Login link leads to 404

[nickolanaous]

Hello,

First of all, congratulations on the great tool - I have always been looking for something similar. I installed the package and here is my wp-cli info:

:~/nickola# wp --info

PHP binary: /usr/bin/php7.0 PHP version: 7.0.14-1+deb.sury.org~xenial+1 php.ini used: /etc/php/7.0/cli/php.ini WP-CLI root dir: phar://wp-cli.phar WP-CLI packages dir: /root/.wp-cli/packages/ WP-CLI global config:
WP-CLI project config:
WP-CLI version: 1.0.0

I already have an existing WordPress installation that I wanted to test with and I have issued the following command:

:~/nickola# wp login create 1 --path=/path/to/existing/wp/install/

Success: Magic login link created!

-----------------------------------------------------------
http://xyzasdqwerty.com/410b1ba7/063a9c9809-c7f6d8-e68584
-----------------------------------------------------------
This link will self-destruct in 15 minutes, or as soon as it is used; whichever comes first.

I have made sure that the accompanying WordPress plugin is enabled. Regardless of this, following the link sends me to 404. This happens on a vanilla WordPress installation, standard LAMP stack on Linode, running on Ubuntu and PHP7.

Mod_rewrite is enabled on the server, if that matters, and the default WordPress .htaccess rules are in place.

Can you please suggest how can I resolve this problem.

Thanks!

Nickola

[aaemnnosttv]

Hey there! Thanks for the detailed report.

To start troubleshooting, the first thing I would recommend would be running

wp login install --activate --yes

This will update the installed server plugin with the bundled version.

Then, try again with a new login link. Also, have you tried running the command from the root of the site rather than specifying the path in the command? It shouldn't matter if it generates it successfully; just curious.

[nickolanaous]

Hey, thanks for the quick response - much appreciated!!

Reinstalled the plugin two or three times already, but no luck. The plugin apparently installs and activates properly, because when I check it through the admin panel - it is there and active.

I have also tried running the wp command from the document root, instead of specifying path with --path, link was generated, but again sending me to 404 when I visit it.

Any suggestions what else I can try to solve this :(

[aaemnnosttv]

Hmm, strange. It seems that the request is failing to meet the criteria which identifies it as a magic login request to be attempted. If it were failing authentication, you would see a different response.

Do you have any other plugins installed? Are you using HTTPS at all? Any additions to the wp-config? Any caching on the site? Anything being added to the query string? Nothing changes about the url from what is generated to what you see in the browser location?

[nickolanaous]

This happens on a pretty vanilla everything -- just spawned a brand new LAMP Linode, installed a vanilla WordPress using wp-cli, installed your package, then installed and activated the companion plugin as described in your previous response. I tried to generate a link and it again leads to 404.

I am currently not using HTTPS, no additions to the wp-config, no caching - totally vanilla WordPress installation, on a vanilla Linode. The URL in the browser does not change - I go to the generated URL and stay there, staring at a 404 screen - no redirects occurred underway.

[aaemnnosttv]

I wouldn't normally do this, but would you mind if I login and take a look on the server?

My public key is

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDr77M8mZPpELsnZ5XL2DcQcAlJ6JrOym3dK37vnhTO+XjCKRF0BnqEFUrhJ0J2njXNFS7oxl6ftY003nE73qN+kYih1qORpFeLyw55x8A9E+A4rn3wv1yRWVG0hJd+ydYS6kcT/yOyQWf8PRyddSLTb6v1um9wGo1SxBSiELigH/TK+J2fgu9mXG2piJam7V3xBjzwHH5OLpCwlhhUM4hmRmd5ckM0M+c66du43WCO9+pptxTLYbAWrVwFG0laU6r1MstOYt7bprSP5NiUqVO7W8TyQi74DEkxUwg7F9VCJMw15XLeownbJ/9qOabnOJvRpEoSFc/Jhn88E6k/9ZHb

[nickolanaous]

Sure, please login as [removed]@[removed] -p22 - it will log you in directly at the docroot of a vanilla WP instance I have set for you; admin user: [removed] ; pass: [removed]

[aaemnnosttv]

It is prompting me for password when connecting via ssh. I tried a few times and now I think I got blocked by fail2ban xD. It shouldn't be prompting for pass, correct?

[nickolanaous]

My mistake - sorry about that. I have stopped fail2ban and flushed the firewall. Your SSH key should be properly applied now.

Please, try to login.

[aaemnnosttv]

I'm in now, thanks. Something seems a bit strange with the server config I think, as the post for hello-world is coming up as an Apache 404 page.

I had to add the rules to the .htaccess file manually because it wasn't writable by the server, but it's still coming up the same.

[nickolanaous]

Duh.. that's strange - I have now uninstalled, reinstalled and reloaded the Apache2 rewrite module. The hello world post does not return 404 now, alas the magic link does :(

[aaemnnosttv]

Good news, I found the problem!

The server plugin assumes that the site is not a sub-directory site. i.e. - it works fine for sites using example.com, but example.com/xyz/ does not.

I'll push out an update to fix this soon and follow up here once it's available.

[nickolanaous]

That is one of the cases I have also been exploring, just before I submitted the issue here. It seems, however, that by that time, I was under the mod_rewrite come-and-go effect. Had the rewrite plugin worked there, I would have came reporting "it only works for sites in the root and not in a subfolder'.

Anyway, I am glad that you have found the root cause and I can't wait for the update :)

Thanks for your commitment and assistance!

Nickola

[nickolanaous]

Hello,

I have first updated the package like that:

:~# wp package update
Using Composer to update packages...
---
Loading composer repositories with package information
Updating dependencies
Resolving dependencies through SAT
Dependency resolution completed in 0.092 seconds
Analyzed 3315 packages to resolve dependencies
Analyzed 79035 rules to resolve dependencies
Writing lock file
Generating autoload files
---
Success: Packages updated.

Result -> No luck, still 404

I then decided to uninstall and then install the package again:

:~# wp package uninstall aaemnnosttv/wp-cli-login-command
Removing require statement from /root/.wp-cli/packages/composer.json
Removing package directories and regenerating autoloader...
Success: Uninstalled package.

root@nn:~# wp package install aaemnnosttv/wp-cli-login-command --allow-root
Installing package aaemnnosttv/wp-cli-login-command (dev-master)
Updating /root/.wp-cli/packages/composer.json to require the package...
Using Composer to install the package...
---
Loading composer repositories with package information
Updating dependencies
Resolving dependencies through SAT
Dependency resolution completed in 0.161 seconds
Analyzed 3311 packages to resolve dependencies
Analyzed 79003 rules to resolve dependencies
 - Installing paragonie/random_compat (v2.0.4)
 - Warning: aaemnnosttv/wp-cli-login-command dev-master requires paragonie/random_compat ^2.0 -> satisfiable by paragonie/random_compat[v2.0.0, v2.0.1, v2.0.2, v2.0.3, v2.0.4].
 - Installing composer/semver (dev-master 0bdf393)
 - Installing aaemnnosttv/wp-cli-login-command (dev-master d10b30c)
Writing lock file
Generating autoload files
---
Success: Package installed.

Result -> No luck, still 404.

Sorry for being a pest, but I really cannot get this work. I remain at your disposal for further providing access and help in testing/troubleshooting.

Nickola

[aaemnnosttv]

After updating the package, you will need to update the server plugin. The command should prompt you to do this when creating a new login link also if the server plugin is out of date.

After updating the server plugin, it should definitely work.