search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.63k stars 532 forks source link

"reading" right for the API to an user => Error 500 Unknown column 'allowed_to_read' in 'field list' #4192

Closed crayt214 closed 1 month ago

crayt214 commented 1 month ago

Page on which it happened

Steps to reproduce

  1. Connect to teampass
  2. Go to API Settings
  3. Set the "read" right to an user image

Expected behaviour

The right "read" is OK for the user

Actual behaviour

Error 500 - in the server logs

Server configuration

Operating system: Linux dc1vm00499 5.4.17-2136.329.3.1.el8uek.x86_64 #2 SMP Mon Mar 4 23:56:08 PST 2024 x86_64

Web server: Apache

Database: 8.0.37

PHP version: 8.3.7

Teampass version: 3.1.2

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '0',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '1',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/app/data/teampass',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/app/data/teampass/upload',
'url_to_upload_folder' => 'https://<anonym_url>/upload',
'path_to_files_folder' => '/app/data/teampass/files',
'url_to_files_folder' => 'https://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.1.2',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '@mcs.priv',
'ldap_domain_dn' => 'DC=mcs,DC=priv',
'ldap_domain_controler' => 'ldap.mcs.priv',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '1',
'ldap_tls' => '1',
'ldap_search_base' => '0',
'ldap_port' => '3269',
'richtext' => '0',
'allow_print' => '1',
'roles_allowed_to_print' => '["["["2"]"]"]',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '1',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '1',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => 'Bienvenue sur Teampass3 de demonstration ! Pour avoir un compte, contactez Benjamin Souhait :)',
'default_language' => 'french',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1601915687',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '25',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '120',
'google_authentication' => '0',
'delay_item_edition' => '10',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '8080',
'upload_maxfilesize' => '150mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '1',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '500',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/app/data/teampass/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '1',
'syslog_host' => '<removed>'
'syslog_port' => '18514',
'manager_move_item' => '0',
'create_item_without_password' => '1',
'otv_is_enabled' => '1',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '1',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Paris',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '1',
'offline_key_level' => '0',
'enable_http_request_login' => '1',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '0',
'ldap_allowed_usergroup' => 'GL_APP_TEAMPASS_DEV',
'ldap_new_user_role' => '4',
'can_create_root_folder' => '1',
'copy_to_clipboard_small_icons' => '1',
'tree_counters' => '1',
'password_overview_delay' => '4',
'roles_allowed_to_print_select' => '[]',
'clipboard_life_duration' => '10',
'mfa_for_roles' => '',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '0',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => 'ou=Organization',
'ldap_user_object_filter' => '',
'ldap_bdn' => 'DC=mcs,DC=priv',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => 'CN=SRV Teampass Tier2,OU=Services Accounts,OU=Accounts,OU=Technic,DC=mcs,DC=priv',
'api_token_duration' => '60',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '3000',
'maximum_number_of_items_to_treat' => '3000',
'tasks_manager_refreshing_period' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '1',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => 'GL_APP_TEAMPASS_CLIENTS',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '1',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '5',
'reload_cache_table_task' => '',
'rebuild_config_file' => '',
'purge_temporary_files_task' => '',
'clean_orphan_objects_task' => '',
'users_personal_folder_task' => 'hourly;',
'maximum_session_expiration_time' => '500',
'items_ops_job_frequency' => '1',
'upgrade_timestamp' => '1715941936',
'enable_refresh_task_last_execution' => '1',
'new_api_key_label' => 'Automation',
'upload_imageresize_options_input' => '',
'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames',
'pwd_default_length' => '14',
'tasks_log_retention_delay' => '3650',
'oauth2_enabled' => '0',
'oauth2_client_appname' => 'Login with Azure',
'oauth2_client_scopes' => 'openid,profile,email',

Updated from an older Teampass or fresh install:

Client configuration

Browser: -

Operating system: - bits

Logs

Web server error log

[2024-05-17 13:14:31.012350] [R:Zkc8F3ME7kMIBCx0gCW5TgAAAZs] Request 14 on C:5kVYdBS5lPU pid:4882 tid:140534391654144 UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36'
Referer:'https://safe-demo.mcs.priv/index.php?page=api' safe-demo.mcs.priv
[2024-05-17 13:14:31.012435] [proxy_fcgi:error] [R:Zkc8F3ME7kMIBCx0gCW5TgAAAZs] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught MeekroDBException: Unknown column 'allowed_to_read' in 'field list' in /app/data/teampass/vendo
r/sergeytsalkov/meekrodb/db.class.php:934\nStack trace:\n#0 /app/data/teampass/vendor/sergeytsalkov/meekrodb/db.class.php(890): MeekroDB->queryHelper(Array, Array)\n#1 /app/data/teampass/vendor/sergeytsalkov/meekrodb/db.class.php(490):
 MeekroDB->query('UPDATE `teampas...')\n#2 [internal function]: MeekroDB->update('teampass_api', Array, 'increment_id = ...', 26)\n#3 /app/data/teampass/vendor/sergeytsalkov/meekrodb/db.class.php(116): call_user_func_array(Array, Array
)\n#4 /app/data/teampass/sources/admin.queries.php(2474): DB::__callStatic('update', Array)\n#5 {main}\n  thrown in /app/data/teampass/vendor/sergeytsalkov/meekrodb/db.class.php on line 934'

Log from the web-browser developer console (CTRL + SHIFT + i)

jquery.min.js:2 
 POST https://safe-demo.mcs.priv/sources/admin.queries.php 500 (Internal Server Error)
send    @   jquery.min.js:2
ajax    @   jquery.min.js:2
S.<computed>    @   jquery.min.js:2
(anonymous) @   index.php?page=api:3382
dispatch    @   jquery.min.js:2
v.handle    @   jquery.min.js:2
crayt214 commented 1 month ago

I had to create the column "allowed_to_read" in the DB after the upgrade.

=> alter table teampass_api add allowed_to_read int not null default 0;

Maybe the creation is missing in the upgrade process ?

And now everything is working fine.