maelgangloff / domain-watchdog

An app that uses RDAP to collect publicly available info about domains, track their history, and purchase them
https://demo.domainwatchdog.eu
GNU Affero General Public License v3.0
188 stars 11 forks source link

Can't validate account via link sent in email #49

Open anarion80 opened 2 months ago

anarion80 commented 2 months ago

After initial hurdles with docker install I finally get to see the interface. Browser console is throwing a lot permission errors as stated in some other issues.

I configured email system

smtp://192.168.2.9:25?auto_tls=false&local_domain=domain.xxx

and registration email is sent and received correctly:

Worker:

14:15:43 DEBUG     [mailer] Email transport "Symfony\Component\Mailer\Transport\Smtp\SmtpTransport" starting
14:15:43 DEBUG     [mailer] Email transport "Symfony\Component\Mailer\Transport\Smtp\SmtpTransport" started
14:15:43 INFO      [messenger] Message Symfony\Component\Mailer\Messenger\SendEmailMessage handled by Symfony\Component\Mailer\Messenger\MessageHandler::__invoke
[
  "class" => "Symfony\Component\Mailer\Messenger\SendEmailMessage",
  "handler" => "Symfony\Component\Mailer\Messenger\MessageHandler::__invoke"
]
14:15:43 INFO      [messenger] Symfony\Component\Mailer\Messenger\SendEmailMessage was handled successfully (acknowledging to transport).
[
  "class" => "Symfony\Component\Mailer\Messenger\SendEmailMessage",
  "message_id" => 3
]

Server:

200 Matched route "user_register". | context={"route":"user_register","route_parameters":{"_route":"user_register","_api_resource_class":"App\\Entity\\User","_api_operation_name":"register","_controller":"App\\Controller\\RegistrationController::register"},"request_uri":"http://192.168.2.100:8173/api/register","method":"POST"} level_name=INFO channel=request datetime=2024-08-27T14:15:41.443453+00:00 extra={}
100 Checking for authenticator support. | context={"firewall_name":"api","authenticators":1} level_name=DEBUG channel=security datetime=2024-08-27T14:15:41.445643+00:00 extra={}
100 Checking support on authenticator. | context={"firewall_name":"api","authenticator":"Lexik\\Bundle\\JWTAuthenticationBundle\\Security\\Authenticator\\JWTAuthenticator"} level_name=DEBUG channel=security datetime=2024-08-27T14:15:41.445653+00:00 extra={}
100 Authenticator does not support the request. | context={"firewall_name":"api","authenticator":"Lexik\\Bundle\\JWTAuthenticationBundle\\Security\\Authenticator\\JWTAuthenticator"} level_name=DEBUG channel=security datetime=2024-08-27T14:15:41.445695+00:00 extra={}
100 Successfully acquired the "user_register-192.168.2.10" lock. | context={"resource":"user_register-192.168.2.10"} level_name=DEBUG channel=lock datetime=2024-08-27T14:15:41.494909+00:00 extra={}
100 Expiration defined for "user_register-192.168.2.10" lock for "300" seconds. | context={"resource":"user_register-192.168.2.10","ttl":300} level_name=DEBUG channel=lock datetime=2024-08-27T14:15:41.494923+00:00 extra={}
100 Successfully released the "user_register-192.168.2.10" lock. | context={"resource":"user_register-192.168.2.10"} level_name=DEBUG channel=lock datetime=2024-08-27T14:15:41.495957+00:00 extra={}
200 Sending message Symfony\Component\Mailer\Messenger\SendEmailMessage with async sender using Symfony\Component\Messenger\Bridge\Doctrine\Transport\DoctrineTransport | context={"class":"Symfony\\Component\\Mailer\\Messenger\\SendEmailMessage","alias":"async","sender":"Symfony\\Component\\Messenger\\Bridge\\Doctrine\\Transport\\DoctrineTransport"} level_name=INFO channel=messenger datetime=2024-08-27T14:15:42.161634+00:00 extra={}
250 The validation link for user xxx@xxx.xx is http://192.168.2.100:8173/verify/email?expires=1724771742&signature=6gOZBSjaE%2FeHueoMNUZ8eady7IwyuC5TpFWPYPb6fi4%3D&token=qskX2GrUANPlh1DaXmp0%2BvwwxRfkbUlp2g%2BjLQYOsEo%3D | context={"username":"xxx@xxx.xx","signedUrl":"http://192.168.2.100:8173/verify/email?expires=1724771742&signature=6gOZBSjaE%2FeHueoMNUZ8eady7IwyuC5TpFWPYPb6fi4%3D&token=qskX2GrUANPlh1DaXmp0%2BvwwxRfkbUlp2g%2BjLQYOsEo%3D"} level_name=NOTICE channel=app datetime=2024-08-27T14:15:42.439501+00:00 extra={}
200 A new user has registered (xxx@xxx.xx). | context={"username":"xxx@xxx.xx"} level_name=INFO channel=app datetime=2024-08-27T14:15:42.556521+00:00 extra={}

