search

YunoHost-Apps / vaultwarden_ynh

Open source password management solutions for YunoHost
https://bitwarden.com/
GNU General Public License v3.0
57 stars 17 forks source link

Unable to login to admin console with token #85

Closed zyphlar closed 4 years ago

zyphlar commented 4 years ago

I have the token saved, and confirmed the token in /etc/yunohost/apps/bitwarden/settings.yml, but even copy-pasting it straight out of the settings with no whitespace results in a login error. Any ideas? Otherwise bitwarden seems to work fine. It's exhibiting this behavior before the latest version upgrade and also afterwards.

Here's a screenshot: Screenshot from 2020-06-20 21-41-17

Here are the nginx error logs:

2020/06/21 03:38:47 [error] 32606#32606: *336 open() "/var/www/bitwarden/ynh_portal.js" failed (2: No such file or directory), client: MY_IP_HERE, server: myurl.example.com, request: "GET /ynh_portal.js HTTP/2.0", host: "myurl.example.com", referrer: "https://myurl.example.com/admin"
2020/06/21 03:38:47 [error] 32606#32606: *336 open() "/var/www/bitwarden/ynh_overlay.css" failed (2: No such file or directory), client: MY_IP_HERE, server: myurl.example.com, request: "GET /ynh_overlay.css HTTP/2.0", host: "myurl.example.com", referrer: "https://myurl.example.com/admin"
2020/06/21 03:38:47 [error] 32606#32606: *336 open() "/var/www/bitwarden/ynhtheme/custom_portal.js" failed (2: No such file or directory), client: MY_IP_HERE, server: myurl.example.com, request: "GET /ynhtheme/custom_portal.js HTTP/2.0", host: "myurl.example.com", referrer: "https://myurl.example.com/admin"
2020/06/21 03:38:47 [error] 32606#32606: *336 open() "/var/www/bitwarden/ynhtheme/custom_overlay.css" failed (2: No such file or directory), client: MY_IP_HERE, server: myurl.example.com, request: "GET /ynhtheme/custom_overlay.css HTTP/2.0", host: "myurl.example.com", referrer: "https://myurl.example.com/admin"

Access logs:

MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /admin/ HTTP/2.0" 200 5991 "-" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /bwrs_static/md5.js HTTP/2.0" 200 12390 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /bwrs_static/identicon.js HTTP/2.0" 200 8131 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /bwrs_static/bootstrap-native-v4.js HTTP/2.0" 200 69453 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /ynh_portal.js HTTP/2.0" 404 901 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /ynh_overlay.css HTTP/2.0" 404 901 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /ynhtheme/custom_portal.js HTTP/2.0" 404 901 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /ynhtheme/custom_overlay.css HTTP/2.0" 404 901 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /bwrs_static/bootstrap.css HTTP/2.0" 200 199148 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /bwrs_static/shield-white.png HTTP/2.0" 200 2728 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:39:44 +0000] "GET /ynh_portal.js HTTP/2.0" 404 901 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
MY_IP_HERE - - [21/Jun/2020:04:41:07 +0000] "POST /admin/ HTTP/2.0" 303 934 "https://myurl.example.com/admin/" "MY_USERAGENT_HERE"
yalh76 commented 4 years ago

So if I understand well, you have never been able to use your bitwarden instance ? Maybe you should remove and reinstall bitwarden

By the way, the real admintoken used by bitwarden is stored in /var/www/bitwarden/live/bitwarden_rs.env so check this one.

you can also check bitwarden services running journalctl -feu bitwarden when trying to log, you will se what happens

zyphlar commented 4 years ago

Thanks @yalh76 the ADMIN_TOKEN listed at that location is the same and also doesn't work. The journalctl command just confirms "Invalid admin token". Is there a good way of kicking bitwarden or debugging its process to get it to work or see why it's broken? I'm an experienced admin/programmer but I use yunohost so I don't need to dig into the internals, thus now I'm ignorant of the internals ;)

I have been able to use bitwarden, I use it every day and it's great, I'm just now hitting a brick wall trying to login as an admin (because I want to add a new user, which I'm also struggling with)

yalh76 commented 4 years ago

Do you still have the original email sent during install with the admin token to see if it has changed ?

The issue comes after and upgrade or you don't know ?

zyphlar commented 4 years ago

I don't see an original email with token in my inbox, the token is very long and random so it's possible I generated and entered it myself. I haven't tried to login to the admin side in many months so I'm unsure if an upgrade was the cause but the most recent upgrade was not the cause; I noticed the issue, upgraded, and the issue persisted. Do you know how to reboot bitwarden specifically? It's not listed in init.d On Sat, 2020-06-27 at 09:09 -0700, yalh76 wrote:

Do you still have the original email sent during install with the admin token to see if it has changed ? The issue comes after and upgrade or you don't know ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

zyphlar commented 4 years ago

I rebooted the server and tried again, but the contents of bitwarden_rs.env's ADMIN_TOKEN=cMAfqcLfznW6dryKD4UiKpmfVylMXtzNEz9zqtYLLIEBh6B8NUvSVgsII1bSqrGC (as an example, not my real token) still fails to login. The logs say Jul 16 23:14:48 <my_domain> bitwarden_rs[1000]: Error: Invalid admin token. IP: <my_ip>

What part of the codebase reads this ADMIN_TOKEN and compares the entered token to the configured token? Maybe I can debug.

FYI the top of the logs say this, maybe that has something to do with it. Is there another config file besides bitwarden_rs.env?

Jul 16 22:49:28 <my_domain> bitwarden_rs[1000]: [WARNING] The following environment variables are being overriden by the config file,
Jul 16 22:49:28 <my_domain> bitwarden_rs[1000]: [WARNING] please use the admin panel to make changes to them:
Jul 16 22:49:28 <my_domain> bitwarden_rs[1000]: [WARNING] DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME

EDIT: found it. The real admin token was here: /var/www/bitwarden/live/data/config.json -- we can close this ticket, or maybe update documentation to suggest these two file paths and logs as ways to help others figure out what their admin tokens are.

yalh76 commented 4 years ago

Well I made a fresh bitwarden install, and there is no /var/www/bitwarden/live/data/config.json, I don't know where that file comes from in your installation

zyphlar commented 4 years ago

I may have changed the config via the web interface. If you change the admin token in the admin interface, maybe the config file gets created but the ENV files aren't updates?

On Wed, Jul 22, 2020, 1:51 PM yalh76 notifications@github.com wrote:

Well I made a fresh bitwarden install, and there is no /var/www/bitwarden/live/data/config.json, I don't know where that file comes from in your installation

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/YunoHost-Apps/bitwarden_ynh/issues/85#issuecomment-662689893, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL2MWBGT7OOSK66JA7KALR45GOFANCNFSM4ODV6JYQ .

yalh76 commented 4 years ago

Yes exactly, when some change are made, they are stored in the /var/www/bitwarden/live/data/config.json. So you may have changed your token, that could explain why you wasn't able to connect.