pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
https://docs.pwpush.com
Apache License 2.0
2.11k stars 358 forks source link

Not systematically redirect to preview page when pushing files #1182

Open HinShell opened 1 year ago

HinShell commented 1 year ago

🐛 Bug Report

Hello, regularly, but not systematically, when I try to push a file, I am not redirected to the preview page.

Have a good day!

🔬 How To Reproduce

Steps to reproduce the behavior:

  1. Add file.
  2. Click on push it button.

Code sample

Environment

Where are you running/using Password Pusher?

pglombardo/pwpush-mysql 1.28.11 (same bug with previous version)

With a logged user. No anonymous allowed. No problem with pushing passwords. Nginx as reverse proxy.

Screenshots

📈 Expected behavior

Redirect to preview page when I push a file.

📎 Additional context

github-actions[bot] commented 1 year ago

Hello @HinShell, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

pglombardo commented 1 year ago

Hi @HinShell - that is a bit challenging to diagnose. I can confirm that it doesn't happen on pwpush.com and we haven't had any other reports of that (yet).

Is the site public? Could I try this out myself to diagnose?

If not, there would be a couple potential strategies to find the issue:

  1. Track HTTP request/response codes in the browser to make sure that nginx and pwpush are behaving as expected
  2. Check JS console for errors
  3. monitor nginx and pwpush logs (`/opt/PasswordPusher/logs/*.log)
  4. Try it out in incognito mode or another browser to rule out any browser extension interfering

Could you let me know on some of the points above?

HinShell commented 1 year ago

Indeed, sorry for the lack of information. Upon further inspection, I am encountering a 403 error when I click on "push." (if i click again it work)

I have tested it with Chrome and a fresh Firefox installation.

HTTP/2 403 Forbidden server: nginx date: Tue, 20 Jun 2023 07:23:59 GMT content-type: text/plain; charset=utf-8 content-length: 19 cache-control: no-cache x-request-id: 030a6201-6dc0-427a-af3e-61b49fee1dd9 x-runtime: 0.003666 X-Firefox-Spdy: h2

POST /fr/f HTTP/2 Host: xxx.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0 Accept: text/vnd.turbo-stream.html, text/html, application/xhtml+xml Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Referer: https://xxx.com/fr/f/new X-CSRF-Token: RvmQGQz7uDBDDjW9-Nyf6YJaQGYQ9e8KPLlZ07v-DgfJstcOZ_hZOTpIR1t6R5B8qCrulsOTyCu2_jjmZLz0kw Content-Type: multipart/form-data; boundary=---------------------------234761974919073309052416377316 Content-Length: 1734 Origin: https://xxx.com Connection: keep-alive Cookie: _PasswordPusher_session=qxxIwnOXVljMCf7QT6pojTQQsdvXPV%2BITbVjCrit56HT%2BpbD2lr8Sqp4C4Ja%2BJqmwummOgMxaY2Gy2hm2IdmJj8cZIm3iG5gSZk%2BiFfCapji7rMY3mywJF4rPMHuX%2BC3FpO%2Bwvvr1O%2B8afBdS012nC0HTE9Mh822Xvw4l39trbKsKmC5nc87A9EHIEuHiJrgawIPAyl93lPOOl0sXKrdGkcX6uq22JM8zUezenBykaIa8jjUaGg35eA6TthxqHJ10ikjLGkNRjCIr%2B%2F51WS4LIQ8B50lI%2Bo%2BC1A2cuS2R6kMWoVe9TenqDaCu95pFNma3DzctMm5SZ908FZNt1SwyL6fbq%2BMlqnxavTnL1qweHmtyOEb3YgYUuQcBsoqO04vl%2FeT1%2BGpVwQs8Tn7dfaK--MnRl4BUPCn2LvgX4--u53MBXWu%2F3EkElgCwcOjWA%3D%3D Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin TE: trailers

The log (DEBUG mode):

