search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.66k stars 540 forks source link

User list does not load #4217

Open lblantana opened 3 months ago

lblantana commented 3 months ago

In addition to the issue described below, I am unable to pull the 3.1.1 version via docker as "latest" gives me version 3.1.2.45 instead for which I find no documentation.

Page on which it happened

/index.php?page=users

Steps to reproduce

  1. open user list
  2. add a new user with "add button"
  3. return to users list to find it empty, pressing refresh spawns "loading..." and "in progress..." popup
  4. click propagate button to find them

Expected behaviour

User list appears

Actual behaviour

User list remains empty

Server configuration

Operating system: Linux d0ca94eee458 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64

Web server: Apache

Database: 10.11.6-MariaDB

PHP version: 8.3.6

Teampass version: 3.1.2

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '1',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'http://<anonym_url>
'favicon' => 'http://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'http://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.1.2',
'ldap_mode' => '0',
'ldap_type' => '0',
'ldap_user_attribute' => '0',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '10',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '1',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => 'TeamPass v3 Produktivsystem',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1715181348',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'sending_emails' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '1',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '1',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Berlin',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '0',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '0',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '1',
'password_overview_delay' => '10',
'copy_to_clipboard_small_icons' => '1',
'duo_ikey' => '<removed>'
'duo_skey' => '<removed>'
'duo_host' => '<removed>'
'duo_failmode' => 'secure',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '1',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '1',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => '',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '',
'ldap_bdn' => '',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => '',
'api_token_duration' => '60',
'last_folder_change' => '',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'tasks_manager_refreshing_period' => '20',
'maximum_number_of_items_to_treat' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '0',
'upgrade_timestamp' => '1717773348',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '2',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '5',
'users_personal_folder_task' => '',
'clean_orphan_objects_task' => '',
'purge_temporary_files_task' => '',
'rebuild_config_file' => '',
'reload_cache_table_task' => '',
'maximum_session_expiration_time' => '240',
'items_ops_job_frequency' => '1',
'enable_refresh_task_last_execution' => '1',
'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames',
'pwd_default_length' => '14',
'tasks_log_retention_delay' => '30',
'oauth2_enabled' => '0',
'oauth2_client_id' => '',
'oauth2_client_secret' => '',
'oauth2_client_endpoint' => '',
'oauth2_client_token' => '',
'oauth2_client_scopes' => 'openid,profile,email',
'oauth2_client_appname' => 'Login with Azure',
'can_create_root_folder' => '0',

Updated from an older Teampass or fresh install: Fresh install

Client configuration

Browser: - Chrome, Edge,

Operating system: - bits Windows Server

Logs

Web server error log

 -  ()

Teampass 10 last system errors

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

index.php:1 Mixed Content: The page at 'https://<hostname>/index.php?page=users' was loaded over HTTPS, but requested an insecure script 'http://<hostname>/includes/libraries/csrfp/js/csrfprotector.js'. This request has been blocked; the content must be served over HTTPS.
index.php?page=users:2617 Key appel get_teampass_settings : c05vmoulhqjrpp1ctbj9m7g114
jquery.min.js:2 Mixed Content: The page at 'https://<hostname>/index.php?page=users' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<hostname>/includes/language/datatables.english.txt'. This request has been blocked; the content must be served over HTTPS.
send @ jquery.min.js:2
jquery.min.js:2 Mixed Content: The page at 'https://<hostname>/index.php?page=users' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<hostname>/sources/users.datatable.php?draw=1&columns%5B0%5D%5Bdata%5D=0&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&c...umns%5B7%5D%5Bsearchable%5D=true&columns%5B7%5D%5Borderable%5D=true&columns%5B7%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B7%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B8%5D%5Bdata%5D=8&columns%5B8%5D%5Bname%5D=&columns%5B8%5D%5Bsearchable%5D=true&columns%5B8%5D%5Borderable%5D=true&columns%5B8%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B8%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&display_warnings=false&_=1718174707946'. This request has been blocked; the content must be served over HTTPS.
send @ jquery.min.js:2
index.php?page=users:3201 Table redrawn
index.php:1 Mixed Content: The page at 'https://<hostname>/index.php?page=users' was loaded over HTTPS, but requested an insecure favicon 'http://<hostname>/favicon.ico'. This request has been blocked; the content must be served over HTTPS.

