search

passbolt / passbolt_browser_extension

Browser extensions (Firefox, Edge & Chrome) for Passbolt the open source password manager for teams
https://passbolt.com
GNU Affero General Public License v3.0
233 stars 72 forks source link

Pairing with mobile app not working for aarch64 self-hosted #179

Closed samuellhwarren closed 1 year ago

samuellhwarren commented 1 year ago

IMPORTANT: PLEASE READ

Only use github issues for bugs.

We will be more than happy to help you on the community forum for:

This is only a issue tracker for bugs related to the Passbolt Browser Extensions. For passbolt API, docker, command line interface, in short any other bugs please use the other relevant repositories.

If you are certain this is a new Browser Extension bug please use the following format:

ISSUE NAME

What you did

I followed the installation instructions and was able to setup a self-hosted instance using docker.

What happened

However, when I try to login on my phone, i get all the way up to adding my password and it says "HTTP Forbidden" and won't login.

What you expected to happen

I expect passbolt to pair with my phone.

DOCKER-COMPOSE FILE-

`version: '3.9' services: db: image: mariadb:latest # yobasystems/alpine-mariadb:latest restart: unless-stopped environment: MYSQL_RANDOM_ROOT_PASSWORD: "false" MYSQL_DATABASE: "passbolt" MYSQL_USER: "passbolt" MYSQL_PASSWORD: "some password" volumes:

volumes: database_volume: gpg_volume: jwt_volume: `

Gamabunta57 commented 1 year ago

Hi @samuellhwarren !

I will try to help to fix this issue you encounter. At first sight, I would think of your Passbolt server not being served over HTTPS but only HTTP (or HTTPS without a trusted certificate). But, it could be something else as well. So first of all, does your environment is up and running and is usable through the Passbolt web extension (I think it is but, it's just to be sure)? If yes, is your Passbolt server using HTTP only (not HTTPS)? Actually, the mobile app requires the server to use HTTPS (with a trusted certificate) that's why I'm asking. If you're using HTTPS, I would rather think then that the certificate you have and the server is not trusted by your mobile phone. There are help pages that might help you for both having a certificate on the server and accept a self-signed certificate.

The first one for the creation of a certificate: https://help.passbolt.com/configure/https/ce/debian/manual.html The second one for the mobile to accept self-signed certificate https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile

Gamabunta57 commented 1 year ago

Hey 👋,

Where you able to resolve your issues by any chance?

samuellhwarren commented 1 year ago

Nope

Sam Warren 253.797.4789 iPhone.iTypos.iApologize Samuellhwarren.com Samuelwarrenconsulting.com

On May 2, 2023, at 1:07 AM, Stéphane Loegel @.***> wrote:



Hey 👋,

Where you able to resolve your issues by any chance?

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1531053805, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYFFAQ7RQFID7XDDZVTXEC6DHANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.***>

Gamabunta57 commented 1 year ago

Okay, do you confirm your web server is not using HTTPS ?

samuellhwarren commented 1 year ago

It was using https, the app was not

Sam Warren 253.797.4789 iPhone.iTypos.iApologize Samuellhwarren.com Samuelwarrenconsulting.com

On May 3, 2023, at 5:46 AM, Stéphane Loegel @.***> wrote:



Okay, do you confirm your web server is not using HTTPS ?

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1532970136, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYCFWPXY2YV2CLM35SLXEJHS7ANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.***>

samuellhwarren commented 1 year ago

Sorry to further clarify, I am serving on http AND https ports, but using NGINX proxy manager as my cert authority to get letsencrypt certs.

Gamabunta57 commented 1 year ago

I investigated a bit more on your issue.I realised that I misunderstood the "HTTP Forbidden" error signification, sorry for that. It doesn't mean that you can't use HTTP, it just means that you received a 403 HTTP code "Forbidden". Based on that I tried to reproduce the issue and I managed to do it by desyncing the time on my local API.

It's required to have time synced on the server for everything to work properly. So, we should ensure that it's synced with an NTP server.

There are commands such as:

On a raspberry I think this 

sudo service ntp start

Or on a Ubuntu instance for example:

sudo systemctl stop systemd-timesyncd

I hope this could help 🙏

samuellhwarren commented 1 year ago

I’ll give it a try today thanks

Sam Warren 253.797.4789 iPhone.iTypos.iApologize Samuellhwarren.com Samuelwarrenconsulting.com

On May 8, 2023, at 6:11 AM, Stéphane Loegel @.***> wrote:



I investigated a bit more on your issue.I realised that I misunderstood the "HTTP Forbidden" error signification, sorry for that. It doesn't mean that you can't use HTTP, it just means that you received a 403 HTTP code "Forbidden". Based on that I tried to reproduce the issue and I managed to do it by desyncing the time on my local API.

