Session question and PHP fatal error

DavidAnderson684 commented 1 year ago

PHP version: 8.1.21 FreeScout version: 1.8.85

Our users who have the role "User" (but not our users who have the role "Administrator") report that Freescout forces them to login every 24 hours, and when they login they see an error screen with the message "Whoops, looks like something went wrong — check logs in /storage/logs". When they hit F5 to re-send the login request, everything is then fine (until they have to login again 24 hours later).

Nothing is logged in /storage/logs. (We have asked the users who encounter this to tell us the precise times it occurs, and investigated multiple times).

I found this - https://github.com/freescout-helpdesk/freescout/issues/1826 - and visited the link suggested (https://laravel.com/docs/5.5/session#driver-prerequisites). There is nothing documented there for the file driver, which we are using. In storage/framework/sessions/, we have 202 files (so it seems Freescout has no problems writing to that folder), all of them dated today. None are more than 120 minutes old, which led me to the lifetime setting in config/session.php, which is indeed set to 120 minutes.

Whilst investigating this, I changed config/session.php to instead use a database session driver, ran the migration for creating the database table, and cleared and re-created the configuration cache. This resulted in a white screen for all attempts to visit the app, and this PHP fatal error being logged in the Laravel log:

production.ERROR: During inheritance of SessionHandlerInterface: Uncaught ErrorException: Return type of Illuminate\Session\DatabaseSessionHandler::open($savePath, $sessionName) should either be compatible with SessionHandlerInterface::open(string $path, string $name): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in vendor/laravel/framework/src/Illuminate/Session/DatabaseSessionHandler.php:73
Stack trace:
#0 vendor/laravel/framework/src/Illuminate/Session/Dat
abaseSessionHandler.php(14): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError()
#1 vendor/composer/ClassLoader.php(578): include('...'
)
#2 vendor/composer/ClassLoader.php(432): Composer\Auto
load\ClassLoader::Composer\Autoload\{closure}()
#3 vendor/laravel/framework/src/Illuminate/Session/Ses
sionManager.php(77): Composer\Autoload\ClassLoader->loadClass()
#4 vendor/laravel/framework/src/Illuminate/Support/Man
ager.php(88): Illuminate\Session\SessionManager->createDatabaseDriver()
#5 vendor/laravel/framework/src/Illuminate/Support/Man
ager.php(63): Illuminate\Support\Manager->createDriver()
#6 vendor/laravel/framework/src/Illuminate/Session/Mid
dleware/StartSession.php(114): Illuminate\Support\Manager->driver()
#7 vendor/laravel/framework/src/Illuminate/Session/Mid
dleware/StartSession.php(99): Illuminate\Session\Middleware\StartSession->getSession()
#8 vendor/laravel/framework/src/Illuminate/Session/Mid
dleware/StartSession.php(57): Illuminate\Session\Middleware\StartSession->startSession()
#9 vendor/laravel/framework/src/Illuminate/Pipeline/Pi
peline.php(149): Illuminate\Session\Middleware\StartSession->handle()
#10 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#11 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#12 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#13 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#14 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#15 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#16 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#17 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#18 overrides/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\Pipeline\Pipeline->then()
#19 overrides/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\Routing\Router->runRouteWithinStack()
#20 overrides/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\Routing\Router->runRoute()
#21 overrides/laravel/framework/src/Illuminate/Routing
/Router.php(590): Illuminate\Routing\Router->dispatchToRoute()
#22 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Routing\Router->dispatch()
#23 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#24 app/Http/Middleware/TerminateHandler.php(12): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#25 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\TerminateHandler->handle()
#26 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 app/Http/Middleware/ResponseHeaders.php(11): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#28 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\ResponseHeaders->handle()
#29 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#30 vendor/fideloper/proxy/src/TrustProxies.php(56): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#31 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\Proxy\TrustProxies->handle()
#32 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#33 vendor/laravel/framework/src/Illuminate/Foundation
/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#34 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#35 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#36 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#37 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#38 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#39 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#41 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#42 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#43 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle()
#44 vendor/laravel/framework/src/Illuminate/Routing/Pi
peline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#45 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#46 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\Pipeline\Pipeline->then()
#47 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#48 public/index.php(83): Illuminate\Foundation\Http\Kernel->handle()
#49 {main} {"exception":"[object] (Symfony\\Component\\Debug\\Exception\\FatalErrorException(code: 1): During inheritance of SessionHandlerInterface: Uncaught ErrorException: Return type of Illuminate\\Session\\DatabaseSessionHandler::open($savePath, $sessionName) should either be compatible with SessionHandlerInterface::open(string $path, string $name): bool, or the #[\\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in vendor/laravel/framework/src/Illuminate/Session/DatabaseSessionHandler.php:73

