search

pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
https://docs.pwpush.com
Apache License 2.0
2.12k stars 359 forks source link

Can't create account on self-hosted app #2282

Closed Marc-Harony closed 5 months ago

Marc-Harony commented 5 months ago

🐛 Bug Report

Hi 👋🏻

I'm facing a problem with the current version of the app.

When I try to create an account, I have a 500 internal error.

I have nothing in the app logs that can help me to solve this issue.

I'm running the app behind a Cloudflare tunnel.

🔬 How To Reproduce

Steps to reproduce the behavior:

  1. Go to sign-up
  2. Enter your credentials

Code sample

Here is the compose file I am using:

---
services:
#  postgres:
#    image: docker.io/postgres:15
#    volumes:
#      - /var/lib/postgresql/data:/var/lib/postgresql/data
#    ports:
#      - "5432:5432"
#    environment:
#      POSTGRES_USER: pwpush_user
#      POSTGRES_PASSWORD: pwpush_passwd
#      POSTGRES_DB: pwpush_db

  pwpush:
    image: docker.io/pglombardo/pwpush:latest
    container_name: pwpush
    ports:
      - "25100:5100"
    environment:
      DATABASE_URL: "sqlite3:db/db.sqlite3"
#      DATABASE_URL: 'postgresql://pwpush_user:pwpush_passwd@postgres:5432/pwpush_db'
      AUDIT_LOG: "true"
      PWP__ENABLE_LOGINS: "true"
      PWP__MAIL__SMTP_USER_NAME: "some@email.com"
      PWP__MAIL__SMTP_PASSWORD: "whatever"
      PWP__MAIL__SMTP_ADDRESS: "smtp-mail.outlook.com"
      PWP__MAIL__SMTP_PORT: "587"
      PWP__MAIL__SMTP_STARTTLS: "true"
      PWP__ENABLE_FILE_PUSHES: "true"
      PWP__MAIL__SMTP_AUTHENTICATION: "null"
      PWP__ALLOW_ANONYMOUS: "true"
      PWP__MAIL__RAISE_DELIVERY_ERRORS: "true"
      PWP__MAIL__SMTP_ENABLE_STARTTLS_AUTO: "true"
      PWP__MAIL__OPEN_TIMEOUT: "10"
      PWP__MAIL__READ_TIMEOUT: "10"
      PWP__HOST_DOMAIN: "domain.com"
      PWP__HOST_PROTOCOL: "http"
      PWP__MAIL__MAILER_SENDER: '"Password Pusher Info" some@email.com'
      PWP__DISABLE_SIGNUPS: "false"
    networks:
      - docker_net

networks:
  docker_net:
    external:
      name: whatever

Environment

Where are you running/using Password Pusher?

If applicable, what version of Password Pusher?

v1.41.7

Thanks you for the help you can bring.

Peace ✌🏻

github-actions[bot] commented 5 months ago

Hello @Marc-Harony, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

pglombardo commented 5 months ago

Hi @Marc-Harony try changing the mailer sender:

PWP__MAIL__MAILER_SENDER: '"Password Pusher Info" <some@email.com>'

It's likely an email issue. If the above doesn't fix it, try validating your email configuration with these docs.

Marc-Harony commented 5 months ago

Hi,

Thanks for your reply!

Changing the mail sender did not solve the issue.

But there was a misconfiguration in the compose file. Now it seems good but Microsoft decided to lock my account. I keep the issue opened and update it when everything will be working and provide my full compose file.

Have a nice day ! :)

Marc-Harony commented 5 months ago

In case it helps, here is my compose file:

---
services:
  mysql:
    container_name: pwpush_sql
    image: mysql:8.0.32
    ports:
      - "3306:3306"
    environment:
      MYSQL_USER: 'pwpush_user'
      MYSQL_PASSWORD: 'pwpush_passwd'
      MYSQL_DATABASE: 'pwpush_db'
      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
    volumes:
      - ./data:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro                                      #To have the same time as the host
      - /etc/localtime:/etc/timezone:ro                                       #To have the same time as the host
    networks:
      - docker_net

  pwpush:
    image: docker.io/pglombardo/pwpush:latest
    container_name: pwpush
    ports:
      - "25100:5100"
    depends_on:
      - mysql
    links:
      - mysql:mysql
    volumes:
      - ./storage:/opt/PasswordPusher/storage:rw # (file uploads)
      - /etc/localtime:/etc/localtime:ro                                       #To have the same time as the host
      - /etc/localtime:/etc/timezone:ro                                       #To have the same time as the host
    environment:
#      DATABASE_URL: "sqlite3:db/db.sqlite3"
#      DATABASE_URL: 'postgres://pwpush:pwpush@postgres:5432/pwpush'
      DATABASE_URL: 'mysql2://pwpush_user:pwpush_passwd@mysql:3306/pwpush_db'
      AUDIT_LOG: "true"
      PWP__ENABLE_LOGINS: "true"
      PWP__MAIL__SMTP_USER_NAME: "some@email.com"
      PWP__MAIL__SMTP_PASSWORD: "strongPassword"
      PWP__MAIL__SMTP_ADDRESS: "smtp-mail.outlook.com"
      PWP__MAIL__SMTP_PORT: "587"
      PWP__MAIL__SMTP_STARTTLS: "true"
      PWP__ENABLE_FILE_PUSHES: "true"
      PWP__MAIL__SMTP_AUTHENTICATION: "login"
      PWP__ALLOW_ANONYMOUS: "true"
      PWP__MAIL__RAISE_DELIVERY_ERRORS: "true"
      PWP__MAIL__SMTP_ENABLE_STARTTLS_AUTO: "true"
      PWP__MAIL__OPEN_TIMEOUT: "10"
      PWP__MAIL__READ_TIMEOUT: "10"
      PWP__HOST_DOMAIN: "subdomain.domain.com"
      PWP__HOST_PROTOCOL: "http"
      PWP__MAIL__MAILER_SENDER: '"Password Pusher Info" <some@email.com>'
      PWP__DISABLE_SIGNUPS: "false"
    networks:
      - docker_net

networks:
  docker_net:
    [...]
pglombardo commented 5 months ago

Thanks @Marc-Harony!

pglombardo commented 1 week ago

Hi @Marc-Harony - just an update in case it applies to you. A security research team reported a vulnerability related to proxies here.

In v1.49.0 only local network proxies are trusted by default. For that release and going forward, when using Cloudflare as a proxy, you will likely have to specifically authorize the external IP to act as a proxy. Documentation here.

Hope all is well! If you have any questions, let me know.