jquery.min.js:2 Mixed Content: The page at 'https://<hostname>/index.php?page=users' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<hostname>/sources/users.datatable.php?draw=2&column…5Bvalue%5D=&search%5Bregex%5D=false&display_warnings=false&_=1718179022888'. This content should also be served over HTTPS.
index.php:1 Access to XMLHttpRequest at 'https://<hostname>/sources/users.datatable.php?draw=2&colum…5Bvalue%5D=&search%5Bregex%5D=false&display_warnings=false&_=1718179022888' (redirected from 'http://<hostname>/sources/users.datatable.php?draw=2&column…5Bvalue%5D=&search%5Bregex%5D=false&display_warnings=false&_=1718179022888') from origin 'https://<hostname>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
index.php?page=users:3201 Table redrawn
jquery.min.js:2 
 GET https://<hostname>/sources/users.datatable.php?draw=2&colum…5Bvalue%5D=&search%5Bregex%5D=false&display_warnings=false&_=1718179022888 net::ERR_FAILED 200 (OK)
lblantana commented 3 months ago

I also set "Insecure Content" to "allowed" in the site settings in the browser, which made the favicon load, but not the users list, that remains unchanged.

Maybe related to issue #4131 "I dont see any users as administrator". The content of /sources/users.datatable.php is:

// Output
$sOutput = '{';
$sOutput .= '"sEcho": '.(int) $request->query->filter('draw', FILTER_SANITIZE_NUMBER_INT).', ';
$sOutput .= '"iTotalRecords": '.$iTotal.', ';
$sOutput .= '"iTotalDisplayRecords": '.$iTotal.', ';
$sOutput .= '"aaData": ';
if (DB::count() > 0) {
    $sOutput .= '[';
} else {
    $sOutput .= '';
}

So this already contains the fix described there.

lblantana commented 3 months ago

I was able to find a workaround by loading "yunust60/teampass:3.1.1" instead of valterseu/teampass:latest or dormancygrace/teampass:latest. I still see version 3.1.2 in the webinterface, but at least the user list is loading.

JanuszU commented 1 month ago

@lblantana I have the same issue with the user list, what do You mean by "yunust60/teampass:3.1.1" I cannot find it anywhere on github

the tragic/funy part is that it was working and the user list was wisible on this version 3.1.2.45 just after install but I can not reproduse it any more

lblantana commented 1 month ago

@lblantana I have the same issue with the user list, what do You mean by "yunust60/teampass:3.1.1" I cannot find it anywhere

I tried this source for an empty test-installation but ultimately went back to the "original" source because I didn't want to use some untrusted provider for this critical application. Either way I got the user list to load after going back to the original source for the teampass container, which may have just been due to cleaning up remnants of existing deployments. I don't have a clear idea why the problem stopped and it was working then, but we encountered so many other broken parts that we decided that this version was fundamentally not workable and are still looking for an alternative.

JanuszU commented 1 month ago

@lblantana so what version do You work on if You do ? I am trying to update from version 2.1.27.36 and things seem to work except the user list I did try versions 3.1.2.45 ; 3.1.2.12 with no luck and then 3.1.1.26 and 3.1.1.74

lblantana commented 1 month ago

@JanuszU We decided that the currently available v3 versions had so many issues that made the software unusable that we put off switching to v3 entirely for now and are waiting for another 6 months or so before we revisit it and give it one last shot. If the problems aren't fixed by then we will look at proprietary offerings.

JanuszU commented 4 weeks ago

Hello @nilsteampassnet , do You have any idea why the user list does not show ? any ideas how to debug ?