But when I click on the link - nothing really happens, and after trying to log in I get the following:

200 Matched route "api_login". | context={"route":"api_login","route_parameters":{"_route":"api_login"},"request_uri":"http://192.168.2.100:8173/api/login","method":"POST"} level_name=INFO channel=request datetime=2024-08-27T14:17:03.433578+00:00 extra={}
100 Checking for authenticator support. | context={"firewall_name":"api_login","authenticators":1} level_name=DEBUG channel=security datetime=2024-08-27T14:17:03.433875+00:00 extra={}
100 Checking support on authenticator. | context={"firewall_name":"api_login","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\JsonLoginAuthenticator"} level_name=DEBUG channel=security datetime=2024-08-27T14:17:03.433884+00:00 extra={}
100 Successfully acquired the "ip_login-V.TlPk.L" lock. | context={"resource":"ip_login-V.TlPk.L"} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.436929+00:00 extra={}
100 Expiration defined for "ip_login-V.TlPk.L" lock for "300" seconds. | context={"resource":"ip_login-V.TlPk.L","ttl":300} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.436942+00:00 extra={}
100 Successfully released the "ip_login-V.TlPk.L" lock. | context={"resource":"ip_login-V.TlPk.L"} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.437714+00:00 extra={}
100 Successfully acquired the "username_ip_login-g7iLwg7S" lock. | context={"resource":"username_ip_login-g7iLwg7S"} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.437884+00:00 extra={}
100 Expiration defined for "username_ip_login-g7iLwg7S" lock for "300" seconds. | context={"resource":"username_ip_login-g7iLwg7S","ttl":300} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.437893+00:00 extra={}
100 Successfully released the "username_ip_login-g7iLwg7S" lock. | context={"resource":"username_ip_login-g7iLwg7S"} level_name=DEBUG channel=lock datetime=2024-08-27T14:17:03.437985+00:00 extra={}
200 Authenticator successful! | context={"token":"UsernamePasswordToken(user=\"xxx@xxx.xx\", roles=\"ROLE_USER\")","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\JsonLoginAuthenticator"} level_name=INFO channel=security datetime=2024-08-27T14:17:04.106886+00:00 extra={}
400 Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "You have not yet validated your email address." at JWTAuthenticator.php line 37 | context={"exception":{"class":"Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException","message":"You have not yet validated your email address.","code":0,"file":"/app/src/Security/JWTAuthenticator.php:37"}} level_name=ERROR channel=request datetime=2024-08-27T14:17:04.107112+00:00 extra={}

In the browser all I get is this:

image

maelgangloff commented 2 months ago

Hello @anarion80 , I just tested the email verification and it worked.

Here is a clue to resolve your problem: If you have tried installing Domain Watchdog several times, a BEARER cookie may have been installed on your browser. The keys to create this token may have been modified since this installation.

Can you try to delete this cookie and try again?

Alternatively, I think visiting http://192.168.2.100:8173/logout would be enough to delete this cookie.

I have personally already encountered this problem and I will see to implement the deletion of this cookie if the token is invalid.

Does this solve the problem?

anarion80 commented 2 months ago

No, unfortunately this doesn't work. There are no cookies as far as I can see: image

I cleared all data anyway. I also logged out via logout link and no change :(

Perhaps those ERR_BAD_REQUEST errors have something to do with the situation? image

anarion80 commented 2 months ago

I also moved to a proper public domain instead of internal IPs, but the result is exactly the same :(

maelgangloff commented 2 months ago

I can't reproduce the error but I suspect a secure cookie issue.

The BEARER cookie has the Secure attribute. This means that your browser will refuse this cookie if the connection is not secure.

Can you test on localhost or over a secure connection?

I hesitate to add an environment variable to bypass this protection.

anarion80 commented 2 months ago

I have set everything now under https://my.domain, so everything goes via secure connection. Then there is traefik reverse proxy that proxies to the server in docker. Still this doesn't change a thing. There is no mention of ANY cookie, bearer, secure cookie when looking at the browser network and application tabs.

vinceh121 commented 2 months ago

After initial hurdles with docker install

If you've modified your compose.yml, you should share it as the cause to your issue might lie within it.

There is no mention of ANY cookie, bearer, secure cookie when looking at the browser network and application tabs.

Do note that the cookie is only set by the login endpoint.

anarion80 commented 2 months ago

I'm actually using Ansible to set all the containers, but this is very similar to docker-compose: https://github.com/anarion80/ansible-nas/blob/add_domain_watchdog/roles/domain_watchdog/tasks/main.yml

Env vars: https://github.com/anarion80/ansible-nas/blob/add_domain_watchdog/roles/domain_watchdog/defaults/main.yml

Other than validation of this email address, everything else seems to work fine after manually updating the DB for the user activation.

maelgangloff commented 1 month ago

Hey @anarion80, I still can't reproduce this issue. Does this issue happen to others too? If not, I'll close this issue.

I haven't looked into your Ansible configuration but it might be coming from your environment, maybe you can try if it works without Ansible.