So, I think I have four inter-related issues/questions:

1) The "120 minute" setting in config/session.php explains why our users' sessions last about 24 hours: it's the same time each day when they begin work and their session expired 2 hours after they stopped work the previous day. However.... what does the "Remember Me" checkbox on the login form actually do? Is it failing to work for us for some reason?

2) Why are only "Users" and not "Administrtators" experiencing this? The Administrators are not required to log in again every 24 hours.

3) When logging in, those with the "User" role see the message "Whoops, looks like something went wrong — check logs in /storage/logs" on their first (but not second) attempt, but nothing is logged there.

4) When attempting to use the database driver, the above PHP fatal error is encountered.

Thank you!

freescout-helpdesk commented 1 year ago

We'll double check "Remember me" function.

Try to change line 73 in /vendor/laravel/framework/src/Illuminate/Session/DatabaseSessionHandler.php:

public function open($savePath, $sessionName): bool

freescout-helpdesk commented 1 year ago

"Remember me" function works fine on our end. Log in with "Remember me" checkbox enabled, close and re-open your browser and you will be logged in. Or remove laravel_session cookie and you still will be logged in.

"Remember me" feature is not connected to sessions. It works via special remember_web_... cookie. Ask your support agents to check if they have remember_web_... cookie in their browsers set when they log in with "Remember me" checkbox enabled.

Also ask your support agents to play with https://demo.freescout.net

DavidAnderson684 commented 1 year ago

How long should they remain logged in for if they have checked "Remember me"?

freescout-helpdesk commented 1 year ago

It depends on the browser - some set this cookie for 1 year, some for 5 years.

DavidAnderson684 commented 1 year ago

Concerning whether a cookie is set, a user reports the following after being logged out again: "On login, it returns 403 status code when 2FA page is displayed. On entering TFA code, it turns 500 status code which results in the error page. On fresh it returns 302 status code which displays home page (login => home page). Cookies when login (and displaying error page) are laravel_session and XSRF_TOKEN - there is no rememberweb* cookie; same after hitting F5`.

freescout-helpdesk commented 1 year ago

Error 500 should be logged somewhere - in PHP or web server logs. Does it happen with 2FA disabled?

DavidAnderson684 commented 1 year ago

Updating the signature of open() results in a corresponding error for the method close(). So, at least it stops the fatal error for open(). Assuming that the problem with the "remembeer me" cookie and error page isn't related to using the file driver, I haven't explored that further.

DavidAnderson684 commented 1 year ago

This looks relevant:

[2023-07-18 12:56:58] production.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 15) {"userId":15,"email":"test@example.com","exception":"[object] (Illuminate\\Database\\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 15) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 42S22):

Our users table looks like this:

+---------------------+---------------------+------+-----+---------+----------------+
| Field               | Type                | Null | Key | Default | Extra          |
+---------------------+---------------------+------+-----+---------+----------------+
| id                  | int(10) unsigned    | NO   | PRI | NULL    | auto_increment |
| first_name          | varchar(20)         | NO   |     | NULL    |                |
| last_name           | varchar(30)         | NO   |     | NULL    |                |
| email               | varchar(100)        | NO   | UNI | NULL    |                |
| password            | varchar(255)        | NO   |     | NULL    |                |
| role                | tinyint(3) unsigned | NO   | MUL | 1       |                |
| timezone            | varchar(255)        | NO   |     | UTC     |                |
| photo_url           | varchar(255)        | YES  |     | NULL    |                |
| type                | tinyint(3) unsigned | NO   |     | 1       |                |
| status              | tinyint(3) unsigned | NO   | MUL | 1       |                |
| invite_state        | tinyint(3) unsigned | NO   |     | 3       |                |
| invite_hash         | varchar(100)        | YES  |     | NULL    |                |
| emails              | text                | YES  |     | NULL    |                |
| job_title           | varchar(100)        | YES  |     | NULL    |                |
| phone               | varchar(60)         | YES  |     | NULL    |                |
| time_format         | tinyint(3) unsigned | NO   |     | 2       |                |
| enable_kb_shortcuts | tinyint(1)          | NO   |     | 1       |                |
| locked              | tinyint(1)          | NO   |     | 0       |                |
| remember_token      | varchar(100)        | YES  |     | NULL    |                |
| locale              | varchar(191)        | YES  |     | NULL    |                |
| created_at          | timestamp           | YES  |     | NULL    |                |
| updated_at          | timestamp           | YES  |     | NULL    |                |
| permissions         | text                | YES  |     | NULL    |                |
+---------------------+---------------------+------+-----+---------+----------------+

No sign of any PHP error in the Apache or Laravel log at the time the problem is encountered (and they do log PHP fatal errors, such as the one above).

freescout-helpdesk commented 1 year ago

It looks like FreeScout can't save remember_token to DB due to this error. If there is more text with this error message - send it.

It means this won't work for your users either:

Log in with "Remember me" checkbox enabled, close and re-open your browser and you will be logged in. Or remove laravel_session cookie and you still will be logged in.

DavidAnderson684 commented 1 year ago

There's only the stack trace:

