no-reply@usercounsel.com" para.mail.host = "192.168.207.21" para.mail.port = 25 para.mail.tls = false para.mail.ssl = false

enable SMTP debug logging

para.mail.debug = true

- `para-cli me`

{ "id": "app:para", "type": "app", "name": "Para", "stored": true, "indexed": true, "cached": true, "version": 0, "timestamp": 1578199249010, "appid": "para", "votes": 0, "sharingIndex": false, "sharingTable": false, "readOnly": false, "datatypes": {}, "validationConstraints": {}, "resourcePermissions": {}, "active": true, "tokenValiditySec": 604800, "objectURI": "/app/app%3Apara", "plural": "apps", "appIdentifier": "para" }

- `para-cli read --id "app:scoold"`

[ { "id": "app:scoold", "type": "app", "name": "Scoold", "stored": true, "indexed": true, "cached": true, "version": 0, "timestamp": 1578199452730, "appid": "para", "updated": 1578200137887, "votes": 0, "sharingIndex": false, "sharingTable": false, "readOnly": false, "datatypes": {}, "validationConstraints": {}, "resourcePermissions": {}, "active": true, "tokenValiditySec": 604800, "objectURI": "/app/app%3Ascoold", "plural": "apps", "appIdentifier": "scoold" } ]

[albogdano]

Again, I think you have a problem with the database.

1. Check what data you have in MongoDB after you login with GitHub - are there user and profile objects for that user?
2. What happens when you open https://paraenv.com/v1/_setup? If you get a new key every time you refresh, then Para doesn't persist any data to database.

[albogdano]

Also I've just noticed that the Para port is wrong - you're pointing Scoold to port 18080 but Para runs on port 8080 because in your Para config I don't see the port 18080 anywhere.

[mzch]

1. Sorry, I removed all data, so I can't verify it.
2. curl https://paraenv.com/v1/_setup prints:

   {
   "message" : "All set!"
   }

   • para.port is listening for Scoold, isn't it? I think it has nothing to do with communication with Para...

[albogdano]

Yes, I'm sorry, the port is OK. When you delete the data you have to restart Para and initialize it again with GET /v1/setup. Then create a new child app for Scoold and put the new keys for that app in the Scoold configuration file.

On Mon, 6 Jan 2020, 00:45 Koichi MATSUMOTO, notifications@github.com wrote:

1. Sorry, I removed all data, so I can't verify it.
2. curl https://paraenv.com/v1/_setup prints:

{ "message" : "All set!" }

• para.port is listening for Scoold, isn't it? I think it has nothing to do with communication with Para...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Erudika/scoold/issues/141?email_source=notifications&email_token=AACUV6MO6DUOA3Q37JIYRRDQ4JPHPA5CNFSM4J5VUFTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIEBP4Y#issuecomment-570955763, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACUV6MM2VNZYSM5IOUADF3Q4JPHPANCNFSM4J5VUFTA .

[albogdano]

@mzch I can now confirm that this is a bug. :neutral_face: I'm working on a fix.

[mzch]

Oh, thanks for your careful work. I'm looking forward to a new release enormously! 😊

[albogdano]

By the way, does your user password or email contain Japanese characters? The problem seems to appear when you register a new user. The connection form Scoold to Para is OK otherwise.

[mzch]

No, they includes only ASCII chars. Perhaps it appears when registering a new user.

[albogdano]

@mzch Please update Para to 1.34.3, Scoold to 1.36.2, and the Para MongoDB plugin to 1.34.0 and tell me if that fixes the issue.

[mzch]

I updated but unfortunately, this issue isn't fixed... confirmation mail isn't sent.

• para.log in scoold

  2020-01-25 11:44:31,843 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.2 on n09 with PID 13597 (/srv/scoold/scoold-1.36.2.jar started by scoold in /srv/scoold)
  2020-01-25 11:44:31,859 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production
  2020-01-25 11:44:34,600 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 18080...
  2020-01-25 11:44:35,085 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'.
  2020-01-25 11:44:36,776 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English.
  2020-01-25 11:44:36,848 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@6e4784bc, started on Sat Jan 25 11:44:32 PST 2020] and resource loader paths [classpath:templates/]
  2020-01-25 11:44:38,056 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 7.53 seconds (JVM running for 9.283)
  2020-01-25 11:45:00,268 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-25 11:45:00,386 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 11:45:00,402 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 11:45:20,202 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-25 11:45:21,288 [ERROR] com.erudika.para.client.ParaClient - 400 - Failed to authenticate user with 'password'. Check if user is active.
  2020-01-25 11:45:21,330 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

