search

martialblog / docker-limesurvey

A Docker Image for LimeSurvey
https://hub.docker.com/r/martialblog/limesurvey/
MIT License
155 stars 70 forks source link

500 - Wrong Encryption Key #48

Closed michidk closed 3 years ago

michidk commented 3 years ago

Hi,

two weeks ago I set up LimeSurvey twice and both times got the "wrong decryption key" error (listed here: https://manual.limesurvey.org/Data_encryption#Errors), after trying to submit a survey. Today I set it up a third time, and the error occurred again. It seems like after restarting the container once, this error will appear on every survey:

image

I mounted the following folders to our file system (which I hoped would store the encryption key):

         volumeMounts:
            - name: data
              mountPath: /var/www/html/upload
            - name: config
              mountPath: /var/www/html/application/config

I mounted the config folder which contains the security.php (file owned by www-data:www-data and 777) file containing the encryption key, but it seems like it's not used? I also got into the container with interactive mode and made sure that the file is mounted correctly. And yeah, the file was mounted and is located in /var/www/html/application/config/security.php

Using the latest image martialblog/limesurvey:4-apache with a Postgres database.

Are we sure that Sodium is installed, which is needed for LimeSurvey decryption to work? EDIT: Sodium seems to be installed according to PHPInfo: libsodium headers version | 1.0.17 libsodium library version | 1.0.17

Is there anything we can do?

Thanks!

EDIT 2: Just tried to pass the encryption key that was in the security.php as environment variables to the image, but this did not work, too.

Log (of starting up and submitting a survey; debug level 2):

database.limesurvey.svc.cluster.local [10.105.96.87] 5432 (?) open
Info: config.php already provisioned
Info: security.php already provisioned
Info: Check if database already provisioned. Nevermind the Stack trace.
no need update : DB is uptodate
Info: Database already provisioned
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.0.118. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.0.118. Set the 'ServerName' directive globally to suppress this message
[Fri Jan 15 14:55:10.631644 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.13 configured -- resuming normal operations
[Fri Jan 15 14:55:10.631733 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.244.0.1 - - [15/Jan/2021:14:56:06 +0000] "GET /index.php/793886 HTTP/1.1" 200 5917 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/799d10c0/css/variations/free_magenta.css HTTP/1.1" 200 7406 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/24496cee/logo.png HTTP/1.1" 200 38572 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/b1d0522f/jquery-migrate-3.3.0.min.js HTTP/1.1" 200 4356 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/b1d0522f/jquery-3.5.1.min.js HTTP/1.1" 200 31243 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/6fb7c77a/survey.js HTTP/1.1" 200 4987 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/23bbe4b7/moment-with-locales.min.js HTTP/1.1" 200 65921 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/5ae3aa62/template-core.js HTTP/1.1" 200 2290 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/1c05963b/em_javascript.js HTTP/1.1" 200 36159 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/45d01739/pjax.js HTTP/1.1" 200 12980 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/e1487f33/build/lslog.js HTTP/1.1" 200 20147 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/45cafbd7/scripts/custom.js HTTP/1.1" 200 637 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/bf9304e/survey_runtime.js HTTP/1.1" 200 3855 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/f84d566c/decimalcustom.js HTTP/1.1" 200 843 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/35693a32/plugins/bootstrapconfirm/bootstrapconfirm.min.js HTTP/1.1" 200 817 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/35693a32/bootstrap.min.js HTTP/1.1" 200 11272 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:07 +0000] "GET /tmp/assets/8a588914/decimal.js HTTP/1.1" 200 32206 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:08 +0000] "GET /tmp/assets/45cafbd7/scripts/theme.js HTTP/1.1" 200 4080 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:08 +0000] "GET /tmp/assets/45cafbd7/scripts/ajaxify.js HTTP/1.1" 200 2575 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:08 +0000] "GET /tmp/assets/bf9304e/nojs.js HTTP/1.1" 200 505 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:08 +0000] "GET /tmp/assets/604e70d6/build/embeddables.min.js HTTP/1.1" 200 7667 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:08 +0000] "GET /tmp/assets/6a40eab9/favicon.ico HTTP/1.1" 200 15366 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:09 +0000] "GET /tmp/assets/799d10c0/css/theme.css HTTP/1.1" 200 4777 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:09 +0000] "GET /tmp/assets/35693a32/bootstrap.min.css.map HTTP/1.1" 404 6072 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "POST /index.php/793886 HTTP/1.1" 500 6781 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/b1d0522f/jquery-migrate-3.3.0.min.js HTTP/1.1" 200 4354 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/b1d0522f/jquery-3.5.1.min.js HTTP/1.1" 200 31241 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/6fb7c77a/survey.js HTTP/1.1" 200 4985 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/5ae3aa62/template-core.js HTTP/1.1" 200 2288 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/35693a32/plugins/bootstrapconfirm/bootstrapconfirm.min.js HTTP/1.1" 200 815 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/45cafbd7/scripts/theme.js HTTP/1.1" 200 4080 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/e1487f33/build/lslog.js HTTP/1.1" 200 20145 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/45cafbd7/scripts/custom.js HTTP/1.1" 200 635 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/bf9304e/survey_runtime.js HTTP/1.1" 200 3853 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/23bbe4b7/moment-with-locales.min.js HTTP/1.1" 200 65919 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/f84d566c/decimalcustom.js HTTP/1.1" 200 841 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/1c05963b/em_javascript.js HTTP/1.1" 200 36157 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/35693a32/bootstrap.min.js HTTP/1.1" 200 11270 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/45cafbd7/scripts/ajaxify.js HTTP/1.1" 200 2575 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/8a588914/decimal.js HTTP/1.1" 200 32204 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/45d01739/pjax.js HTTP/1.1" 200 12978 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /tmp/assets/604e70d6/build/embeddables.min.js HTTP/1.1" 200 7667 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:11 +0000] "GET /index.php/favicon.ico HTTP/1.1" 404 6042 "https://surveys.cloud.our-domain.com/index.php/793886" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:12 +0000] "GET /tmp/assets/45cafbd7/css/errors.css HTTP/1.1" 200 1187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
10.244.0.1 - - [15/Jan/2021:14:56:12 +0000] "GET /tmp/assets/35693a32/bootstrap.min.css.map HTTP/1.1" 404 6072 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
michidk commented 3 years ago

