Closed DavidAnderson684 closed 1 year ago
We'll double check "Remember me" function.
Try to change line 73 in /vendor/laravel/framework/src/Illuminate/Session/DatabaseSessionHandler.php:
public function open($savePath, $sessionName): bool
"Remember me" function works fine on our end. Log in with "Remember me" checkbox enabled, close and re-open your browser and you will be logged in. Or remove laravel_session
cookie and you still will be logged in.
"Remember me" feature is not connected to sessions. It works via special remember_web_...
cookie. Ask your support agents to check if they have remember_web_...
cookie in their browsers set when they log in with "Remember me" checkbox enabled.
Also ask your support agents to play with https://demo.freescout.net
How long should they remain logged in for if they have checked "Remember me"?
It depends on the browser - some set this cookie for 1 year, some for 5 years.
Concerning whether a cookie is set, a user reports the following after being logged out again: "On login, it returns 403 status code when 2FA page is displayed. On entering TFA code, it turns 500 status code which results in the error page. On fresh it returns 302 status code which displays home page (login => home page). Cookies when login (and displaying error page) are laravel_session and XSRF_TOKEN - there is no rememberweb* cookie; same after hitting F5`.
Error 500 should be logged somewhere - in PHP or web server logs. Does it happen with 2FA disabled?
Updating the signature of open()
results in a corresponding error for the method close()
. So, at least it stops the fatal error for open()
. Assuming that the problem with the "remembeer me" cookie and error page isn't related to using the file
driver, I haven't explored that further.
This looks relevant:
[2023-07-18 12:56:58] production.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 15) {"userId":15,"email":"test@example.com","exception":"[object] (Illuminate\\Database\\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 15) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 42S22):
Our users
table looks like this:
+---------------------+---------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------------+---------------------+------+-----+---------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| first_name | varchar(20) | NO | | NULL | |
| last_name | varchar(30) | NO | | NULL | |
| email | varchar(100) | NO | UNI | NULL | |
| password | varchar(255) | NO | | NULL | |
| role | tinyint(3) unsigned | NO | MUL | 1 | |
| timezone | varchar(255) | NO | | UTC | |
| photo_url | varchar(255) | YES | | NULL | |
| type | tinyint(3) unsigned | NO | | 1 | |
| status | tinyint(3) unsigned | NO | MUL | 1 | |
| invite_state | tinyint(3) unsigned | NO | | 3 | |
| invite_hash | varchar(100) | YES | | NULL | |
| emails | text | YES | | NULL | |
| job_title | varchar(100) | YES | | NULL | |
| phone | varchar(60) | YES | | NULL | |
| time_format | tinyint(3) unsigned | NO | | 2 | |
| enable_kb_shortcuts | tinyint(1) | NO | | 1 | |
| locked | tinyint(1) | NO | | 0 | |
| remember_token | varchar(100) | YES | | NULL | |
| locale | varchar(191) | YES | | NULL | |
| created_at | timestamp | YES | | NULL | |
| updated_at | timestamp | YES | | NULL | |
| permissions | text | YES | | NULL | |
+---------------------+---------------------+------+-----+---------+----------------+
No sign of any PHP error in the Apache or Laravel log at the time the problem is encountered (and they do log PHP fatal errors, such as the one above).
It looks like FreeScout can't save remember_token
to DB due to this error. If there is more text with this error message - send it.
It means this won't work for your users either:
Log in with "Remember me" checkbox enabled, close and re-open your browser and you will be logged in. Or remove laravel_session cookie and you still will be logged in.
There's only the stack trace:
[2023-07-18 08:51:14] production.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 12) {"userId":12,"email":"vraj@example.com","exception":"[object] (Illuminate\\Database\\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' (SQL: update `users` set `remember_token` = (snip), `twoFactorAuth` = (snip) where `id` = 12) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18, PDOException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'twoFactorAuth' in 'field list' at overrides/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:82)
[stacktrace]
#0 vendor/laravel/framework/src/Illuminate/Database/Connection.php(624): Illuminate\\Database\\Connection->runQueryCallback()
#1 vendor/laravel/framework/src/Illuminate/Database/Connection.php(490): Illuminate\\Database\\Connection->run()
#2 vendor/laravel/framework/src/Illuminate/Database/Connection.php(423): Illuminate\\Database\\Connection->affectingStatement()
#3 vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2173): Illuminate\\Database\\Connection->update()
#4 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(782): Illuminate\\Database\\Query\\Builder->update()
#5 overrides/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(628): Illuminate\\Database\\Eloquent\\Builder->update()
#6 overrides/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(543): Illuminate\\Database\\Eloquent\\Model->performUpdate()
#7 vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php(91): Illuminate\\Database\\Eloquent\\Model->save()
#8 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(555): Illuminate\\Auth\\EloquentUserProvider->updateRememberToken()
#9 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(472): Illuminate\\Auth\\SessionGuard->cycleRememberToken()
#10 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(437): Illuminate\\Auth\\SessionGuard->ensureRememberTokenIsSet()
#11 overrides/laravel/framework/src/Illuminate/Auth/SessionGuard.php(358): Illuminate\\Auth\\SessionGuard->login()
#12 vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(77): Illuminate\\Auth\\SessionGuard->attempt()
#13 vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(42): App\\Http\\Controllers\\Auth\\LoginController->attemptLogin()
#14 [internal function]: App\\Http\\Controllers\\Auth\\LoginController->login()
#15 overrides/laravel/framework/src/Illuminate/Routing/Controller.php(54): call_user_func_array()
#16 vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#17 vendor/laravel/framework/src/Illuminate/Routing/Route.php(212): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#18 vendor/laravel/framework/src/Illuminate/Routing/Route.php(169): Illuminate\\Routing\\Route->runController()
#19 overrides/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\\Routing\\Route->run()
#20 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#21 app/Http/Middleware/RedirectIfAuthenticated.php(25): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#22 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\RedirectIfAuthenticated->handle()
#23 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#24 app/Http/Middleware/CustomHandle.php(22): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#25 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\CustomHandle->handle()
#26 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#27 app/Http/Middleware/LogoutIfDeleted.php(28): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#28 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\LogoutIfDeleted->handle()
#29 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 app/Http/Middleware/Localize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#31 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\Localize->handle()