• para.log in para

  2020-01-25 11:41:01,504 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_me coming from app para
  2020-01-25 11:43:29,300 [INFO ] c.e.para.persistence.MongoDBUtils - Created MongoDB table 'para-scoold'.
  2020-01-25 11:43:29,306 [INFO ] com.erudika.para.Para - Created new app 'scoold', sharingTable = false, sharingIndex = false.
  2020-01-25 11:45:00,195 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-25 11:45:00,380 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 11:45:00,400 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 11:45:20,197 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-25 11:45:20,236 [INFO ] com.erudika.para.core.User - Creating new user 'Koichi MATSUMOTO' (mzch@mzch.org) with admin privileges.
  2020-01-25 11:45:21,281 [WARN ] c.e.para.security.SecurityUtils - Account 5e2c9ad0def144730271066e (scoold/mzch@mzch.org) is locked.
  2020-01-25 11:45:21,330 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

[albogdano]

I suggest that you delete delete Para's data directory and also delete all data from MongoDB. Then start from scratch and initialize Para, then create the scoold app again. This is the only way to know for sure if the problem isn't related to the database or configuration.

There was I small issue with in Para which could break signatures but I fixed it and now I can't really see where the problem is.

[mzch]

I deleted data directory and recreated mongodb database, but the result is same. Do you have another idea?

• para.log in scoold

  2020-01-25 13:33:53,846 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.2 on n09 with PID 14479 (/srv/scoold/scoold-1.36.2.jar started by scoold in /srv/scoold)
  2020-01-25 13:33:53,870 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production
  2020-01-25 13:33:56,731 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 18080...
  2020-01-25 13:33:57,113 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'.
  2020-01-25 13:33:58,944 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English.
  2020-01-25 13:33:59,131 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@c267ef4, started on Sat Jan 25 13:33:54 PST 2020] and resource loader paths [classpath:templates/]
  2020-01-25 13:34:00,381 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 8.082 seconds (JVM running for 10.252)
  2020-01-25 13:34:12,465 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-25 13:34:12,549 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 13:34:12,574 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 13:34:33,961 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-25 13:34:35,336 [ERROR] com.erudika.para.client.ParaClient - 400 - Failed to authenticate user with 'password'. Check if user is active.
  2020-01-25 13:34:35,392 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

• para-access.log in para

  107.178.108.171 - - [25/Jan/2020:13:30:37 -0800] "GET /v1/_setup HTTP/1.1" 200 167 "-" "curl/7.64.0"
  107.178.108.171 - - [25/Jan/2020:13:31:23 -0800] "GET /v1/_me HTTP/1.1" 200 494 "-" "-"
  107.178.108.171 - - [25/Jan/2020:13:31:23 -0800] "GET /v1/ HTTP/1.1" 200 80 "-" "-"
  107.178.108.171 - - [25/Jan/2020:13:32:21 -0800] "GET /v1/_setup/scoold?name=Scoold&shared=false HTTP/1.1" 200 169 "-" "-"
  107.178.108.171 - - [25/Jan/2020:13:33:58 -0800] "PUT /v1/_settings HTTP/1.1" 200 0 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:12 -0800] "GET /v1/question/search/default?q=properties.space%3A%22scooldspace%3Adefault%22&limit=30&page=1&sort=timestamp&type=question&desc=true HTTP/1.1" 200 52 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:12 -0800] "GET /v1/_id/language:progress HTTP/1.1" 403 118 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:12 -0800] "PUT /v1/sysprop/language:progress HTTP/1.1" 403 122 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:12 -0800] "PUT /v1/sysprop/language:progress HTTP/1.1" 403 122 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:33 -0800] "GET /v1/_id/mzch@mzch.org HTTP/1.1" 403 114 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:35 -0800] "POST /jwt_auth HTTP/1.1" 400 105 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:34:35 -0800] "GET /v1/_id/mzch@mzch.org HTTP/1.1" 403 114 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  107.178.108.171 - - [25/Jan/2020:13:37:35 -0800] "GET /v1/question/search/default?q=properties.space%3A%22scooldspace%3Adefault%22&limit=30&page=1&sort=timestamp&type=question&desc=true HTTP/1.1" 200 52 "-" "Para client 1.34.3 app:scoold (Java 11.0.5+10-post-Debian-1deb10u1)"
  118.243.18.144 - - [25/Jan/2020:13:37:42 -0800] "GET /github_auth?code=0dac53a8bc320e3d703e&state=scoold HTTP/1.1" 302 0 "https://usercounsel.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"

