search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
15.64k stars 972 forks source link

Error: Failed to find refresh token when inviting new members #1640

Open engrrio07 opened 7 months ago

engrrio07 commented 7 months ago

Describe the bug

When new members receive an invite they get redirected to log-in page immediately instead of sign-up page and encounters 400 Bad Request on /api/v1/auth/token route.

To Reproduce

Steps to reproduce the behavior:

  1. Invite new member
  2. New member receives email and click's on Join now
  3. New member redirects to log-in page instead of sign-up page
  4. token on network requests fails with 400 Bad Request status on /api/v1/auth/token

Expected behavior

New user should be able to sign-up

Screenshots

image

Platform you are having the issue on:

Self-hosted infisical running on Kubernetes deployed via infisical-standalone/1.0.6 helm chart

Additional context

jugrajsingh commented 7 months ago

My Deployment had the same issue. I disabled signups.

The Objective is to disable signups so no unwanted user can signup to the instance while allowing invited users to login.

dmweapon commented 7 months ago

I have same issue... and my backend log from command "docker logs infisical-backend" below

{"level":50,"time":1712641055737,"pid":1,"hostname":"46f996033a09","reqId":"req-2ph","severity":"ERROR","err":{"type":"UnauthorizedError","message":"Token missing","stack":"Unauthorized access: Token missing\n at Object. (file:///backend/dist/server/plugins/auth/verify-auth.mjs:13:11)\n at hookIterator (/backend/node_modules/fastify/lib/hooks.js:405:10)\n at next (/backend/node_modules/fastify/lib/hooks.js:239:18)\n at handleResolve (/backend/node_modules/fastify/lib/hooks.js:250:7)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","name":"Unauthorized access"},"msg":"Token missing"} {"level":30,"time":1712641055737,"pid":1,"hostname":"46f996033a09","reqId":"req-2ph","severity":"INFO","res":{"statusCode":403},"responseTime":0.8920488357543945,"msg":"request completed"}

is it about Object.handler...? it contains strange path...? I think path of "verify-auth.mjs" is wrong...

(using version3 of "docker-compose.prod.yml" file)

maidul98 commented 7 months ago

@akhilmhdh can you please take a look at this when you have time?

pat-s commented 7 months ago

For a while I thought this might be a local issue of mine but I am unable to login anymore after my docker-compose based installation has upgraded itself lately to the latest docker tag. I can't fully traceback which updated introduced it but right now I can't login with any account anymore and resetting the PW also does not work :/

sjugraj commented 4 months ago

Any Fix Available Here?

maidul98 commented 4 months ago

The issues mentioned in this thread are similar but a bit different from one another. I suggest creating a separate issue if your bug is not the same as @engrrio07.

Can you please share a screenshare using Loom @engrrio07, we are unable to reproduce on our end

whchi commented 2 months ago

I just had the same issue using v0.80.0-postgres.

My situation is that I need to restrict sign-ups to only my company's email domain.

I wanted to set the "INVITE_ONLY_SIGNUP" environment variable, but it didn't seem to work. So I did this instead:

  1. Allow user signups => all
  2. Restrict signup by email domain(s)

This worked for me. Although it achieved my goal, it's not a real "invite only" feature. I hope this feature can be completed some day.

IamLunchbox commented 2 months ago

I can reconfirm this issue on the current release (v0.82.1-postgres) in a compose deployment.

The backend logs are the following:

{"level":30,"time":1725959543097,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6r","severity":"INFO","req":{"method":"GET","url":"/signupinvite?token=f9084d08f8fbb1c471fa778fcbcd5245&to=test@example.org&organization_id=12345","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35826},"msg":"incoming request"}
{"level":30,"time":1725959543114,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6r","severity":"INFO","res":{"statusCode":200},"responseTime":16.53204199951142,"msg":"request completed"}
{"level":30,"time":1725959543327,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6s","severity":"INFO","req":{"method":"GET","url":"/images/loading/loading.gif","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35826},"msg":"incoming request"}
{"level":30,"time":1725959543332,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6s","severity":"INFO","res":{"statusCode":304},"responseTime":5.2719979993999,"msg":"request completed"}
{"level":30,"time":1725959543575,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6t","severity":"INFO","req":{"method":"GET","url":"/api/v1/admin/config","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35826},"msg":"incoming request"}
{"level":30,"time":1725959543577,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6u","severity":"INFO","req":{"method":"GET","url":"/locales/en/translations.json","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35830},"msg":"incoming request"}
{"level":30,"time":1725959543583,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6u","severity":"INFO","res":{"statusCode":304},"responseTime":6.1707300003618,"msg":"request completed"}
{"level":30,"time":1725959543586,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6t","severity":"INFO","res":{"statusCode":304},"responseTime":10.663064999505877,"msg":"request completed"}
{"level":30,"time":1725959543643,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6v","severity":"INFO","req":{"method":"GET","url":"/api/v1/user","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35826},"msg":"incoming request"}
{"level":50,"time":1725959543644,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6v","severity":"ERROR","err":{"type":"UnauthorizedError","message":"Token missing","stack":"Unauthorized access: Token missing\n    at Object.<anonymous> (file:///backend/dist/server/plugins/auth/verify-auth.mjs:13:11)\n    at hookIterator (/backend/node_modules/fastify/lib/hooks.js:405:10)\n    at next (/backend/node_modules/fastify/lib/hooks.js:239:18)\n    at handleResolve (/backend/node_modules/fastify/lib/hooks.js:250:7)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","name":"Unauthorized access"},"msg":"Token missing"}
{"level":30,"time":1725959543646,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6v","severity":"INFO","res":{"statusCode":403},"responseTime":1.9719770001247525,"msg":"request completed"}
{"level":30,"time":1725959543646,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6w","severity":"INFO","req":{"method":"POST","url":"/api/v1/auth/token","hostname":"infisical.example.org","remoteAddress":"10.0.0.1","remotePort":35830},"msg":"incoming request"}
{"level":50,"time":1725959543648,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6w","severity":"ERROR","err":{"type":"BadRequestError","message":"Failed  to find refresh token","stack":"Auth token route: Failed  to find refresh token\n    at Object.handler (file:///backend/dist/server/routes/v1/auth-router.mjs:84:15)\n    at preHandlerCallback (/backend/node_modules/fastify/lib/handleRequest.js:137:37)\n    at validationCompleted (/backend/node_modules/fastify/lib/handleRequest.js:121:5)\n    at preValidationCallback (/backend/node_modules/fastify/lib/handleRequest.js:98:5)\n    at next (/backend/node_modules/fastify/lib/hooks.js:233:9)\n    at handleResolve (/backend/node_modules/fastify/lib/hooks.js:250:7)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","name":"Auth token route"},"msg":"Failed  to find refresh token"}
{"level":30,"time":1725959543649,"pid":1,"hostname":"a36d18bb41ac","reqId":"req-6w","severity":"INFO","res":{"statusCode":400},"responseTime":2.8964769998565316,"msg":"request completed"}