search

salesagility / SuiteCRM-Core

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
179 stars 131 forks source link

Can't log out #253

Open etranger7 opened 1 year ago

etranger7 commented 1 year ago

Issue

Logout doesn't work. In a similar fashion to https://github.com/salesagility/SuiteCRM-Core/issues/116

Expected Behavior

User should log out.

Actual Behavior

The page loading animation keeps going on and on.

Steps to Reproduce

  1. Install bitnami docker container
  2. Login as admin
  3. Try logging out

Debian 11 PHP 8.1.18 Chrome Version 112.0.5615.138 Win 11

vladaman commented 1 year ago

We have same issue. Also maybe unrelated but sometimes when our session expires the browser goes into infinite loop. SuiteCRM 8.2.4

etranger7 commented 1 year ago

@vladaman are you also using Bitnami's docker container?

vladaman commented 1 year ago

No, we have migrated from 7.x to 8.2.4 and we have local install.

neben commented 9 months ago

Same problem on 8.5.0, Bitnami docker container.

chris001 commented 9 months ago

When you click Logout, what messages appear in the log(s)?
Please post them here.

neben commented 9 months ago

I get repeated 401 for <my_site>/site.webmanifest on the login page. Once I'm logged in, there is a 502 for one of the <my_site>/api/graphql calls:

{"operationName":"appMetadata","variables":{"id":"/api/app-metadata/home"},"query":"query appMetadata($id: ID!) {\n  appMetadata(id: $id) {\n    id\n    _id\n    moduleMetadata\n    __typename\n  }\n}"}

The preceding graphql calls succeed, though.

As for the server logs, I don't see the 502 for the graphql api call, it looks like a 200. The only difference I can see wrt to the other API calls is that the result is much bigger:

"POST /api/graphql HTTP/1.1" 200 936844
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:48 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 134
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:48 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 144
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:48 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 131
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:48 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 141
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 134
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 144
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 131
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 141
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 134
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Attribute/AttributeBag.php on line 144
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 131
server_crm.1.ei1xowk1khu9@nuc    | [14-Jan-2024 23:04:49 UTC] PHP Deprecated:  Return type of Symfony\Component\HttpFoundation\Session\Session::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /bitnami/suitecrm/vendor/symfony/http-foundation/Session/Session.php on line 141

Finally, logging out seemingly does not result in any logs, neither in the browser nor the backend.

chris001 commented 9 months ago

What happens when you edit line 14 of core/app/shell/src/index.html to: <link rel="manifest" href="site.webmanifest" crossorigin="use-credentials"> and try to log out again.
What happens from the logging out? What happens to the 401 error log messages?

neben commented 9 months ago

I changed the index.html at the location you mentioned, but it did not change the HTML response from the server. I then edited the public/dist/index.html and that worked, now the 401 is gone.

I also fixed the 502 as mentioned above, it was caused by our nginx in front of the CRM where the buffer size was not sufficient to support the large graphql call.

Logging out now works, however, there is a now a 500 error on the /logout endpoint:

{
    "type": "https:\/\/tools.ietf.org\/html\/rfc2616#section-10",
    "title": "An error occurred",
    "status": 500,
    "detail": "Internal Server Error"
}

Any ideas?

chris001 commented 9 months ago

A 500 HTTP error is typically the application's PHP code is crashing. There are multiple things to check:

  1. Check the suitecrm logs for PHP FATAL error log entries, and post them back here.
  2. Reset permissions from the command line - in case you inadvertently created file(s) Suite needs and can't access.
  3. What's the output of: cat /var/log/nginx/error.log | grep 500
neben commented 9 months ago

The logs pointed me to a problem with SAML2:

[2024-01-16 14:05:19] request.CRITICAL: Uncaught PHP Exception OneLogin\Saml2\Error: "Invalid array settings: sp_acs_url_invalid, sp_sls_url_invalid, idp_sso_url_invalid, idp_slo_url_invalid, idp_cert_or_fingerprint_not_found_and_required" at /bitnami/suitecrm/vendor/onelogin/php-saml/src/Saml2/Settings.php line 141 {"exception":"[object] (OneLogin\\Saml2\\Error(code: 2): Invalid array settings: sp_acs_url_invalid, sp_sls_url_invalid, idp_sso_url_invalid, idp_slo_url_invalid, idp_cert_or_fingerprint_not_found_and_required at /bitnami/suitecrm/vendor/onelogin/php-saml/src/Saml2/Settings.php:141)"} []

I then commented out the OneloginSamlBundle from the config/bundles.php, which solved my issue.

[...]
return [
    Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
    Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
    Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
    ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
    DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
    Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
    Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
    Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
    Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
    Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
    Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
    Shivas\VersioningBundle\ShivasVersioningBundle::class => ['all' => true],
//    Hslavich\OneloginSamlBundle\HslavichOneloginSamlBundle::class => ['all' => true],
];

I assume this was left over from the migrations? Is this the proper way to disable this?

chris001 commented 9 months ago

I also fixed the 502 as mentioned above, it was caused by our nginx in front of the CRM where the buffer size was not sufficient to support the large graphql call.

  1. Would you share here that line in the nginx config file, with the sufficient buffer size that works for you?

I assume this was left over from the migrations? Is this the proper way to disable this?

  1. Were you previously using SAML login? And you're not using SAML login now?
neben commented 9 months ago
  1. Would you share here that line in the nginx config file, with the sufficient buffer size that works for you?

Sure, I just copied the values from this article.

server {
    [...]
    proxy_busy_buffers_size 512k;
    proxy_buffers       4 512k;
    proxy_buffer_size   256k;
}
  1. Were you previously using SAML login? And you're not using SAML login now?

No, I was never using SAML and I'm not using it now. I have no idea how it got there...

chris001 commented 9 months ago

SAML is an optional login method, it reuses your organization's main user login service (windows AD, apple, google, amazon, etc.) once you're logged into your computer, you're auto logged in (no typing username / password) to every web application used by your org. The SAML bundle should do no harm and not cause this crash. This looks like a bug.

neben commented 9 months ago

Ok, thanks a lot for your help and pointing me in the right direction @chris001