• para.log in para

  2020-01-25 13:30:06,688 [INFO ] com.erudika.para.Para - --- Para.initialize() [production] ---
  2020-01-25 13:30:06,698 [INFO ] c.erudika.para.core.utils.CoreUtils - Loaded new DAO, Search and Cache implementations - MongoDBDAO, LuceneSearch and CaffeineCache.
  2020-01-25 13:30:06,978 [INFO ] c.e.para.persistence.MongoDBUtils - MongoDB host: 192.168.207.12:27017, database: para
  2020-01-25 13:30:07,067 [INFO ] org.mongodb.driver.cluster - Cluster created with settings {hosts=[192.168.207.12:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
  2020-01-25 13:30:07,353 [INFO ] org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
  2020-01-25 13:30:07,428 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:4610}] to 192.168.207.12:27017
  2020-01-25 13:30:07,472 [INFO ] org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=192.168.207.12:27017, type=REPLICA_SET_PRIMARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 2, 2]}, minWireVersion=0, maxWireVersion=8, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=16217170, setName='rs01', canonicalAddress=192.168.207.12:27017, hosts=[192.168.207.12:27017, 192.168.207.112:27017], passives=[], arbiters=[192.168.207.113:27017], primary='192.168.207.12:27017', tagSet=TagSet{[]}, electionId=7fffffff0000000000000032, setVersion=2, lastWriteDate=Sat Jan 25 13:30:00 PST 2020, lastUpdateTimeNanos=2959652617960671}
  2020-01-25 13:30:07,695 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:4611}] to 192.168.207.12:27017
  2020-01-25 13:30:07,912 [INFO ] c.e.para.persistence.MongoDBUtils - Created MongoDB table 'para'.
  2020-01-25 13:30:08,635 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - root app not found. Open http://localhost:8080/v1/_setup in the browser to initialize Para.
  2020-01-25 13:30:08,655 [INFO ] com.erudika.para.Para - Instance #1 initialized.
  2020-01-25 13:30:09,601 [INFO ] com.erudika.para.ParaServer - Starting ParaServer on n09 with PID 14340 (/srv/para/para-jar-1.34.3.jar started by para in /srv/para)
  2020-01-25 13:30:09,611 [INFO ] com.erudika.para.ParaServer - The following profiles are active: production
  2020-01-25 13:30:10,751 [INFO ] com.erudika.para.ParaServer - Listening on port 8080...
  2020-01-25 13:30:13,409 [INFO ] com.erudika.para.ParaServer - Started ParaServer in 4.749 seconds (JVM running for 11.272)
  2020-01-25 13:30:37,289 [INFO ] com.erudika.para.Para - Created root app 'para', sharingTable = false, sharingIndex = false.
  2020-01-25 13:30:38,917 [INFO ] com.erudika.para.utils.HealthUtils - Server is healthy.
  2020-01-25 13:32:21,725 [INFO ] c.e.para.persistence.MongoDBUtils - Created MongoDB table 'para-scoold'.
  2020-01-25 13:32:21,732 [INFO ] com.erudika.para.Para - Created new app 'scoold', sharingTable = false, sharingIndex = false.
  2020-01-25 13:34:12,461 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-25 13:34:12,547 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 13:34:12,572 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-25 13:34:33,957 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-25 13:34:34,001 [INFO ] com.erudika.para.core.User - Creating new user 'Koichi MATSUMOTO' (mzch@mzch.org) with admin privileges.
  2020-01-25 13:34:35,330 [WARN ] c.e.para.security.SecurityUtils - Account 5e2cb46ac6d38145ed4dc76d (scoold/mzch@mzch.org) is locked.
  2020-01-25 13:34:35,390 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

[albogdano]

I am trying to recreate your environment right now in order to reproduce the problem. I still don't have any more ideas. This is very strange.