#32 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#33 app/Http/Middleware/HttpsRedirect.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#34 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\HttpsRedirect->handle()
#35 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#37 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#38 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(67): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#41 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#42 vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#43 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#44 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 app/Http/Middleware/TokenAuth.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#46 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\TokenAuth->handle()
#47 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#48 vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#49 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Session\\Middleware\\StartSession->handle()
#50 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#51 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#52 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#53 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#54 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#55 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#56 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#57 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#58 overrides/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\\Pipeline\\Pipeline->then()
#59 overrides/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\\Routing\\Router->runRouteWithinStack()
#60 overrides/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\\Routing\\Router->runRoute()
#61 overrides/laravel/framework/src/Illuminate/Routing/Router.php(590): Illuminate\\Routing\\Router->dispatchToRoute()
#62 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Routing\\Router->dispatch()
#63 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#64 app/Http/Middleware/TerminateHandler.php(12): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#65 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\TerminateHandler->handle()
#66 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#67 app/Http/Middleware/ResponseHeaders.php(11): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#68 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\\Http\\Middleware\\ResponseHeaders->handle()
#69 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#70 vendor/fideloper/proxy/src/TrustProxies.php(56): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#71 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\\Proxy\\TrustProxies->handle()
#72 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#73 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#74 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#75 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#76 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#77 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#78 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#79 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#80 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#81 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#82 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#83 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle()
#84 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#85 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}()
#86 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then()
#87 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#88 public/index.php(83): Illuminate\\Foundation\\Http\\Kernel->handle()
#89 {main}
"}
I've had a look to try to find what the schema for this table should be, but that's defeated me, I don't see it anywhere.
If you can provide admin and ssh access to your FreeScout instance in order to check it - please email at support@freescout.net
I'd rather not do that except as a last resort (for one thing, under the data protection regulations we're subject to in our jurisdiction, we'd have to get you to sign a data processing agreement since it contains live customer data).
Are you able to tell me what the schema of the user
table should be, so that I can compare it with what I gave above? Or is that a correct schema and the problem is something else?
I may be able to clone the install and purge it of all customer data, if it comes to that.
Your schema is fine. There should be no twoFactorAuth
field there. You'll need to figure out why 2FA module is trying to save some data into twoFactorAuth
field at the same time when remember_token
is being saved for the user.
I can insert some testing code / logging code anywhere if that helps?
Add the following code to line 90 in /vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php:
\Log::error("user twoFactorAuth: ".json_encode($user->twoFactorAuth ?? ''));
Try to log in with "Remember me" checkbox checked and send us the user twoFactorAuth...
line from "laravel-yyyy-mm-dd.log" Manage > Logs > App Logs.
If there will be nothing in the log check what you have in remember_token
field in the users
table for the user and content of the remember_web_...
cookie.
Fixed in Two-Factor Authentication Module v1.0.11
Thank you - we've installed this and are monitoring it.
No problems seen thus far.
PHP version: 8.1.21 FreeScout version: 1.8.85
Our users who have the role "User" (but not our users who have the role "Administrator") report that Freescout forces them to login every 24 hours, and when they login they see an error screen with the message "Whoops, looks like something went wrong — check logs in /storage/logs". When they hit F5 to re-send the login request, everything is then fine (until they have to login again 24 hours later).
Nothing is logged in /storage/logs. (We have asked the users who encounter this to tell us the precise times it occurs, and investigated multiple times).
I found this - https://github.com/freescout-helpdesk/freescout/issues/1826 - and visited the link suggested (https://laravel.com/docs/5.5/session#driver-prerequisites). There is nothing documented there for the
file
driver, which we are using. Instorage/framework/sessions/
, we have 202 files (so it seems Freescout has no problems writing to that folder), all of them dated today. None are more than 120 minutes old, which led me to thelifetime
setting inconfig/session.php
, which is indeed set to 120 minutes.Whilst investigating this, I changed
config/session.php
to instead use adatabase
session driver, ran the migration for creating the database table, and cleared and re-created the configuration cache. This resulted in a white screen for all attempts to visit the app, and this PHP fatal error being logged in the Laravel log:So, I think I have four inter-related issues/questions:
1) The "120 minute" setting in
config/session.php
explains why our users' sessions last about 24 hours: it's the same time each day when they begin work and their session expired 2 hours after they stopped work the previous day. However.... what does the "Remember Me" checkbox on the login form actually do? Is it failing to work for us for some reason?2) Why are only "Users" and not "Administrtators" experiencing this? The Administrators are not required to log in again every 24 hours.
3) When logging in, those with the "User" role see the message "Whoops, looks like something went wrong — check logs in /storage/logs" on their first (but not second) attempt, but nothing is logged there.
4) When attempting to use the
database
driver, the above PHP fatal error is encountered.Thank you!