It's required to have time synced on the server for everything to work properly. So, we should ensure that it's synced with an NTP server.

There are commands such as:

On a raspberry I think this

sudo service ntp start

Or on a Ubuntu instance for example:

sudo systemctl stop systemd-timesyncd

I hope this could help 🙏

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1538338550, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYBQKPZRUL2YPTELJUTXFDWHFANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.***>

samuellhwarren commented 1 year ago

I installed and started ntp in the docker container and I get the same error. I will install in the host system too, just in case.

From: Stéphane Loegel @.> Sent: Monday, May 8, 2023 6:11 AM To: passbolt/passbolt_browser_extension @.> Cc: Samuel Warren @.>; Mention @.> Subject: Re: [passbolt/passbolt_browser_extension] Pairing with mobile app not working for aarch64 self-hosted (Issue #179)

I investigated a bit more on your issue.I realised that I misunderstood the "HTTP Forbidden" error signification, sorry for that. It doesn't mean that you can't use HTTP, it just means that you received a 403 HTTP code "Forbidden". Based on that I tried to reproduce the issue and I managed to do it by desyncing the time on my local API.

It's required to have time synced on the server for everything to work properly. So, we should ensure that it's synced with an NTP server.

There are commands such as:

On a raspberry I think this

sudo service ntp start

Or on a Ubuntu instance for example:

sudo systemctl stop systemd-timesyncd

I hope this could help 🙏

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1538338550, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYBQKPZRUL2YPTELJUTXFDWHFANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.**@.>>

Gamabunta57 commented 1 year ago

Okay, then it's not that I guess. Btw, the only place I could reproduce the error message is during the key transfer between the browser extension and the mobile app via the QR Code. But, reading again the thread, I see you encounter the problem during mobile app login. Just to make sure we're aligned on the words and I understand your problem, you're already in a step where your account is transferred to your mobile or you're trying to transfer the account.

Also, there is a way to share the logs of the mobile application, it would be nice if you could do so. For that, normally on every screen you should have a question mark icon that opens a menu that contains an item "access the logs". From the logs screen you have another icon to share them. If you're okay to share them, it will help a lot in finding the origin of the problem.

Also, just for information, are you on Android or iOS?

samuellhwarren commented 1 year ago

iOS Here you go.