[albogdano]

So far so good! I was able to reproduce the problem with your configuration files. I have another set of configuration files which work. I use the same database data so the problem is related to the configuration. I'm still looking for the root cause.

[albogdano]

Ignore the comment above - it turns out I was using the wrong secret key for my Scoold app. The only thing that I can think of is that your access keys are invalid. Please check every access key and also make sure you don't have any spaces in your configuration values for para.access_key and para.secret_key. Also open MongoDB, table para and make sure that the keys for the scoold app are the same as in your Scoold config. I don't see any other issues in the code.

[mzch]

access_key and secret_key contains no spaces and they match the values in mongodb...

[albogdano]

Is Para running behind a firewall or loadbalancer/proxy? Make sure that the proxy is not modifying or filtering the Authorization header in each request. That header contains the signature and should look like this:

AWS4-HMAC-SHA256 Credential=app:scoold/20200126/us-east-1/para/aws4_request, SignedHeaders=host;x-amz-date, Signature=767e368ed147856dc57846634aa2375d0a8a8e8aaca42de83f15ca335d273e65

Issues with firewalls have occurred before as described in issue #122

[albogdano]

@mzch Did you have time to check your firewall configuration and the Authorization header? I added an option to debug request signatures in Para with para.debug_request_signatures = true. This will print out the signatures in the console. The change is currently available in the Para master branch.

[mzch]

@albogdano I use Apache2 and its proxy module. I added RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] to config file, but the result is same...

[mzch]

@albogdano I built scoold from master branch, but scoold doesn't print any signatures...

[albogdano]

You have to rebuild Para from master because that is where the debug option is implemented. Then you should monitor the Para logs for signature information.

On Thu, 30 Jan 2020, 11:03 Koichi MATSUMOTO, notifications@github.com wrote:

@albogdano https://github.com/albogdano I built scoold from master branch, but scoold doesn't print any signatures...

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Erudika/scoold/issues/141?email_source=notifications&email_token=AACUV6LEIKPG3BQEST75VVLRAKJUNA5CNFSM4J5VUFTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKKGVLQ#issuecomment-580151982, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACUV6JEICBITT2S2LBKTDTRAKJUNANCNFSM4J5VUFTA .

[mzch]

@albogdano I rebuilt para and scoold using master branch, but both don't print any signatures...?

• para.log (para)

  2020-01-30 01:56:51,785 [INFO ] com.erudika.para.Para - --- Para.initialize() [production] ---
  2020-01-30 01:56:51,805 [INFO ] c.erudika.para.core.utils.CoreUtils - Loaded new DAO, Search and Cache implementations - MongoDBDAO, LuceneSearch and CaffeineCache.
  2020-01-30 01:56:52,066 [INFO ] c.e.para.persistence.MongoDBUtils - MongoDB host: 192.168.207.12:27017, database: para
  2020-01-30 01:56:52,170 [INFO ] org.mongodb.driver.cluster - Cluster created with settings {hosts=[192.168.207.12:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
  2020-01-30 01:56:52,435 [INFO ] org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
  2020-01-30 01:56:52,672 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:5253}] to 192.168.207.12:27017
  2020-01-30 01:56:52,690 [INFO ] org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=192.168.207.12:27017, type=REPLICA_SET_PRIMARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 2, 2]}, minWireVersion=0, maxWireVersion=8, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=11961273, setName='rs01', canonicalAddress=192.168.207.12:27017, hosts=[192.168.207.12:27017, 192.168.207.112:27017], passives=[], arbiters=[192.168.207.113:27017], primary='192.168.207.12:27017', tagSet=TagSet{[]}, electionId=7fffffff0000000000000032, setVersion=2, lastWriteDate=Thu Jan 30 01:56:44 PST 2020, lastUpdateTimeNanos=3350057856366042}
  2020-01-30 01:56:53,082 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:5254}] to 192.168.207.12:27017
  2020-01-30 01:56:55,381 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - the search index may be corrupted and may have to be rebuilt.
  2020-01-30 01:56:55,413 [INFO ] com.erudika.para.Para - Instance #1 initialized.
  2020-01-30 01:56:56,304 [INFO ] com.erudika.para.ParaServer - Starting ParaServer on n09 with PID 21867 (/srv/para/para-1.34.4-SNAPSHOT.jar started by para in /srv/para)
  2020-01-30 01:56:56,306 [INFO ] com.erudika.para.ParaServer - The following profiles are active: production
  2020-01-30 01:56:57,135 [INFO ] com.erudika.para.ParaServer - Listening on port 8080...
  2020-01-30 01:56:59,629 [INFO ] com.erudika.para.ParaServer - Started ParaServer in 4.208 seconds (JVM running for 11.914)
  2020-01-30 01:59:23,498 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-30 01:59:23,823 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-30 01:59:40,769 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-30 01:59:41,474 [WARN ] c.e.para.security.SecurityUtils - Account 5e2cf752f878e8312815a68b (scoold/mzch@mzch.org) is locked.
  2020-01-30 01:59:41,515 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