The weird thing is, that none of the questions in those surveys was set to be encrypted. Also, the responses seem to get successfully submitted after all and can be seen in the admin interface. I can also see the submitted answers without any problems. So I think the encryption key is working, but something else might be going on.

michidk commented 3 years ago

Fixed it. Okay this is super dump and actually had nothing to do with this image: The SMTP server password apparently was wrong. No clue why it would show this specific sodium exception...

PabloCastellano commented 3 years ago

I am facing this issue too and re-typing my SMTP password fixed it as well. Weird!

PabloCastellano commented 3 years ago

The exception is raised when trying to retrieve the encrypted SMTP password and decrypting it.

From /var/www/html/application/core/LimeMailer.php:

$emailsmtpuser = Yii::app()->getConfig("emailsmtpuser");
$emailsmtppassword = LSActiveRecord::decryptSingle(Yii::app()->getConfig("emailsmtppassword"));

FWIW here is the stack trace:


{
  "success": false,
  "message": "¡Llave de encriptación errónea! La llave ha cambiado desde la última vez que se guardaron estos datos, por lo tanto no pueden ser desencriptados. Por favor consulte el manual en https://manual.limesurvey.org/Data_encryption#Errors.",
  "error": {
    "code": 500,
    "type": "SodiumException",
    "errorCode": 0,
    "message": "¡Llave de encriptación errónea! La llave ha cambiado desde la última vez que se guardaron estos datos, por lo tanto no pueden ser desencriptados. Por favor consulte el manual en https://manual.limesurvey.org/Data_encryption#Errors.",
    "file": "/var/www/html/application/core/LSSodium.php",
    "line": 120,
    "trace": "#0 /var/www/html/application/models/LSActiveRecord.php(353): LSSodium->decrypt()\n#1 /var/www/html/application/core/LimeMailer.php(131): LSActiveRecord::decryptSingle()\n#2 /var/www/html/application/controllers/UserManagementController.php(1312): LimeMailer->__construct()\n#3 /var/www/html/application/controllers/UserManagementController.php(1340): UserManagementController->sendAdminMail()\n#4 /var/www/html/application/controllers/UserManagementController.php(867): UserManagementController->resetLoginData()\n#5 /var/www/html/framework/web/actions/CInlineAction.php(49): UserManagementController->actionBatchSendAndResetLoginData()\n#6 /var/www/html/framework/web/CController.php(308): CInlineAction->runWithParams()\n#7 /var/www/html/framework/web/CController.php(286): CController->runAction()\n#8 /var/www/html/framework/web/CController.php(265): CController->runActionWithFilters()\n#9 /var/www/html/application/controllers/LSBaseController.php(160): CController->run()\n#10 /var/www/html/framework/web/CWebApplication.php(282): LSBaseController->run()\n#11 /var/www/html/framework/web/CWebApplication.php(141): CWebApplication->runController()\n#12 /var/www/html/framework/base/CApplication.php(185): CWebApplication->processRequest()\n#13 /var/www/html/index.php(182): CApplication->run()\n#14 {main}",
    "traces": [
      {
        "file": "/var/www/html/application/models/LSActiveRecord.php",
        "line": 353,
        "function": "decrypt",
        "class": "LSSodium",
        "type": "->"
      },
      {
        "file": "/var/www/html/application/core/LimeMailer.php",
        "line": 131,
        "function": "decryptSingle",
        "class": "LSActiveRecord",
        "type": "::"
      },
      {
        "file": "/var/www/html/application/controllers/UserManagementController.php",
        "line": 1312,
        "function": "__construct",
        "class": "LimeMailer",
        "type": "->"
      },
      {
        "file": "/var/www/html/application/controllers/UserManagementController.php",
        "line": 1340,
        "function": "sendAdminMail",
        "class": "UserManagementController",
        "type": "->"
      },
      {
        "file": "/var/www/html/application/controllers/UserManagementController.php",
        "line": 867,
        "function": "resetLoginData",
        "class": "UserManagementController",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/actions/CInlineAction.php",
        "line": 49,
        "function": "actionBatchSendAndResetLoginData",
        "class": "UserManagementController",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/CController.php",
        "line": 308,
        "function": "runWithParams",
        "class": "CInlineAction",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/CController.php",
        "line": 286,
        "function": "runAction",
        "class": "CController",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/CController.php",
        "line": 265,
        "function": "runActionWithFilters",
        "class": "CController",
        "type": "->"
      },
      {
        "file": "/var/www/html/application/controllers/LSBaseController.php",
        "line": 160,
        "function": "run",
        "class": "CController",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/CWebApplication.php",
        "line": 282,
        "function": "run",
        "class": "LSBaseController",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/web/CWebApplication.php",
        "line": 141,
        "function": "runController",
        "class": "CWebApplication",
        "type": "->"
      },
      {
        "file": "/var/www/html/framework/base/CApplication.php",
        "line": 185,
        "function": "processRequest",
        "class": "CWebApplication",
        "type": "->"
      },
      {
        "file": "/var/www/html/index.php",
        "line": 182,
        "function": "run",
        "class": "CApplication",
        "type": "->"
      }
    ]
  }
}```