Passbolt: Device: iPhone iPhone OS: 16.4.1 App: 1.13.0

[2023-05-08 14:44:58] Initializing the app... [2023-05-08 14:44:58] ...app initialization completed! [2023-05-08 14:44:58] Verifying data integrity... [2023-05-08 14:44:58] ...data integrity verification finished [2023-05-08 14:44:58] Fetching server configuration... [2023-05-08 14:44:58] ...server configuration fetching skipped! [2023-05-08 14:44:58] [6E0701E6-2E94-43E9-A34D-691DDEE006D0] HTTP GET /lookup [2023-05-08 14:44:59] [6E0701E6-2E94-43E9-A34D-691DDEE006D0] HTTP 200 /lookup [2023-05-08 14:45:15] Beginning new account transfer... [2023-05-08 14:45:17] Processing QR code payload... [2023-05-08 14:45:17] ...processing succeeded, continuing transfer... [2023-05-08 14:45:17] [21D09EB7-FD5C-4C05-A8B1-49FEDEDD9EBC] HTTP POST /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:18] [21D09EB7-FD5C-4C05-A8B1-49FEDEDD9EBC] HTTP 200 /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing succeeded, continuing transfer... [2023-05-08 14:45:18] [45C55E6C-83DD-4884-9136-C9C0CC377C7B] HTTP POST /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:18] [45C55E6C-83DD-4884-9136-C9C0CC377C7B] HTTP 200 /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:18] Processing QR code payload... [2023-05-08 14:45:18] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing succeeded, continuing transfer... [2023-05-08 14:45:19] [4A175F4A-E0C5-4717-BE55-BA4AA1CE5486] HTTP POST /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:19] [4A175F4A-E0C5-4717-BE55-BA4AA1CE5486] HTTP 200 /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:19] Processing QR code payload... [2023-05-08 14:45:19] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing succeeded, continuing transfer... [2023-05-08 14:45:20] [32DC65AF-5D63-4F46-ACA8-BD76931A4AFE] HTTP POST /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:20] [32DC65AF-5D63-4F46-ACA8-BD76931A4AFE] HTTP 200 /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing succeeded, continuing transfer... [2023-05-08 14:45:20] [732EE356-9EE0-4AA0-872C-26504EE5295F] HTTP POST /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:20] [732EE356-9EE0-4AA0-872C-26504EE5295F] HTTP 200 /mobile/transfers/8d86331c-2b65-45ee-a130-51076264e9ac/e9fe64be-8e3f-4252-8a4f-9117d509293b.json [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:20] Processing QR code payload... [2023-05-08 14:45:20] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:21] Processing QR code payload... [2023-05-08 14:45:21] ...processing canceled! [2023-05-08 14:45:22] [97990592-DA52-4B56-B855-64E0FBCFDE7D] HTTP GET /img/avatar/user_medium.png [2023-05-08 14:45:22] [97990592-DA52-4B56-B855-64E0FBCFDE7D] HTTP 200 /img/avatar/user_medium.png [2023-05-08 14:45:31] Completing account transfer... [2023-05-08 14:45:31] Verifying data integrity... [2023-05-08 14:45:31] ...data integrity verification finished [2023-05-08 14:45:31] Beginning authorization... [2023-05-08 14:45:31] ...creating new access token... [2023-05-08 14:45:31] ...fetching server public PGP key... [2023-05-08 14:45:31] ...fetching server public RSA key... [2023-05-08 14:45:31] [75716F76-D5EE-4E86-8AA7-5456F34E76ED] HTTP GET /auth/verify.json [2023-05-08 14:45:31] [ECC013AE-B24B-4299-B313-720D19763305] HTTP GET /auth/jwt/rsa.json [2023-05-08 14:45:32] [75716F76-D5EE-4E86-8AA7-5456F34E76ED] HTTP 200 /auth/verify.json [2023-05-08 14:45:32] [ECC013AE-B24B-4299-B313-720D19763305] HTTP status code is not matching expected [2023-05-08 14:45:32] [ECC013AE-B24B-4299-B313-720D19763305] Network call failed. [2023-05-08 14:45:32] ...verifying server public PGP key... [2023-05-08 14:45:32] ...preparing authorization challenge... [2023-05-08 14:45:32] [FD939BF4-F7C9-4E84-BD68-8363E997F174] HTTP POST /auth/jwt/login.json [2023-05-08 14:45:32] [FD939BF4-F7C9-4E84-BD68-8363E997F174] HTTPForbidden [2023-05-08 14:45:32] [FD939BF4-F7C9-4E84-BD68-8363E997F174] Network call failed. [2023-05-08 14:45:32] HTTPForbidden [2023-05-08 14:45:32] ...authorization failed! [2023-05-08 14:45:32] HTTPForbidden [2023-05-08 14:45:32] ...account transfer failed! [2023-05-08 14:51:43] Completing account transfer... [2023-05-08 14:51:44] Beginning authorization... [2023-05-08 14:51:44] ...creating new access token... [2023-05-08 14:51:44] ...fetching server public PGP key... [2023-05-08 14:51:44] ...fetching server public RSA key... [2023-05-08 14:51:44] [B771E86A-82A5-443B-AAF4-F8049026C1C2] HTTP GET /auth/verify.json [2023-05-08 14:51:44] [40BF273E-71FC-4795-B28C-FF8660DCD247] HTTP GET /auth/jwt/rsa.json [2023-05-08 14:51:44] [B771E86A-82A5-443B-AAF4-F8049026C1C2] HTTP 200 /auth/verify.json [2023-05-08 14:51:44] ...verifying server public PGP key... [2023-05-08 14:51:44] [40BF273E-71FC-4795-B28C-FF8660DCD247] HTTP status code is not matching expected [2023-05-08 14:51:44] [40BF273E-71FC-4795-B28C-FF8660DCD247] Network call failed. [2023-05-08 14:51:44] ...preparing authorization challenge... [2023-05-08 14:51:45] [2BF4EB17-A258-41CD-99E5-5237105343AE] HTTP POST /auth/jwt/login.json [2023-05-08 14:51:45] [2BF4EB17-A258-41CD-99E5-5237105343AE] HTTPForbidden [2023-05-08 14:51:45] [2BF4EB17-A258-41CD-99E5-5237105343AE] Network call failed. [2023-05-08 14:51:45] HTTPForbidden [2023-05-08 14:51:45] ...authorization failed! [2023-05-08 14:51:45] HTTPForbidden [2023-05-08 14:51:45] ...account transfer failed! [2023-05-08 14:52:06] Beginning new account transfer... [2023-05-08 14:52:08] Processing QR code payload... [2023-05-08 14:52:08] ...duplicate account detected, aborting! [2023-05-08 14:52:08] [0A204797-AB40-4802-92BB-F4851F29CE3F] HTTP POST /mobile/transfers/dc819579-35ce-474b-b2c9-789a15fecf9b/ec84e63b-3c47-418c-92a0-49ee470623c9.json [2023-05-08 14:52:09] [0A204797-AB40-4802-92BB-F4851F29CE3F] HTTP 200 /mobile/transfers/dc819579-35ce-474b-b2c9-789a15fecf9b/ec84e63b-3c47-418c-92a0-49ee470623c9.json [2023-05-08 14:52:09] Duplicate account used for account transfer [2023-05-08 14:52:09] Duplicate account used for account transfer [2023-05-08 14:52:10] [F1402CD9-A86E-45BF-89DD-9FFDE88A3A97] HTTP GET /img/avatar/user_medium.png [2023-05-08 14:52:10] [F1402CD9-A86E-45BF-89DD-9FFDE88A3A97] HTTP 200 /img/avatar/user_medium.png [2023-05-08 14:52:15] Removing local account data... [2023-05-08 14:52:15] Verifying data integrity... [2023-05-08 14:52:15] ...data integrity verification finished [2023-05-08 14:52:15] ...removing local account data succeeded! [2023-05-08 14:52:15] Verifying data integrity... [2023-05-08 14:52:15] ...data integrity verification finished [2023-05-08 14:52:16] [44830155-162D-422D-A95C-E9DE95285B3F] HTTP GET /lookup [2023-05-08 14:52:16] [44830155-162D-422D-A95C-E9DE95285B3F] HTTP 200 /lookup [2023-05-08 14:52:26] Beginning new account transfer... [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing succeeded, continuing transfer... [2023-05-08 14:52:27] [10967652-8101-4FBC-B9BD-8892205F3D6D] HTTP POST /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:27] [10967652-8101-4FBC-B9BD-8892205F3D6D] HTTP 200 /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing canceled! [2023-05-08 14:52:27] Processing QR code payload... [2023-05-08 14:52:27] ...processing succeeded, continuing transfer... [2023-05-08 14:52:27] [183BC986-9ABE-42B8-9096-956CF16A25C8] HTTP POST /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:28] [183BC986-9ABE-42B8-9096-956CF16A25C8] HTTP 200 /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing succeeded, continuing transfer... [2023-05-08 14:52:28] [4EBE057A-9B5E-487E-8653-319705C6B947] HTTP POST /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:28] [4EBE057A-9B5E-487E-8653-319705C6B947] HTTP 200 /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:28] Processing QR code payload... [2023-05-08 14:52:28] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing succeeded, continuing transfer... [2023-05-08 14:52:29] [66E9A05C-5165-4908-8BBD-6B5487247379] HTTP POST /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:29] [66E9A05C-5165-4908-8BBD-6B5487247379] HTTP 200 /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing canceled! [2023-05-08 14:52:29] Processing QR code payload... [2023-05-08 14:52:29] ...processing succeeded, continuing transfer... [2023-05-08 14:52:29] [6BB62B49-9F2B-403E-A07C-DACFB9352E7F] HTTP POST /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:30] [6BB62B49-9F2B-403E-A07C-DACFB9352E7F] HTTP 200 /mobile/transfers/287278fb-b290-4fc2-a30b-8113d2ec3e9d/16ff72d5-1c8b-457b-a8cd-982cb4e82bf6.json [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:30] Processing QR code payload... [2023-05-08 14:52:30] ...processing canceled! [2023-05-08 14:52:31] [8272CD42-818F-4D0B-87AE-A5ECEEEF416E] HTTP GET /img/avatar/user_medium.png [2023-05-08 14:52:31] [8272CD42-818F-4D0B-87AE-A5ECEEEF416E] HTTP 200 /img/avatar/user_medium.png [2023-05-08 14:52:41] Completing account transfer... [2023-05-08 14:52:41] Verifying data integrity... [2023-05-08 14:52:41] ...data integrity verification finished [2023-05-08 14:52:41] Beginning authorization... [2023-05-08 14:52:42] ...creating new access token... [2023-05-08 14:52:42] ...fetching server public PGP key... [2023-05-08 14:52:42] ...fetching server public RSA key... [2023-05-08 14:52:42] [80FCEE18-87B6-4F0F-8D3F-D26F4FC93274] HTTP GET /auth/verify.json [2023-05-08 14:52:42] [D6A6C78D-3907-4742-BC4B-CBC045652A1B] HTTP GET /auth/jwt/rsa.json [2023-05-08 14:52:42] [D6A6C78D-3907-4742-BC4B-CBC045652A1B] HTTP status code is not matching expected [2023-05-08 14:52:42] [D6A6C78D-3907-4742-BC4B-CBC045652A1B] Network call failed. [2023-05-08 14:52:42] [80FCEE18-87B6-4F0F-8D3F-D26F4FC93274] HTTP 200 /auth/verify.json [2023-05-08 14:52:42] ...verifying server public PGP key... [2023-05-08 14:52:42] ...preparing authorization challenge... [2023-05-08 14:52:42] [4BA6EE87-91E9-47E9-885D-0FE358785B53] HTTP POST /auth/jwt/login.json [2023-05-08 14:52:42] [4BA6EE87-91E9-47E9-885D-0FE358785B53] HTTPForbidden [2023-05-08 14:52:42] [4BA6EE87-91E9-47E9-885D-0FE358785B53] Network call failed. [2023-05-08 14:52:42] HTTPForbidden [2023-05-08 14:52:42] ...authorization failed! [2023-05-08 14:52:42] HTTPForbidden [2023-05-08 14:52:42] ...account transfer failed!