• para.log (scoold)

  2020-01-30 01:59:04,216 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.2 on n09 with PID 21998 (/srv/scoold/scoold-1.36.2.jar started by scoold in /srv/scoold)
  2020-01-30 01:59:04,231 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production
  2020-01-30 01:59:06,856 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 18080...
  2020-01-30 01:59:07,282 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'.
  2020-01-30 01:59:11,253 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@5bd03f44, started on Thu Jan 30 01:59:04 PST 2020] and resource loader paths [classpath:templates/]
  2020-01-30 01:59:12,462 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 9.619 seconds (JVM running for 11.459)
  2020-01-30 01:59:23,387 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English.
  2020-01-30 01:59:23,565 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-30 01:59:23,828 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-30 01:59:40,777 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-30 01:59:41,479 [ERROR] com.erudika.para.client.ParaClient - 400 - Failed to authenticate user with 'password'. Check if user is active.
  2020-01-30 01:59:41,517 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

[albogdano]

Did you pull the latest Para source code from GitHub?

On Thu, 30 Jan 2020, 12:03 Koichi MATSUMOTO, notifications@github.com wrote:

@albogdano https://github.com/albogdano I rebuilt para and scoold using master branch, but both don't print any signatures...?

• para.log (para)

2020-01-30 01:56:51,785 [INFO ] com.erudika.para.Para - --- Para.initialize() [production] --- 2020-01-30 01:56:51,805 [INFO ] c.erudika.para.core.utils.CoreUtils - Loaded new DAO, Search and Cache implementations - MongoDBDAO, LuceneSearch and CaffeineCache. 2020-01-30 01:56:52,066 [INFO ] c.e.para.persistence.MongoDBUtils - MongoDB host: 192.168.207.12:27017, database: para 2020-01-30 01:56:52,170 [INFO ] org.mongodb.driver.cluster - Cluster created with settings {hosts=[192.168.207.12:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500} 2020-01-30 01:56:52,435 [INFO ] org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out 2020-01-30 01:56:52,672 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:5253}] to 192.168.207.12:27017 2020-01-30 01:56:52,690 [INFO ] org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=192.168.207.12:27017, type=REPLICA_SET_PRIMARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 2, 2]}, minWireVersion=0, maxWireVersion=8, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=11961273, setName='rs01', canonicalAddress=192.168.207.12:27017, hosts=[192.168.207.12:27017, 192.168.207.112:27017], passives=[], arbiters=[192.168.207.113:27017], primary='192.168.207.12:27017', tagSet=TagSet{[]}, electionId=7fffffff0000000000000032, setVersion=2, lastWriteDate=Thu Jan 30 01:56:44 PST 2020, lastUpdateTimeNanos=3350057856366042} 2020-01-30 01:56:53,082 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:5254}] to 192.168.207.12:27017 2020-01-30 01:56:55,381 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - the search index may be corrupted and may have to be rebuilt. 2020-01-30 01:56:55,413 [INFO ] com.erudika.para.Para - Instance #1 initialized. 2020-01-30 01:56:56,304 [INFO ] com.erudika.para.ParaServer - Starting ParaServer on n09 with PID 21867 (/srv/para/para-1.34.4-SNAPSHOT.jar started by para in /srv/para) 2020-01-30 01:56:56,306 [INFO ] com.erudika.para.ParaServer - The following profiles are active: production 2020-01-30 01:56:57,135 [INFO ] com.erudika.para.ParaServer - Listening on port 8080... 2020-01-30 01:56:59,629 [INFO ] com.erudika.para.ParaServer - Started ParaServer in 4.208 seconds (JVM running for 11.914) 2020-01-30 01:59:23,498 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/language:progress coming from app scoold 2020-01-30 01:59:23,823 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold 2020-01-30 01:59:40,769 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold 2020-01-30 01:59:41,474 [WARN ] c.e.para.security.SecurityUtils - Account 5e2cf752f878e8312815a68b (scoold/mzch@mzch.org) is locked. 2020-01-30 01:59:41,515 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

