search

bbalet / jorani

Leave and Overtime Management System
http://jorani.org/
GNU Affero General Public License v3.0
384 stars 272 forks source link

Login button does nothing #378

Closed xlat closed 1 year ago

xlat commented 1 year ago

First of all, thanks for the great product.

What is the version of Jorani?

I am using Jorani (git master ref 150a28d) on windows 10 x64, PHP 8.1.13 over IIS via FastCgi. For testing the application I've bound to a non-secure http binding. Everything is fine using localhost or 127.0.0.1 in the URL. In order to share the test server with colleagues, I provide an URL with intranet IP+port such as http://192.168.x.y:zzzz/

Actual behavior

When entering the credential on the login page, submitting the form did nothing, I mean there is no feedback on the submission action.

After digging on the javascript console and debugger we found that CryptoTools (windows.crypto) was not initialized ("subtle" undefined), it may be a normal security on the Crypto API while using an unsecured connexion (localhost and 127.0.0.1 are allowed).

Expected behavior

The form submission should trap the error and give feedback to the end user. May the installation guide could mention using a secured binding (https) with non-local URL. Note: PHP 8.2 does not work, it may be mentioned in the installation guide to use PHP < 8.2

Steps to reproduce the behavior

Bind the server on an unsecured URL http:// using a hostname different from 127.0.01/localhost and try to log in. Note that you can reproduce on the server by using its hostname or IP (!= 127.0.0.1).

sibelle-labs commented 1 year ago

Hi, maybe some more infos ... Output from Firefox, after new fresh installation with docker-compose ...

Output from Firefox:

Uncaught (in promise) TypeError: r.subtle is undefined jorani http://docker1.:8008/assets/dist/legacy.js:2 importPublicKey http://docker1.:8008/assets/dist/legacy.js:2 jorani http://docker1.:8008/assets/dist/legacy.js:2 encrypt http://docker1.:8008/assets/dist/legacy.js:2 submit_form http://docker1.:8008/session/login:149

http://docker1.:8008/session/login:215 dispatch http://docker1.:8008/assets/dist/legacy.js:2 handle http://docker1.:8008/assets/dist/legacy.js:2 add http://docker1.:8008/assets/dist/legacy.js:2 jorani http://docker1.:8008/assets/dist/legacy.js:2 each http://docker1.:8008/assets/dist/legacy.js:2 each http://docker1.:8008/assets/dist/legacy.js:2 he http://docker1.:8008/assets/dist/legacy.js:2 on http://docker1.:8008/assets/dist/legacy.js:2 t http://docker1.:8008/assets/dist/legacy.js:2 http://docker1.:8008/session/login:214 l http://docker1.:8008/assets/dist/legacy.js:2 fireWith http://docker1.:8008/assets/dist/legacy.js:2 ready http://docker1.:8008/assets/dist/legacy.js:2 P http://docker1.:8008/assets/dist/legacy.js:2 promise http://docker1.:8008/assets/dist/legacy.js:2 i http://docker1.:8008/assets/dist/legacy.js:2 987 http://docker1.:8008/assets/dist/legacy.js:2 n http://docker1.:8008/assets/dist/legacy.js:2 698 http://docker1.:8008/assets/dist/legacy.js:2 n http://docker1.:8008/assets/dist/legacy.js:2 jorani http://docker1.:8008/assets/dist/legacy.js:2 http://docker1.:8008/assets/dist/legacy.js:2 Thanks a lot
qasqyr commented 1 year ago

Faced this problem a week ago. This happens because of mix-content problem, solved by making changes in config.php. image

adryanradw commented 1 year ago

Can you please, tell us what did you changed there?

qasqyr commented 1 year ago

Can you please, tell us what did you changed there?

The problem is because of mix-content as I mentioned before, you can read it to understand the issue. In short, if jorani runs on http dns then base_url should use http protocol, if it is https then base_url should https protocol. image

bbalet commented 1 year ago

Hi,

The code in configuration file tries to automatically detect the base url. It works in 98% of cases. If not, please set the variable base_url as suggested if you work with Docker or with the actual base url.