search

Laravel-Backpack / LogManager

An interface to preview, download and delete Laravel log files, using Backpack.
http://backpackforlaravel.com
Other
275 stars 56 forks source link

Payload invalid, DecryptException thrown #28

Closed sheriffmarley closed 5 years ago

sheriffmarley commented 5 years ago

Bug report

What I did:

I tried to access a log file (laravel-2019-05-19.log)

What I expected to happen:

Show the logfile

What happened:

A DecryptException was thrown The payload is invalid. {"userId":1,"exception":"[object] (Illuminate\\Contracts\\Encryption\\DecryptException(code: 0): The payload is invalid. at /var/www/html/main/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:195)

What I've already tried to fix it:

Since the filename seems to be only a base64 encoded string, I replaced decrypt($file_name) with base64_decode($file_name) and it worked.

Backpack, Laravel, PHP, DB version:

Backpack: 3.6.21 LogManager: 2.3.26 Laravel: 5.8.17 PHP: 7.3.3

welcome[bot] commented 5 years ago

Hello there! Thanks for opening your first issue on this repo!

Just a heads-up: Here at Backpack we use Github Issues only for tracking bugs. Talk about new features is also acceptable. This helps a lot in keeping our focus on improving Backpack. If you issue is not a bug/feature, please help us out by closing the issue yourself and posting in the appropriate medium (see below). If you're not sure where it fits, it's ok, a community member will probably reply to help you with that.

Backpack communication mediums:

Please keep in mind Backpack offers no official / paid support. Whatever help you receive here, on Gitter, Slack or Stackoverflow is thanks to our awesome awesome community members, who give up some of their time to help their peers. If you want to join our community, just start pitching in. We take pride in being a welcoming bunch.

Thank you!

-- Justin Case The Backpack Robot

tabacitu commented 5 years ago

Hi @sheriffmarley ,

Yes, we've indeed changed the filename encryption from base64 to Laravel's default - we believe that's better security. With encrypt()/decrypt() people can't base64encode a filename they want, and pass it to the URL. Not even admins, which we usually trust.

You can see in my link above that the changes have been both in the LogController, and in the blade files. I suspect you've run composer update, so have the latest controller, but have the old blade file, by having published it to your resources/views/vendor/backpack/logmanager/logs.blade.php. If your blade file uses base64 instead of encrypt/decrypt, take a look at the changes we've made in the link above (they're super simple) and do them to your blade file too.

Cheers!

666lampshadesOG commented 5 years ago

Bug report

What I did:

Tried following this answer but no luck: https://github.com/Laravel-Backpack/LogManager/issues/28#issuecomment-494299732 ( i have the correct blade files )

I get errors when I view the logs.

I deleted the logmanager folder and reinstalled with composer with the following settings

        "backpack/base": "^1.0",
        "backpack/crud": "^3.5",
        "backpack/logmanager": "^2.3",

What I expected to happen:

I expected I could view my logs.

What happened:

When I view log, I get error

domain.co/admin/log/preview/bGFyYXRlbC0yMEE5LTA4LTMxLmxvZw==

 Illuminate \ Contracts \ Encryption \ DecryptException
The payload is invalid.
vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php
        if (! $this->validPayload($payload)) {
            throw new DecryptException('The payload is invalid.');
        }

What I've already tried to fix it:

Tried deleting the logmanager folder and reinstalling with composer.

Tried deleting all log files

Backpack, Laravel, PHP, DB version:

"backpack/base": "^1.0",
"backpack/crud": "^3.5",
"backpack/logmanager": "^2.3",
"laravel/framework": "5.7.*",
"php": "^7.1.3",
Bajranggithub commented 1 year ago

Illuminate \ Contracts \ Encryption \ DecryptException The payload is invalid.