• para.log (scoold)

2020-01-30 01:59:04,216 [INFO ] com.erudika.scoold.ScooldServer - Starting ScooldServer v1.36.2 on n09 with PID 21998 (/srv/scoold/scoold-1.36.2.jar started by scoold in /srv/scoold) 2020-01-30 01:59:04,231 [INFO ] com.erudika.scoold.ScooldServer - The following profiles are active: production 2020-01-30 01:59:06,856 [INFO ] com.erudika.scoold.ScooldServer - Listening on port 18080... 2020-01-30 01:59:07,282 [INFO ] com.erudika.scoold.ScooldServer - Initialized ParaClient with endpoint https://paraenv.com and access key 'app:scoold'. 2020-01-30 01:59:11,253 [INFO ] c.e.s.velocity.SpringResourceLoader - SpringResourceLoader for Velocity: using resource loader [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@5bd03f44, started on Thu Jan 30 01:59:04 PST 2020] and resource loader paths [classpath:templates/] 2020-01-30 01:59:12,462 [INFO ] com.erudika.scoold.ScooldServer - Started ScooldServer in 9.619 seconds (JVM running for 11.459) 2020-01-30 01:59:23,387 [INFO ] c.e.scoold.utils.LanguageUtils - Default language map not set, loading English. 2020-01-30 01:59:23,565 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/language:progress coming from app scoold 2020-01-30 01:59:23,828 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold 2020-01-30 01:59:40,777 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold 2020-01-30 01:59:41,479 [ERROR] com.erudika.para.client.ParaClient - 400 - Failed to authenticate user with 'password'. Check if user is active. 2020-01-30 01:59:41,517 [ERROR] com.erudika.para.client.ParaClient - 403 - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Erudika/scoold/issues/141?email_source=notifications&email_token=AACUV6PACXQGW2NFXMYU5OLRAKQYJA5CNFSM4J5VUFTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKKNFRQ#issuecomment-580178630, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACUV6JJYYBXP5Y2RKAU7NTRAKQYJANCNFSM4J5VUFTA .

[mzch]

Yes, did git clone both repositories.

[albogdano]

I'm really sorry about that! I forgot to push the latest changes to Github. :neutral_face: Just do a git pull origin master for Para and add para.debug_request_signatures = true to your Para configuration then restart Para and try again.

[mzch]

Hi, I got it.

• para.log (para)