Sam Warren 253.797.4789 iPhone.iTypos.iApologize Samuellhwarren.com Samuelwarrenconsulting.com

On May 8, 2023, at 9:58 AM, Stéphane Loegel @.***> wrote:



Okay, then it's not that I guess. Btw, the only place I could reproduce the error message is during the key transfer between the browser extension and the mobile app via the QR Code. But, reading again the thread, I see you encounter the problem during mobile app login. Just to make sure we're aligned on the words and I understand your problem, you're already in a step where your account is transferred to your mobile or you're trying to transfer the account.

Also, there is a way to share the logs of the mobile application, it would be nice if you could do so. For that, normally on every screen you should have a question mark icon that opens a menu that contains an item "access the logs". From the logs screen you have another icon to share them. If you're okay to share them, it will help a lot in finding the origin of the problem.

Also, just for information, are you on Android or iOS?

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1538725024, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYBHYOUWT6KA47E627TXFEQ2BANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.***>

Gamabunta57 commented 1 year ago

Okay, so according to the logs, the transfer of your private key to your mobile seems to be working. However, there is a last step where an attempt to sign in with the account fails. The mobile application is using JWT to manage authentication and it seems that the reason it is not working here is because the mobile app cannot access the RSA key used in the process. There could be many reason for that, the key is not readable or its folder, or it might not exist at all.

What can be tried is to run a healthcheck command and see what is the result in the JWT Authentication section. For that you will need to access your server via a terminal.

And then you can execute the following command:

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt" www-data

(if you want to have a full healthcheck run, you can remove --jwt)

You should have a result looking like the following (I renamed the folder on my instance to provoke an issue in the config):

JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [FAIL] The /var/www/passbolt/config/jwt/ directory should not be writable.
 [HELP] You can try: 
 [HELP] sudo chown -Rf root:www-data /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 750 /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.key
 [HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.pem
 [FAIL] A valid JWT key pair is missing
 [HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:
 [HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If there is an issue here, there should be instructions provided to help you fix the problem.

Anyway, if the jwt keys are not present, you can regenerate them with the following command (as mentioned in the help sections previously):

 sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If I'm not clear with the commands, there is this page as well which can guide you to generate the jwt keys https://help.passbolt.com/faq/hosting/how-to-generate-jwt-key-pair-manually

[EDIT] I forgot to mention that I could reproduce your issue by removing the JWT keys.

samuellhwarren commented 1 year ago

Awesome, I followed the steps and got this: [PASS] The JWT Authentication plugin is enabled [FAIL] The /etc/passbolt/jwt/ directory should not be writable. [HELP] You can try: [HELP] sudo chown -Rf root:www-data /etc/passbolt/jwt/ [HELP] sudo chmod 750 /etc/passbolt/jwt/ [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.key [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.pem [PASS] A valid JWT key pair was found