pwpush_1 | D, [2023-06-20T09:40:39.160941 #170] DEBUG -- : source=rack-timeout id=0566d270-2e8b-4dc3-9d35-446547c34646 timeout=15000ms state=ready pwpush_1 | D, [2023-06-20T09:40:39.161146 #170] DEBUG -- : source=rack-timeout id=0566d270-2e8b-4dc3-9d35-446547c34646 timeout=15000ms service=0ms state=active pwpush_1 | D, [2023-06-20T09:40:39.166517 #170] DEBUG -- : [0566d270-2e8b-4dc3-9d35-446547c34646] TRANSACTION (0.2ms) BEGIN pwpush_1 | D, [2023-06-20T09:40:39.168043 #170] DEBUG -- : [0566d270-2e8b-4dc3-9d35-446547c34646] ActiveStorage::Blob Create (1.3ms) INSERT INTO active_storage_blobs (key, filename, content_type, metadata, service_name, byte_size, checksum, created_at) VALUES ('8jyitubmbfn47vg9w3tpdpbw3pnn', 'majordhote_acartereau.ovpn', 'application/octet-stream', NULL, 'local', 5465, 'LtlqdjNpHr2QzIkfM8f6Zw==', '2023-06-20 07:40:39') pwpush_1 | D, [2023-06-20T09:40:39.170277 #170] DEBUG -- : [0566d270-2e8b-4dc3-9d35-446547c34646] TRANSACTION (1.5ms) COMMIT pwpush_1 | D, [2023-06-20T09:40:39.171877 #170] DEBUG -- : [0566d270-2e8b-4dc3-9d35-446547c34646] Disk Storage (0.4ms) Generated URL for file at key: 8jyitubmbfn47vg9w3tpdpbw3pnn (https://xxx.com/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDam9JYTJWNVNTSWhPR3A1YVhSMVltMWlabTQwTjNabk9YY3pkSEJrY0dKM00zQnViZ1k2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWgxaGNIQnNhV05oZEdsdmJpOXZZM1JsZEMxemRISmxZVzBHT3daVU9oTmpiMjUwWlc1MFgyeGxibWQwYUdrQ1dSVTZEV05vWldOcmMzVnRTU0lkVEhSc2NXUnFUbkJJY2pKUmVrbHJaazA0WmpaYWR6MDlCanNHVkRvUmMyVnlkbWxqWlY5dVlXMWxPZ3BzYjJOaGJBPT0iLCJleHAiOiIyMDIzLTA2LTIwVDA3OjQ1OjM5LjE3MVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--0d883bed72a6fbf35c6a109b072fa6a27829db09) pwpush_1 | D, [2023-06-20T09:40:39.173582 #170] DEBUG -- : [0566d270-2e8b-4dc3-9d35-446547c34646] User Load (0.4ms) SELECT users. FROM users WHERE users.id = 1 ORDER BY users.id ASC LIMIT 1 pwpush_1 | I, [2023-06-20T09:40:39.174334 #170] INFO -- : [0566d270-2e8b-4dc3-9d35-446547c34646] method=POST path=/rails/active_storage/direct_uploads format=json controller=ActiveStorage::DirectUploadsController action=create status=200 duration=10.84 view=0.47 db=3.05 user_id=1 ip=X.X.X.X forwarded_for=X.X.X.X pwpush_1 | D, [2023-06-20T09:40:39.175212 #170] DEBUG -- : source=rack-timeout id=0566d270-2e8b-4dc3-9d35-446547c34646 timeout=15000ms service=14ms state=completed pwpush_1 | D, [2023-06-20T09:40:39.201556 #170] DEBUG -- : source=rack-timeout id=4ee7dd25-2ee9-4ff0-9a29-4f46f61de911 timeout=15000ms state=ready pwpush_1 | D, [2023-06-20T09:40:39.203522 #170] DEBUG -- : source=rack-timeout id=4ee7dd25-2ee9-4ff0-9a29-4f46f61de911 timeout=15000ms service=2ms state=active pwpush_1 | I, [2023-06-20T09:40:39.203903 #170] INFO -- : [4ee7dd25-2ee9-4ff0-9a29-4f46f61de911] Disk Storage (0.5ms) Uploaded file to key: 8jyitubmbfn47vg9w3tpdpbw3pnn (checksum: LtlqdjNpHr2QzIkfM8f6Zw==) pwpush_1 | D, [2023-06-20T09:40:39.205671 #170] DEBUG -- : [4ee7dd25-2ee9-4ff0-9a29-4f46f61de911] User Load (0.4ms) SELECT users. FROM users WHERE users.id = 1 ORDER BY users.id ASC LIMIT 1 pwpush_1 | I, [2023-06-20T09:40:39.206154 #170] INFO -- : [4ee7dd25-2ee9-4ff0-9a29-4f46f61de911] method=PUT path=/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDam9JYTJWNVNTSWhPR3A1YVhSMVltMWlabTQwTjNabk9YY3pkSEJrY0dKM00zQnViZ1k2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWgxaGNIQnNhV05oZEdsdmJpOXZZM1JsZEMxemRISmxZVzBHT3daVU9oTmpiMjUwWlc1MFgyeGxibWQwYUdrQ1dSVTZEV05vWldOcmMzVnRTU0lkVEhSc2NXUnFUbkJJY2pKUmVrbHJaazA0WmpaYWR6MDlCanNHVkRvUmMyVnlkbWxqWlY5dVlXMWxPZ3BzYjJOaGJBPT0iLCJleHAiOiIyMDIzLTA2LTIwVDA3OjQ1OjM5LjE3MVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--0d883bed72a6fbf35c6a109b072fa6a27829db09 format=/ controller=ActiveStorage::DiskController action=update status=204 duration=3.08 view=0.00 db=0.00 user_id=1 ip=X.X.X.X forwarded_for=X.X.X.X pwpush_1 | D, [2023-06-20T09:40:39.206977 #170] DEBUG -- : source=rack-timeout id=4ee7dd25-2ee9-4ff0-9a29-4f46f61de911 timeout=15000ms service=5ms state=completed pwpush_1 | D, [2023-06-20T09:40:39.235651 #170] DEBUG -- : source=rack-timeout id=7ecb23b3-06fe-4a2a-8701-ee8d220c03b2 timeout=15000ms state=ready pwpush_1 | D, [2023-06-20T09:40:39.236335 #170] DEBUG -- : source=rack-timeout id=7ecb23b3-06fe-4a2a-8701-ee8d220c03b2 timeout=15000ms service=1ms state=active pwpush_1 | D, [2023-06-20T09:40:39.237633 #170] DEBUG -- : source=rack-timeout id=7ecb23b3-06fe-4a2a-8701-ee8d220c03b2 timeout=15000ms service=2ms state=completed

I'm checking internally to see if I can create an account for you.

Have a nice day.

pglombardo commented 1 year ago

Excellent. This is very helpful. This may be related or the same as #794.

I'm traveling for the next few weeks so I'll have to revisit this once I get back.

pglombardo commented 1 year ago

Hi @HinShell - what storage backend are you using? local, amazon or another?

HinShell commented 1 year ago

Hi @pglombardo, I'm using local storage backend.

p.s. hope you had a good time during your trip.

pglombardo commented 1 year ago

Hi @HinShell I can't say this is a guaranteed fix but I have made 4 fairly big fixes to File pushes. Could you retry with v1.30.11?

updated to v1.30.11

pglombardo commented 1 month ago

Hi @HinShell - did you ever make any progress on this? Has the latest releases helped?

Hope all is well.