search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.65k stars 537 forks source link

Admin Log Search Issue #4284

Open chcioni opened 1 month ago

chcioni commented 1 month ago
### Steps to reproduce 1. Log with admin user 2. Access to users menu 3. On user see logs 4. Type on search for view a error ### Expected behaviour Displaying rows that have a match ### Actual behaviour Popup Alert: DataTables warning: table id=table-logs - Ajax error. For more information about this error, please see http://datatables.net/tn/7 ### Server configuration Ubuntu 22.04 LTS Docker Alpine Linux v3.18 PHP version: 8.2.7 DB: 10.11.6-MariaDB Teampass versions: 3.1.1.26 (same in 3.1.0.11) Teampass configuration file: 'max_latest_items' => '10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '1', 'log_connections' => '1', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '0', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '0', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '/var/www/html', 'path_to_upload_folder' => '/var/www/html/upload', 'path_to_files_folder' => '/var/www/html/files', 'activate_expiration' => '0', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'cpassman_version' => '2.1.27', 'ldap_mode' => '0', 'ldap_type' => '0', 'ldap_suffix' => '0', 'ldap_domain_dn' => '0', 'ldap_domain_controler' => '0', 'ldap_user_attribute' => '0', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'richtext' => '0', 'allow_print' => '1', 'roles_allowed_to_print' => '["["["["["["["["["["["["["["5"]"]"]"]"]"]"]"]"]"]"]"]"]"]', 'show_description' => '0', 'anyone_can_modify' => '0', 'anyone_can_modify_bydefault' => '0', 'nb_bad_authentication' => '5', 'utf8_enabled' => '1', 'restricted_to' => '0', 'restricted_to_roles' => '0', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '0', 'insert_manual_entry_item_history' => '0', 'enable_kb' => '0', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '0', 'get_tp_info' => '1', 'send_mail_on_user_login' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '0', 'enable_personal_saltkey_cookie' => '0', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => 'xxxxxxxx', 'email_smtp_auth' => 'true', 'email_auth_username' => 'xxxxxxxxxxxxxx', 'email_auth_pwd' => 'xxxxxxxxxxxxx', 'email_port' => '465', 'email_security' => 'ssl', 'email_server_url' => '', 'email_from' => 'sendertools@staff.aruba.it', 'email_from_name' => 'TeamPass Dev', 'pwd_maximum_length' => '60', 'google_authentication' => '1', 'delay_item_edition' => '0', 'allow_import' => '1', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => '', 'api' => '0', 'subfolder_rights_as_parent' => '1', 'show_only_accessible_folders' => '0', 'enable_suggestion' => '0', 'otv_expiration_period' => '7', 'default_session_expiration_time' => '60', 'duo' => '0', 'send_stats_time' => '0', 'tree_counters' => '0', 'item_extra_fields' => '0', 'enable_attachment_encryption' => '1', 'copy_to_clipboard_small_icons' => '0', 'settings_offline_mode' => '0', 'offline_key_level' => '0', 'bck_script_filename' => 'bck_cpassman', 'bck_script_path' => '/var/www/backup', 'can_create_root_folder' => '0', 'timezone' => 'Europe/Rome', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'ldap_object_class' => '0', 'teampass_version' => '3.1.1', 'migration_to_2127' => 'done', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;st', 'agses_authentication_enabled' => '0', 'personal_saltkey_security_level' => '0', 'ldap_new_user_is_administrated_by' => '0', 'ldap_port' => '389', 'enable_http_request_login' => '0', 'admin_2fa_required' => '0', 'otv_is_enabled' => '0', 'ldap_and_local_authentication' => '0', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '0', 'files_with_defuse' => 'done', 'password_overview_delay' => '4', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'mfa_for_roles' => '', 'settings_tree_counters' => '0', 'enable_massive_move_delete' => '0', 'email_debug_level' => '0', 'ga_reset_by_user' => '', 'onthefly-backup-key' => '', 'onthefly-restore-key' => '', 'ldap_user_dn_attribute' => '', 'ldap_dn_additional_user_dn' => '', 'ldap_user_object_filter' => '', 'ldap_bdn' => '', 'ldap_hosts' => '', 'ldap_password' => '', 'ldap_username' => '', 'api_token_duration' => '60', 'enable_tasks_manager' => '1', 'task_maximum_run_time' => '300', 'maximum_number_of_items_to_treat' => '300', 'tasks_manager_refreshing_period' => '100', 'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER', 'enable_tasks_log' => '0', 'enable_ad_users_with_ad_groups' => '0', 'enable_ad_user_auto_creation' => '0', 'ldap_group_object_filter' => '', 'ldap_guid_attibute' => 'objectguid', 'sending_emails_job_frequency' => '2', 'user_keys_job_frequency' => '1', 'items_statistics_job_frequency' => '5', 'reload_cache_table_task' => '', 'rebuild_config_file' => '', 'purge_temporary_files_task' => '', 'clean_orphan_objects_task' => '', 'users_personal_folder_task' => '', 'maximum_session_expiration_time' => '60', 'items_ops_job_frequency' => '1', 'upgrade_timestamp' => '1723124173', 'enable_refresh_task_last_execution' => '1', 'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames', 'pwd_default_length' => '14', 'tasks_log_retention_delay' => '3650', 'oauth2_enabled' => '0', 'oauth2_client_appname' => 'Login with Azure', 'oauth2_client_scopes' => 'openid,profile,email', ### Client configuration Firefox/Chrome Windows 10/11 ### Logs #### Web server error log [13/Aug/2024:10:50:20 +0000] "GET /sources/user.logs.datatables.php?draw=2&columns%5B0%5D%5Bdata%5D=0&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=f&search%5Bregex%5D=false&userId=2&_=1723546212939 HTTP/1.1" 500 5 "https://xxxxxxxxxx/index.php?page=users" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0" #### Log from the web-browser developer console (CTRL + SHIFT + i) XHRGET https://xxxxxxxxxx/sources/user.logs.datatables.php?draw=3&columns[0][data]=0&columns[0][name]=&columns[0][searchable]=true&columns[0][orderable]=true&columns[0][search][value]=&columns[0][search][regex]=false&columns[1][data]=1&columns[1][name]=&columns[1][searchable]=true&columns[1][orderable]=true&columns[1][search][value]=&columns[1][search][regex]=false&columns[2][data]=2&columns[2][name]=&columns[2][searchable]=true&columns[2][orderable]=true&columns[2][search][value]=&columns[2][search][regex]=false&order[0][column]=1&order[0][dir]=asc&start=0&length=10&search[value]=t&search[regex]=false&userId=2&_=1723546212940 [HTTP/2 500 8ms] and after debug verifiy the query: SELECT l.date as date, i.label as label, l.action as action FROM teampass_log_items as l INNER JOIN teampass_items as i ON (l.id_item=i.id) INNER JOIN teampass_users as u ON (l.id_user=u.id) WHERE u.id = 2 UNION SELECT s.date AS date, s.label AS label, s.field_1 AS field1 FROM teampass_log_system AS s WHERE s.qui = 2 AND label LIKE 'tes%' OR EXISTS (action LIKE 'tes%')
corentin-soriano commented 1 month ago

