search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.63k stars 532 forks source link

QR Code generation API for MFA disabled. #4187

Open adrielCarmo opened 1 month ago

adrielCarmo commented 1 month ago

Steps to reproduce

  1. Send email with initial Google Authenticator code to new user.
  2. New user accesses the application and tries to generate the QR Code with the sent code.
  3. QR Code is not generated (broken image).

Bug: image

From what I investigated, the API used by Teampass for generating QR Codes (https://chart.googleapis.com/chart?) has been deprecated since 2012, and it appears to have been definitively deactivated:

image

All queries to the API return a 404 error. Support forums:

https://www.googlecloudcommunity.com/gc/AppSheet-Q-A/QR-Code-Generator-not-working/m-p/695918 https://groups.google.com/g/google-visualization-api/c/Pzzya6ed14g?pli=1

Expected behaviour

The QR code should be generated for the Google Authenticator configuration.

Actual behaviour

The QR Code is not generated, and the image appears broken.

Server configuration

Operating system: Debian GNU/Linux 12 (bookworm)

Web server: Server version: Apache/2.4.57 (Debian)

Database: mysql:5.7.43 (docker)

PHP version: PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS)

Teampass version: version 3.0.5

Teampass configuration file:

<?php
global $SETTINGS;
$SETTINGS = array (
    'max_latest_items' => '10',
    'enable_favourites' => '1',
    'show_last_items' => '1',
    'enable_pf_feature' => '0',
    'log_connections' => '1',
    'log_accessed' => '1',
    'time_format' => 'H:i:s',
    'date_format' => 'd/m/Y',
    'duplicate_folder' => '0',
    'item_duplicate_in_same_folder' => '0',
    'duplicate_item' => '0',
    'number_of_used_pw' => '3',
    'manager_edit' => '1',
    'cpassman_dir' => '/var/www/html/teampass',
    'cpassman_url' => 'https://mysistem.com',
    'favicon' => 'https://mysistem.com/favicon-ufms.ico',
    'path_to_upload_folder' => '/var/www/html/teampass/upload',
    'path_to_files_folder' => '/var/www/html/teampass/files',
    'url_to_files_folder' => 'https://mysistem.com/files',
    'activate_expiration' => '0',
    'pw_life_duration' => '0',
    'maintenance_mode' => '0',
    'enable_sts' => '0',
    'encryptClientServer' => '1',
    'teampass_version' => '3.0.5',
    'ldap_mode' => '1',
    'ldap_type' => 'ActiveDirectory',
    'ldap_suffix' => '0',
    'ldap_domain_dn' => '0',
    'ldap_domain_controler' => '0',
    'ldap_user_attribute' => 'samaccountname',
    'ldap_ssl' => '0',
    'ldap_tls' => '0',
    'ldap_search_base' => '0',
    'ldap_port' => '389',
    'richtext' => '0',
    'allow_print' => '0',
    'roles_allowed_to_print' => '0',
    'show_description' => '1',
    'anyone_can_modify' => '0',
    'anyone_can_modify_bydefault' => '0',
    'nb_bad_authentication' => '0',
    'utf8_enabled' => '1',
    'restricted_to' => '0',
    'restricted_to_roles' => '0',
    'enable_send_email_on_user_login' => '0',
    'enable_user_can_create_folders' => '0',
    'insert_manual_entry_item_history' => '0',
    'enable_kb' => '0',
    'enable_email_notification_on_item_shown' => '0',
    'enable_email_notification_on_user_pw_change' => '0',
    'custom_logo' => 'https://mysistem.com/logo-azul.svg',
    'custom_login_text' => '',
    'default_language' => 'english',
    'send_stats' => '0',
    'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
    'send_stats_time' => '1696692680',
    'get_tp_info' => '1',
    'send_mail_on_user_login' => '0',
    'nb_items_by_query' => 'auto',
    'enable_delete_after_consultation' => '0',
    'enable_personal_saltkey_cookie' => '0',
    'personal_saltkey_cookie_duration' => '31',