I followed the subsequent steps, and still get the fail though

From: Stéphane Loegel @.> Sent: Wednesday, May 10, 2023 3:01 AM To: passbolt/passbolt_browser_extension @.> Cc: Samuel Warren @.>; Mention @.> Subject: Re: [passbolt/passbolt_browser_extension] Pairing with mobile app not working for aarch64 self-hosted (Issue #179)

Okay, so according to the logs, the transfer of your private key to your mobile seems to be working. However, there is a last step where an attempt to sign in with the account fails. The mobile application is using JWT to manage authentication and it seems that the reason it is not working here is because the mobile app cannot access the RSA key used in the process. There could be many reason for that, the key is not readable or its folder, or it might not exist at all.

What can be tried is to run a healthcheck command and see what is the result in the JWT Authentication section. For that you will need to access your server via a terminal.

And then you can execute the following command:

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt" www-data

(if you want to have a full healthcheck run, you can remove --jwt)

You should have a result looking like the following (I renamed the folder on my instance to provoke an issue in the config):

JWT Authentication

[PASS] The JWT Authentication plugin is enabled

[FAIL] The /var/www/passbolt/config/jwt/ directory should not be writable.

[HELP] You can try:

[HELP] sudo chown -Rf root:www-data /var/www/passbolt/config/jwt/

[HELP] sudo chmod 750 /var/www/passbolt/config/jwt/

[HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.key

[HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.pem

[FAIL] A valid JWT key pair is missing

[HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:

[HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If there is an issue here, there should be instructions provided to help you fix the problem.

Anyway, if the jwt keys are not present, you can regenerate them with the following command (as mentioned in the help sections previously):

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If I'm not clear with the commands, there is this page as well which can guide you to generate the jwt keys https://help.passbolt.com/faq/hosting/how-to-generate-jwt-key-pair-manually

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1541841706, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYBZSEHQXV4F73UXVD3XFNRMFANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.**@.>>

samuellhwarren commented 1 year ago

Ok, but even though I get the fail, it now works! AWESOME! I will close this ticket.

From: Stéphane Loegel @.> Sent: Wednesday, May 10, 2023 3:01 AM To: passbolt/passbolt_browser_extension @.> Cc: Samuel Warren @.>; Mention @.> Subject: Re: [passbolt/passbolt_browser_extension] Pairing with mobile app not working for aarch64 self-hosted (Issue #179)

Okay, so according to the logs, the transfer of your private key to your mobile seems to be working. However, there is a last step where an attempt to sign in with the account fails. The mobile application is using JWT to manage authentication and it seems that the reason it is not working here is because the mobile app cannot access the RSA key used in the process. There could be many reason for that, the key is not readable or its folder, or it might not exist at all.

What can be tried is to run a healthcheck command and see what is the result in the JWT Authentication section. For that you will need to access your server via a terminal.

And then you can execute the following command:

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt" www-data

(if you want to have a full healthcheck run, you can remove --jwt)

You should have a result looking like the following (I renamed the folder on my instance to provoke an issue in the config):

JWT Authentication

[PASS] The JWT Authentication plugin is enabled

[FAIL] The /var/www/passbolt/config/jwt/ directory should not be writable.

[HELP] You can try:

[HELP] sudo chown -Rf root:www-data /var/www/passbolt/config/jwt/

[HELP] sudo chmod 750 /var/www/passbolt/config/jwt/

[HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.key

[HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.pem

[FAIL] A valid JWT key pair is missing

[HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:

[HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If there is an issue here, there should be instructions provided to help you fix the problem.

Anyway, if the jwt keys are not present, you can regenerate them with the following command (as mentioned in the help sections previously):

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

If I'm not clear with the commands, there is this page as well which can guide you to generate the jwt keys https://help.passbolt.com/faq/hosting/how-to-generate-jwt-key-pair-manually

— Reply to this email directly, view it on GitHubhttps://github.com/passbolt/passbolt_browser_extension/issues/179#issuecomment-1541841706, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGQILYBZSEHQXV4F73UXVD3XFNRMFANCNFSM6AAAAAAW5TRKWQ. You are receiving this because you were mentioned.Message ID: @.**@.>>

samuellhwarren commented 1 year ago

Follow the JWT steps if you are running the same issues as me. :)

Gamabunta57 commented 1 year ago

Great!! I'm glad to read that!