  2020-01-30 15:48:53,697 [INFO ] com.erudika.para.Para - --- Para.initialize() [production] ---
  2020-01-30 15:48:53,706 [INFO ] c.erudika.para.core.utils.CoreUtils - Loaded new DAO, Search and Cache implementations - MongoDBDAO, LuceneSearch and CaffeineCache.
  2020-01-30 15:48:54,013 [INFO ] c.e.para.persistence.MongoDBUtils - MongoDB host: 192.168.207.12:27017, database: para
  2020-01-30 15:48:54,120 [INFO ] org.mongodb.driver.cluster - Cluster created with settings {hosts=[192.168.207.12:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
  2020-01-30 15:48:54,421 [INFO ] org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
  2020-01-30 15:48:54,622 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:5334}] to 192.168.207.12:27017
  2020-01-30 15:48:54,640 [INFO ] org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=192.168.207.12:27017, type=REPLICA_SET_PRIMARY, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 2, 2]}, minWireVersion=0, maxWireVersion=8, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=9999694, setName='rs01', canonicalAddress=192.168.207.12:27017, hosts=[192.168.207.12:27017, 192.168.207.112:27017], passives=[], arbiters=[192.168.207.113:27017], primary='192.168.207.12:27017', tagSet=TagSet{[]}, electionId=7fffffff0000000000000032, setVersion=2, lastWriteDate=Thu Jan 30 15:48:51 PST 2020, lastUpdateTimeNanos=3399979806433276}
  2020-01-30 15:48:55,076 [INFO ] org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:5335}] to 192.168.207.12:27017
  2020-01-30 15:48:56,706 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - the search index may be corrupted and may have to be rebuilt.
  2020-01-30 15:48:56,732 [INFO ] com.erudika.para.Para - Instance #1 initialized.
  2020-01-30 15:48:57,720 [INFO ] com.erudika.para.ParaServer - Starting ParaServer on n09 with PID 26993 (/srv/para/para-1.34.4-SNAPSHOT.jar started by para in /srv/para)
  2020-01-30 15:48:57,730 [INFO ] com.erudika.para.ParaServer - The following profiles are active: production
  2020-01-30 15:48:58,524 [INFO ] com.erudika.para.ParaServer - Listening on port 8080...
  2020-01-30 15:49:00,983 [INFO ] com.erudika.para.ParaServer - Started ParaServer in 4.245 seconds (JVM running for 11.309)
  2020-01-30 15:49:36,383 [INFO ] c.e.para.security.SecurityUtils - Incoming client signature for request PUT /v1/_settings: 999ac0abcd7d00bb97660f9bdad258681a5b1c5f18594bfa8075861fa30de559 == 999ac0abcd7d00bb97660f9bdad258681a5b1c5f18594bfa8075861fa30de559 calculated by server, matching: true
  2020-01-30 15:49:56,719 [INFO ] c.e.para.security.SecurityUtils - Incoming client signature for request GET /v1/_id/language:progress: 0a8bb3120a83c016a292eaa45d286d0634f43bcd16320cc98acd7287798a5195 == cf3d38df771582839ef93018ba9cc47a34e960192d1689135b7d236b8c20430c calculated by server, matching: false
  2020-01-30 15:49:56,786 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/language:progress coming from app scoold
  2020-01-30 15:49:57,018 [INFO ] c.e.para.security.SecurityUtils - Incoming client signature for request PUT /v1/sysprop/language:progress: 2c1b13058d789cdcd73529e8dfe2ed2c4ce912e2db42b51431ddf1363bd4a68a == 359439da268b6939933dccff8e321fbcd2d7c3ff1a638bad4aedee497f80e3b8 calculated by server, matching: false
  2020-01-30 15:49:57,021 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request PUT /v1/sysprop/language:progress coming from app scoold
  2020-01-30 15:50:10,764 [INFO ] c.e.para.security.SecurityUtils - Incoming client signature for request GET /v1/_id/mzch@mzch.org: 1f997639ec0bf087e1747d83838a87c6d27f626f9ad1723f1619ea1b209f9a8e == d0661b46b452efa24f989218a88dbbcfa497980490c8164a0c7ce4e99cc2446c calculated by server, matching: false
  2020-01-30 15:50:10,768 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold
  2020-01-30 15:50:11,489 [WARN ] c.e.para.security.SecurityUtils - Account 5e2cf752f878e8312815a68b (scoold/mzch@mzch.org) is locked.
  2020-01-30 15:50:11,540 [INFO ] c.e.para.security.SecurityUtils - Incoming client signature for request GET /v1/_id/mzch@mzch.org: c080edb1b3258265fea1efdc2dd60677c2a633ca7c52b8bd7fdd61efbc5835fd == 92826456fb5b74a89cb0ac42e0b00acc0317326b94c5f885e8125821d8b7bb30 calculated by server, matching: false
  2020-01-30 15:50:11,543 [WARN ] c.e.para.security.SecurityUtils - Invalid signature for request GET /v1/_id/mzch@mzch.org coming from app scoold

[albogdano]

Well, apparently the Authorization header is not filtered but somehow the signatures coming from the client are incorrect. Have you tried connecting to Para from Postman with the access keys for Scoold and executing GET https://paraenv.com/v1/_me (set the authentication in Postman to AWS V4). What is the result?

EDIT: I have just noticed that the first request to /v1/_settings does have the correct signature... something strange is happening here!

[albogdano]

2020-01-30 15:48:56,706 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - the search index may be corrupted and may have to be rebuilt.