[2023-07-18 08:51:14] production.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 12) {"userId":12,"email":"vraj@example.com","exception":"[object] (Illuminate\\Database\\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 12) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18, PDOException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' at overrides/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:82)
[stacktrace]
#0 vendor/laravel/framework/src/Illuminate/Database/Connection.php(624): Illuminate\\Database\\Connection->runQueryCallback()
#1 vendor/laravel/framework/src/Illuminate/Database/Connection.php(490): Illuminate\\Database\\Connection->run()
#2 vendor/laravel/framework/src/Illuminate/Database/Connection.php(423): Illuminate\\Database\\Connection->affectingStatement()
#3 vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2173): Illuminate\\Database\\Connection->update()
#4 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(782): Illuminate\\Database\\Query\\Builder->update()
#5 overrides/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(628): Illuminate\\Database\\Eloquent\\Builder->update()
#6 overrides/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(543): Illuminate\\Database\\Eloquent\\Model->performUpdate()
#7 vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php(91): Illuminate\\Database\\Eloquent\\Model->save()
#8 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(555): Illuminate\\Auth\\EloquentUserProvider->updateRememberToken()
#9 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(472): Illuminate\\Auth\\SessionGuard->cycleRememberToken()
#10 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(437): Illuminate\\Auth\\SessionGuard->ensureRememberTokenIsSet()
#11 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(358): Illuminate\\Auth\\SessionGuard->login()
#12 vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(77): Illuminate\\Auth\\SessionGuard->attempt()
#13 vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(42): App\\Http\\Controllers\\Auth\\LoginController->attemptLogin()
#14 [internal function]: App\\Http\\Controllers\\Auth\\LoginController->login()
#15 overrides/laravel/framework/src/Illuminate/Routing/Controller.php(54): call_user_func_array()
#16 vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#17 vendor/laravel/framework/src/Illuminate/Routing/Route.php(212): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#18 vendor/laravel/framework/src/Illuminate/Routing/Route.php(169): Illuminate\\Routing\\Route->runController()
#19 overrides/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\\Routing\\Route->run()
#20 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#21 app/Http/Middleware/RedirectIfAuthenticated.php(25): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#22 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\RedirectIfAuthenticated->handle()
#23 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#24 app/Http/Middleware/CustomHandle.php(22): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#25 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\CustomHandle->handle()
#26 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#27 app/Http/Middleware/LogoutIfDeleted.php(28): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#28 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\LogoutIfDeleted->handle()
#29 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 app/Http/Middleware/Localize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#31 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\Localize->handle()
#32 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#33 app/Http/Middleware/HttpsRedirect.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#34 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\HttpsRedirect->handle()
#35 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#37 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#38 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(67): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#41 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#42 vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#43 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#44 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 app/Http/Middleware/TokenAuth.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#46 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\TokenAuth->handle()
#47 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#48 vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#49 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Session\\Middleware\\StartSession->handle()
#50 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#51 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#52 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#53 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#54 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#55 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#56 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#57 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#58 overrides/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\\Pipeline\\Pipeline->then()
#59 overrides/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\\Routing\\Router->runRouteWithinStack()
#60 overrides/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\\Routing\\Router->runRoute()
#61 overrides/laravel/framework/src/Illuminate/Routing/Router.php(590): Illuminate\\Routing\\Router->dispatchToRoute()
#62 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Routing\\Router->dispatch()
#63 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#64 app/Http/Middleware/TerminateHandler.php(12): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#65 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\TerminateHandler->handle()
#66 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#67 app/Http/Middleware/ResponseHeaders.php(11): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#68 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\ResponseHeaders->handle()
#69 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#70 vendor/fideloper/proxy/src/TrustProxies.php(56): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#71 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\\Proxy\\TrustProxies->handle()
#72 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#73 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#74 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#75 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#76 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#77 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#78 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#79 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#80 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#81 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#82 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#83 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle()
#84 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#85 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#86 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then()
#87 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#88 public/index.php(83): Illuminate\\Foundation\\Http\\Kernel->handle()
#89 {main}
"}

I've had a look to try to find what the schema for this table should be, but that's defeated me, I don't see it anywhere.

freescout-helpdesk commented 1 year ago

If you can provide admin and ssh access to your FreeScout instance in order to check it - please email at support@freescout.net

DavidAnderson684 commented 1 year ago

I'd rather not do that except as a last resort (for one thing, under the data protection regulations we're subject to in our jurisdiction, we'd have to get you to sign a data processing agreement since it contains live customer data).

Are you able to tell me what the schema of the user table should be, so that I can compare it with what I gave above? Or is that a correct schema and the problem is something else?

I may be able to clone the install and purge it of all customer data, if it comes to that.

freescout-helpdesk commented 1 year ago

Your schema is fine. There should be no twoFactorAuth field there. You'll need to figure out why 2FA module is trying to save some data into twoFactorAuth field at the same time when remember_token is being saved for the user.

DavidAnderson684 commented 1 year ago

I can insert some testing code / logging code anywhere if that helps?

freescout-helpdesk commented 1 year ago

Add the following code to line 90 in /vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php:

\Log::error("user twoFactorAuth: ".json_encode($user->twoFactorAuth ?? ''));

Try to log in with "Remember me" checkbox checked and send us the user twoFactorAuth... line from "laravel-yyyy-mm-dd.log" Manage > Logs > App Logs.

If there will be nothing in the log check what you have in remember_token field in the users table for the user and content of the remember_web_... cookie.

freescout-helpdesk commented 1 year ago

Fixed in Two-Factor Authentication Module v1.0.11

DavidAnderson684 commented 1 year ago

Thank you - we've installed this and are monitoring it.

DavidAnderson684 commented 1 year ago

No problems seen thus far.

freescout-help-desk / freescout

Session question and PHP fatal error #3188