This log is from your access_log

[13/Aug/2024:10:50:20 +0000] "GET /sources/user.logs.datatables.php?draw=2&columns%5B0%5D%5Bdata%5D=0&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=asc&start=0&length=10&search%5Bvalue%5D=f&search%5Bregex%5D=false&userId=2&_=1723546212939 HTTP/1.1" 500 5 "https://xxxxxxxxxx/index.php?page=users" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0"

You should look at the error_log and the php log file (if fpm version) to see the PHP error (http code 500 = php error).

chcioni commented 1 month ago

[13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: "Stack trace:" [13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: "#0 /var/www/html/vendor/sergeytsalkov/meekrodb/db.class.php(890): MeekroDB->queryHelper(Array, Array)" [13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: "#1 /var/www/html/vendor/sergeytsalkov/meekrodb/db.class.php(116): MeekroDB->query('SELECT l.date a...')" [13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: "#2 /var/www/html/sources/user.logs.datatables.php(136): DB::__callStatic('query', Array)" [13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: "#3 {main}" [13-Aug-2024 10:50:20] WARNING: [pool www] child 59 said into stderr: " thrown in /var/www/html/vendor/sergeytsalkov/meekrodb/db.class.php on line 934" [13-Aug-2024 10:51:08] WARNING: [pool www] child 61 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught MeekroDBException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'action LIKE 't%')' at line 7 in /var/www/html/vendor/sergeytsalkov/meekrodb/db.class.php:934"