You should rebuild your index with POST /v1/_reindex using you root app keys or run

para-cli rebuild-index --accessKey "app:para" --secretKey "secret_for_root_app" --endpoint "https://paraenv.com"

[mzch]

Postman's result is here. I'm not sure the I put correct parameters...

When executing para-cli rebuild-index, para-cli printed as below:

{
  "tookMillis": 539,
  "reindexed": 2
}

But signup was failed because of the same error.

[albogdano]

Select AWS authentication:

[mzch]

I got:

{
  "code": 403,
  "message": "Invalid signature for request GET /v1/_me/ coming from app scoold"
}

[albogdano]

Really?! Did you clear all other headers and parameters in Postman? I just don't understand how this is possible... What about trying the same with para-cli:

para-cli me --accessKey "app:scoold" --secretKey "secret_for_scoold" --endpoint "https://paraenv.com" 

Have you tried generating a new app secret for Scoold with

para-cli new-key --accessKey "app:scoold" --secretKey "secret_for_scoold" --endpoint "https://paraenv.com" 

[mzch]

Yes, and I regenerate a new key and tried para-cli me.

{
  "id": "app:scoold",
  "type": "app",
  "name": "Scoold",
  "stored": true,
  "indexed": true,
  "cached": true,
  "version": 0,
  "timestamp": 1580484593094,
  "appid": "para",
  "votes": 0,
  "sharingIndex": false,
  "sharingTable": false,
  "readOnly": false,
  "datatypes": {},
  "validationConstraints": {},
  "resourcePermissions": {},
  "active": true,
  "tokenValiditySec": 604800,
  "objectURI": "/app/app%3Ascoold",
  "appIdentifier": "scoold",
  "plural": "apps"
}

EDIT: I tried to sign up, but [ERROR] 403 - Invalid signature for request

[albogdano]

Alright! In case anyone encounters the same issue in the future - the reason for this was a misconfigured Apache proxy server which modified encoding of the URL for some requests. This resulted in some of the requests having invalid signatures. These failed requests had @ or : symbols in the URL so they failed. The solution was to add nocanon to the line containing ProxyPass in the Apache configuration.

[holypriest]

2020-01-30 15:48:56,706 [WARN ] com.erudika.para.utils.HealthUtils - Server is unhealthy - the search index may be corrupted and may have to be rebuilt.

You should rebuild your index with POST /v1/_reindex using you root app keys or run

para-cli rebuild-index --accessKey "app:para" --secretKey "secret_for_root_app" --endpoint "https://paraenv.com"

Hey, @albogdano. Every time I terminate my Para server and start it again, I receive the warning asking to rebuild the index. Then I execute the rebuild-index command, and it happens over and over. Am I doing something wrong or this is really expected?

[albogdano]

@holypriest There's something wrong in your case. Rebuilding the index should only happen in rare cases where the underlying database schema has changed or when the server is migrated to another database. My guess is that you are running Para inside a container and somehow the index is not persisted to disk.

[albogdano]

Adding some more info to this issue - some users have an Nginx server in front of Para which may be configured to not forward all requests to Para which will result in the error:

Invalid signature for request PUT /v1/_settings coming from app 'myapp' (Para client 1.37.1 app:myapp (Java 1.8.0_212-b04))

In this case make sure your Nginx configuration contains these lines:

location / {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
}

[aryankhandal0]

I have been having this problem because of @ and : in /v1/profile when deploying the setup to Azure.

The request para should receive is: PUT /v1/_id/5f7e8e586990d44055c9205g%3Aprofile but Azure IIS is automatically decoding it to: PUT /v1/_id/5f7e8e586990d44055c9205g:profile which causes an signature mismatch.

I cannot change headers in Azure App Service like in Apache or Nginx, is there a workaround for this.

[albogdano]

@aryankhandal0 Definitely check for any options in Azure for disabling URI decoding of request paths or contact Azure support. There's no workaround in Para for this.

[vutratenko]

I'm having the same issue as @aryankhandal0 on my bare metal installation. I need to run re-index each time I run Para

[albogdano]

@vutratenko If you need to re-index the data on each run then you probably haven't configured a place where to store the search index. Para stores the index in ./data by default. If you have a read-only file system or no permissions to write to disk, the index will be lost.