search

leonardomarino / duo_auth

Roundcube webmail plugin that enables Duo Security Two Factor Authentication
3 stars 4 forks source link

No plugin class duo_auth #7

Closed k1rb closed 10 months ago

k1rb commented 1 year ago

Running roundcube from roundcube/roundcubemail (1.6.2-apache).

When I follow the plugin install/configuration instructions in README.md the files seem to be created and everything but duo doesn't work on login and an error is generated in logs.

errors: PHP Error: No plugin class duo_auth found in /var/www/html/plugins/duo_auth/duo_auth.php in /var/www/html/program/lib/Roundcube/rcube_plugin_api.php on line 210 (POST /?_task=login&_action=login)
errors: PHP Error: No plugin class duo_auth found in /var/www/html/plugins/duo_auth/duo_auth.php in /var/www/html/program/lib/Roundcube/rcube_plugin_api.php on line 210 (GET /?_task=mail&_token=2O35Yu8z3BKrwmceZwaF3LIu04CFH3w1)
errors: PHP Error: No plugin class duo_auth found in /var/www/html/plugins/duo_auth/duo_auth.php in /var/www/html/program/lib/Roundcube/rcube_plugin_api.php on line 210 (GET /?_task=mail&_action=list&_refresh=1&_layout=widescreen&_mbox=INBOX&_page=&_remote=1&_unlock=loading1690834864345&_=1690834864297)
errors: PHP Error: No plugin class duo_auth found in /var/www/html/plugins/duo_auth/duo_auth.php in /var/www/html/program/lib/Roundcube/rcube_plugin_api.php on line 210 (GET /?_task=mail&_action=getunread&_page=1&_remote=1&_unlock=0&_=1690834864298)

If you want to spin up a container like this for testing, see run command below. This image doesn't have directory /var/lib/php so for sessions I've set session.save_path to /var/www/html/session created directory and set owner to www-data:www-data. I do plan on moving this later but his works for now.

# roundcube-override.ini (php.ini)
upload_max_filesize=32M
post_max_size=32M
upload_max_filesize=32M
post_max_size=32M
upload_max_filesize=32M
post_max_size=32M
session.save_handler = files
session.save_path = "/var/www/html/sessions"
podman run -d \
  --name roundcube \
  -e ROUNDCUBEMAIL_DEFAULT_HOST=tls://"${IMAP_SERVER}" \
  -e ROUNDCUBEMAIL_DEFAULT_PORT=143 \
  -e ROUNDCUBEMAIL_PLUGINS=archive,zipdownload,duo_auth \
  -e ROUNDCUBEMAIL_SMTP_SERVER=tls://"${SMTP_SERVER}" \
  -e ROUNDCUBEMAIL_SMTP_PORT=587 \
  -e ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=32M \
  -e ROUNDCUBEMAIL_DB_TYPE=mysql \
  -e ROUNDCUBEMAIL_DB_HOST="${DB_HOST}" \
  -e ROUNDCUBEMAIL_DB_PORT="${DB_PORT}" \
  -e ROUNDCUBEMAIL_DB_USER="${DB_USER}" \
  -e ROUNDCUBEMAIL_DB_PASSWORD="${DB_PASSWORD}" \
  -e ROUNDCUBEMAIL_DB_NAME="${DB_NAME}" \
  -v /srv/containers/roundcube/data:/var/www/html:Z \
  -v /srv/containers/roundcube/roundcube-override.ini:/usr/local/etc/php/conf.d/roundcube-override.ini:ro,Z \
  -p 80:80 \
  docker.io/roundcube/roundcubemail:1.6.2-apache

I ran the container without the volume mounts first then used podman cp (or docker cp) to copy webroot and roundcube-override.ini to host for later volume mount. Once done, used podman exec -ti roundcube bash to get into the container and run the commands shown in your README.md.

Pavlo-Lyha commented 1 year ago

Hello @k1rb,

You have install RC instance in container environment?

This plugin don't tested on any container environment, plugin writed only for clean install on windows/linux environment. I'am busy on another projects now. I need some time for deploy container environment and test plugin for potential fix.

RastonWarrior commented 1 year ago

@Pavlo-Lyha , you misunderstand: he was providing instructions for a container should you wish to test that way, but that's not the nature of the problem. I'm experiencing the exact same thing, running the very latest versions of Ubuntu and apt-repo nginx on a new, dedicated machine with absolutely nothing else on it. Virgin install, the Duo MFA app is broken out of the box. I suspect Roundcube changed something because it was working perfectly until I did an apt update, then your plugin broke. I nuked and greenfielded the install with the exact same result. Your work has been FABULOUS for many years, but it's now broken with their latest release.

Pavlo-Lyha commented 1 year ago

Hello @RastonWarrior, I am understand issue nature described by @k1rb, but each environment unique. For me, as development, need fully understand environment configuration, because issue may not linked with software code and issue may can be in misconfiguration environment. Maybe it's linked with specific container environment or container environment nature. Maybe? Can possible. I don't know this now, it's require testing. I am only indicate that software code tested only in clean install on windows/linux environment and RC version on that time and not tested on any container environment. For long time, from last my post, I am not receive any additional comments for this issue. Maybe in new version RC some core code changed and it influences on Duo code. I don't know this now, it's require testing. I'm guessing where the problem might be, but without testing it's just a guess. I'am busy on another projects now. I need some time for deploy new RC version in test environment and test plugin for potential fix also as for container environment.

k1rb commented 11 months ago

The image provided by roundcube uses Debian 12, Apache 2.4.57, PHP 8.1.21. I'm sure you could quickly test using a virtual machine with the same packages.

For more information about the packages and or configuration files used:

Frankst2 commented 11 months ago

One question/comment on this: As I also observed this problem, I saw the commit at https://github.com/leonardomarino/duo_auth/commit/a9f3bae169ce26bb67e1ae2c5f009181966596a9 changed the class name from "duo_auth" to "duo_sdk". This probably causes this issue here as Roundcube looks for a class with the same name as the plugin. Is there a reason why this was changed? The commit itself seems to be a about a different thing (rc_path).

leonardomarino commented 11 months ago

One question/comment on this: As I also observed this problem, I saw the commit at a9f3bae changed the class name from "duo_auth" to "duo_sdk". This probably causes this issue here as Roundcube looks for a class with the same name as the plugin. Is there a reason why this was changed? The commit itself seems to be a about a different thing (rc_path).

@Pavlo-Lyha what is your take on this? looks like it should be "duo_auth".

lmiemus commented 11 months ago
  1. From https://github.com/leonardomarino/duo_auth/commit/a9f3bae169ce26bb67e1ae2c5f009181966596a9 commit:
"duo_sdk" changed back to "duo_auth"
"your_session_name" changed back to "roundcube_sessid"
  1. Redirect php file (default your_page_name_redirect.php) also needs:

require "./vendor/firebase/php-jwt/src/JWTExceptionWithPayloadInterface.php";

Included above BeforeValidException which looks for it aimlessly otherwise.

  1. From https://github.com/leonardomarino/duo_auth/commit/1cb510c053893b057a8afe2c42c87a994f54c6aa commit:

It's trying to parse duo.conf, but the actual config file is now named duo_auth.conf - needs to be changed on either end.

These changes fixed the plugin for me on a latest fresh RC install, for what's that worth.

leonardomarino commented 10 months ago

Fixed on master