Gredin67
commented
3 years ago same issue here! Is there maybe some issue coming from the yunohost authorization management system? @yalh76
Open slowphil opened 3 years ago
Gredin67
commented
3 years ago same issue here! Is there maybe some issue coming from the yunohost authorization management system? @yalh76
Gredin67
commented
3 years ago @alexAubin
yalh76
commented
3 years ago same issue here! Is there maybe some issue coming from the yunohost authorization management system? @yalh76
5.7~ynh1 is two months old ... so, first impression would be that this is not related to YunoHost authorizations ...
Can you provide:
Gredin67
commented
3 years ago 4.1.8 (stable) https://paste.yunohost.org/raw/lobeyonowe
slowphil
commented
3 years ago Same here, Yunohost 4.1.8. I can also send the logs, but now that the problem is confirmed I doubt it will be useful to have two similar logs. Tell me if you do want it.
Note also that this wordpress update was proposed only fairly recently in the admin GUI. Not sure why, but I guess it was after the manifest was updated, 17 days ago.
After the upgrade script for wordpress_ynh was created, Yunohost itself was upgraded to 4.1.8... Could this newer yunohost version explain why the upgrade fails this way now?
yalh76
commented
3 years ago Well after some tests :
5.7~ynh15.6~ynh1 and upgrade to 5.7~ynh1No authentication problem.
And that don't seems to be related to folder rights/chown||chmod
You should look at nginx logs or activate wordpress debug logs
Christophe31
commented
3 years ago there is a new permission to add in yunohost (your wordpress app name + "(admin)")
Gredin67
commented
3 years ago Indeed I first had to login in the yunohost SSO and then to wp-admin with the an account that has following permission in the Yunohost permission system: your wordpress app name + "(admin)")
slowphil
commented
3 years ago I took the time to attempt that upgrade again and confirm the issue:
People who could access wp-admin and edit the site before the upgrade, can no longer after the upgrade (bad password at wp-login), even though they were given the new "wordpress (admin)" permission, just like in the original report. Strangely, my own account could enter wp-admin, but I had been downgraded from administrator to subscriber, so that I could not fix anything from inside wp itself.
In order to fix these issues I used phpMyAdmin to adjust the content of wordpress' database: I cleared all passwords in wp_users table and added a line with "authLDAP 1" for each users in the wp_usermeta table. I'm not sure both changes are needed, but access to wp-admin was restored after that. (Of course I also had to manually give back admin right to my account).
The only thing that may be non standard in our setup is that the owner of the original yunohost account that was declared admin at wordpress install is no longer active, after which I had given my own account administrator role in wp.
To sum up, the issue is reproducible, but it can be fixed using external tools. I let you decide wether to close the issue or keep it open.
ImaCrea
commented
2 years ago ok same problem here. Each time I connect, the user lost admin privilege and I have to fix it with phpMyAdmin, not really usable.
I started a thread on the forum actually, didn't have the idea to come here first ^^' https://forum.yunohost.org/t/impossible-dacceder-a-wp-admin/18987/9
ImaCrea
commented
2 years ago there is a new permission to add in yunohost (your wordpress app name + "(admin)")
I'm not sure where to find that, could you help please @Christophe31 (or @Gredin67 ) ? Where am I supposed to find and set this permission please?
Christophe31
commented
2 years ago Yunohost user admin, you have a button for users permissions management.
There you can add permissions to users.
ImaCrea
commented
2 years ago Yunohost user admin, you have a button for users permissions management.
There you can add permissions to users.
can you share a screenshot please @Christophe31 ?
ImaCrea
commented
2 years ago are we talking about this ?
then as you can see I've added wordpress (admin). it adds in deed a cube on the yunohost front end to access wp-admin but that doesn't solve the bug we're talking here, which is the user loose it's admin privilege on wordpress side.
Christophe31
commented
2 years ago I suppose your user also have the normal WordPress permission through a group. Then it's not exactly the same issue than the one I faced and try to document here in may 2021.
ImaCrea
commented
2 years ago I took the time to attempt that upgrade again and confirm the issue:
People who could access wp-admin and edit the site before the upgrade, can no longer after the upgrade (bad password at wp-login), even though they were given the new "wordpress (admin)" permission, just like in the original report. Strangely, my own account could enter wp-admin, but I had been downgraded from administrator to subscriber, so that I could not fix anything from inside wp itself.
In order to fix these issues I used phpMyAdmin to adjust the content of wordpress' database: I cleared all passwords in wp_users table and added a line with "authLDAP 1" for each users in the wp_usermeta table. I'm not sure both changes are needed, but access to wp-admin was restored after that. (Of course I also had to manually give back admin right to my account).
The only thing that may be non standard in our setup is that the owner of the original yunohost account that was declared admin at wordpress install is no longer active, after which I had given my own account administrator role in wp.
To sum up, the issue is reproducible, but it can be fixed using external tools. I let you decide wether to close the issue or keep it open.
Hello @slowphil , thanks for your explanation. I was wondering if the admin privilege are kept stable ? Cause in my case, my admin user keeps being resetted to subscriber each time I log with it. So I go to phpmyadmin to update capabilities of the account every time :/
More info there: https://forum.yunohost.org/t/impossible-dacceder-a-wp-admin/18987/9
I was wondering if it could be related to how authLdap plugin is set 🤔
I installed wordress_ynh past november on a RPi 4, and did all the upgrades of the OS, and Yunohost since then. After last upgrade of worpress_ynh (5.6->5.7) none of the users can enter the admin-wp : bad password, access denied (even though I had granted the new "wordpress (admin)" permission to all that needed it).
That's bad but the issue is made worse by the fact that restoring the pre-upgrade backup does not fix the "access denied" issue.
However restoring the daily backup before the upgrade worked.
By inspecting the upgrade script, I see that changes are made to the permissions (and wp-cli is installed in wp) before making the "pre-upgrade" backup. This explains why the restoration fails. And I guess it illustrates that a pre-upgrade backup should really record the state of the system before anything is changed. However it does not explain (for me) why the changes in the permissions broke our wordpress. I can provide the upgrade log if needed.