    'email_smtp_server' => 'mysmtp',
    'email_smtp_auth' => '1',
    'email_auth_username' => 'user_mysmtp',
    'email_auth_pwd' => 'pass_mysmtp',
    'email_port' => '587',
    'email_security' => 'tls',
    'email_server_url' => '',
    'email_from' => 'teampass@mysistem.com',
    'email_from_name' => 'Teampass',
    'pwd_maximum_length' => '40',
    'google_authentication' => '1',
    'delay_item_edition' => '0',
    'allow_import' => '1',
    'proxy_ip' => '',
    'proxy_port' => '',
    'upload_maxfilesize' => '10mb',
    'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
    'upload_imagesext' => 'jpg,jpeg,gif,png',
    'upload_pkgext' => '7z,rar,tar,zip,tar.gz',
    'upload_otherext' => 'sql,xml,pem,key,pub',
    'upload_imageresize_options' => '1',
    'upload_imageresize_width' => '800',
    'upload_imageresize_height' => '600',
    'upload_imageresize_quality' => '90',
    'use_md5_password_as_salt' => '0',
    'ga_website_name' => 'TeamPass',
    'api' => '0',
    'subfolder_rights_as_parent' => '0',
    'show_only_accessible_folders' => '0',
    'enable_suggestion' => '0',
    'otv_expiration_period' => '7',
    'default_session_expiration_time' => '60',
    'duo' => '0',
    'enable_server_password_change' => '0',
    'ldap_object_class' => '0',
    'bck_script_path' => '/var/www/html/teampass/backups',
    'bck_script_filename' => 'bck_teampass',
    'syslog_enable' => '0',
    'syslog_host' => 'localhost',
    'syslog_port' => '514',
    'manager_move_item' => '0',
    'create_item_without_password' => '0',
    'otv_is_enabled' => '0',
    'agses_authentication_enabled' => '0',
    'item_extra_fields' => '0',
    'saltkey_ante_2127' => 'none',
    'migration_to_2127' => 'done',
    'files_with_defuse' => 'done',
    'timezone' => 'America/Bahia',
    'enable_attachment_encryption' => '1',
    'personal_saltkey_security_level' => '50',
    'ldap_new_user_is_administrated_by' => '0',
    'disable_show_forgot_pwd_link' => '0',
    'offline_key_level' => '0',
    'enable_http_request_login' => '0',
    'ldap_and_local_authentication' => '1',
    'secure_display_image' => '1',
    'upload_zero_byte_file' => '1',
    'upload_all_extensions_file' => '1',
    'bck_script_passkey' => 'bkp_passkey',
    'admin_2fa_required' => '0',
    'password_overview_delay' => '4',
    'copy_to_clipboard_small_icons' => '1',
    'duo_ikey' => 'admin',
    'duo_skey' => '',
    'duo_host' => '',
    'duo_failmode' => 'secure',
    'roles_allowed_to_print_select' => '[1,2,3,4,5,6,7]',
    'clipboard_life_duration' => '30',
    'mfa_for_roles' => '[]',
    'tree_counters' => '0',
    'settings_offline_mode' => '0',
    'settings_tree_counters' => '0',
    'enable_massive_move_delete' => '0',
    'email_debug_level' => '3',
    'ga_reset_by_user' => '1',
    'onthefly-backup-key' => '',
    'onthefly-restore-key' => '',
    'ldap_user_dn_attribute' => 'distinguishedname',
    'ldap_dn_additional_user_dn' => 'OU=TE',
    'ldap_user_object_filter' => '(|(memberOf=CN=teampass-infra,OU=MY,DC=my,DC=domain,DC=com))',
    'ldap_bdn' => 'OU=MY,DC=my,DC=domain,DC=com',
    'ldap_hosts' => '192.168.1.10',
    'ldap_password' => 'mypassldap',
    'ldap_username' => 'CN=reader,DC=my,DC=domain,DC=com',
    'api_token_duration' => '60',
    'enable_tasks_manager' => '1',
    'task_maximum_run_time' => '300',
    'tasks_manager_refreshing_period' => '20',
    'maximum_number_of_items_to_treat' => '100',
    'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
    'enable_tasks_log' => '0',
    'upgrade_timestamp' => '1699284680',
    'enable_ad_users_with_ad_groups' => '0',
    'enable_ad_user_auto_creation' => '0',
    'ldap_group_object_filter' => '',
    'ldap_guid_attibute' => 'objectguid',
);

Updated from an older Teampass or fresh install: Fresh installation.

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36. MS Edge, Firefox, and Chrome are experiencing the issue.

Operating system: Windows 11 Pro

Logs

Web server error log

No significant errors are displayed in the web server log.

[Wed May 15 11:13:17.839618 2024] [php:warn] [pid 2102222] [client 10.212.134.41:51127] PHP Warning:  Undefined array key "id" in /var/www/html/teampass/sources/items.logs.php on line 110, referer: https://mysistem.com/index.php?page=items
[Wed May 15 11:13:17.839636 2024] [php:warn] [pid 2102222] [client 10.212.134.41:51127] PHP Warning:  Undefined array key "id" in /var/www/html/teampass/sources/items.logs.php on line 113, referer: https://mysistem.com/index.php?page=items

Log from the web-browser developer console (CTRL + SHIFT + i)

Failed to load resource: the server responded with a status of 404 (Not Found)
index.php:1680 Loading settings result:
index.php:1681 Object
index.php:2187 User starts auth
index.php:2671 Get 2FA Methods answer:
index.php:2672 {agses: false, google: true, yubico: false, duo: false}
index.php:2736 Data submitted to identifyUser:
index.php:2737 {GACode: 'EZuh9fJk7yFs', login: 'teste.teste', pw: 'p$RWRghssobci-x-', duree_session: '60', screenHeight: 713.656, …}
index.php:2758 Session existance check:
index.php:2759 {status: true}
index.php:2794 Identification answer:
index.php:2795 SESSION KEY is: Dv9985arACPMGqTpnj3Nfb7MgqCC3GmTvPdZM8Tp3mGXJ78Mxg
index.php:2796 {value: '', user_admin: 0, initial_url: '', pwd_attempts: 1, error: true, …}
index.php:2187 User starts auth
index.php:2671 Get 2FA Methods answer:
index.php:2672 {agses: false, google: true, yubico: false, duo: false}
index.php:2736 Data submitted to identifyUser:
index.php:2737 {GACode: 'EZuh9fJk7yFs', login: 'teste.teste', pw: 'uRKQgJQyfU3_V7Dx', duree_session: '60', screenHeight: 713.656, …}
index.php:2758 Session existance check:
index.php:2759 {status: true}
index.php:2794 Identification answer:
index.php:2795 SESSION KEY is: Dv9985arACPMGqTpnj3Nfb7MgqCC3GmTvPdZM8Tp3mGXJ78Mxg
index.php:2796 {value: '<img src="data:image/png;base64,PGh0bWw+PGJvZHk+PG…jQwNCBOb3QgRm91bmQ8L2gxPjwvYm9keT48L2h0bWw+Cg==">', user_admin: 0, initial_url: '', pwd_attempts: 2, error: false, …}error: falseinitial_url: ""message: "Flash this QR code with your mobile device, enter the 2Factor Authentication code and click `Enter` button."mfaStatus: "ga_temporary_code_correct"pwd_attempts: 2user_admin: 0value: "<img src=\"data:image/png;base64,PGh0bWw+PGJvZHk+PGgxPjQwNCBOb3QgRm91bmQ8L2gxPjwvYm9keT48L2h0bWw+Cg==\">"