Server Error : Unauthorized

bakfiets2 commented 3 years ago

Please confirm you have done the following before posting your bug report:

[x] I have enabled debug mode
[X] I have read checked the Common Issues page

Describe the bug Fresh install of Snipe-It on a server Running Plesk Onyx. PHP Composer installs fine. Tried installing 4.8.0 and 4.8.5. Tried all PHP versions from 7 and up.

The thing is. If i want to add a Category. Lets say. In Licenses. The drop down menu tells me that the Results could not be loaded. If i try to add the category the window says: Server Error : Unauthorized

To Reproduce Steps to reproduce the behavior:

Go to 'Licenses -> Category drop down -> Then New -> Add'
Click on '....'
Scroll down to '....'
See error

Server (please complete the following information):

Snipe-IT Version : 4.6.4
OS: Ubuntu 18.04.5 LTS. Plesk Obsidian Version 18.0.30
Web Server: Apache
PHP Version :

Desktop (please complete the following information):

OS: [e.g. iOS] Mac Os Catalina. Windows 10 Pro
Browser Safar, Firefox, Microsoft Edge
Version [e.g. 22]

Error Messages Version v4.9.4 - build 4437 (master) Snipe-IT is open source software, made with love by @snipeitapp. 7.4.10358ms4MB5.5.50productionnlGET api/v1/categories/{item_type}/selectlist

Unauthenticated./var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php#66Illuminate\Auth\AuthenticationException

            }
        }

        throw new AuthenticationException('Unauthenticated.', $guards);
    }
}

#0 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(41): Illuminate\Auth\Middleware\Authenticate->authenticate()
#1 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Auth\Middleware\Authenticate->handle()
#2 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#3 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#4 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\Pipeline\Pipeline->then()
#5 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\Routing\Router->runRouteWithinStack()
#6 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\Routing\Router->runRoute()
#7 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Router.php(590): Illuminate\Routing\Router->dispatchToRoute()
#8 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Routing\Router->dispatch()
#9 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#10 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(65): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#11 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Debugbar\Middleware\InjectDebugbar->handle()
#12 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#13 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/app/Http/Middleware/SecurityHeaders.php(26): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#14 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\SecurityHeaders->handle()
#15 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#16 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#17 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#18 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#19 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/app/Http/Middleware/CheckForDebug.php(25): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#20 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\CheckForDebug->handle()
#21 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#22 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/app/Http/Middleware/CheckForSetup.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#23 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\CheckForSetup->handle()
#24 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#25 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#26 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\Proxy\TrustProxies->handle()
#27 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#28 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#29 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#30 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#32 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Session\Middleware\StartSession->handle()
#33 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#34 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#35 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle()
#36 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#37 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/barryvdh/laravel-cors/src/HandlePreflight.php(29): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#38 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Cors\HandlePreflight->handle()
#39 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#40 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}()
#41 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\Pipeline\Pipeline->then()
#42 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#43 /var/www/vhosts/ict.jellevansetten.nl/httpdocs/public/index.php(58): Illuminate\Foundation\Http\Kernel->handle()
#44 {main}

bakfiets2 commented 3 years ago

I can create API now. Can you get me going with the curl command?

snipe commented 3 years ago

Sure thing, @bakfiets2:

curl --request GET \
  --url 'https://YOUR-SNIPE-IT-DOMAIN/api/v1/users?limit=50&offset=0&sort=created_at&order=desc' \
  --header 'accept: application/json' \
  --header 'authorization: Bearer REPLACE-WITH-YOUR-TOKEN' \
  --header 'content-type: application/json'

Replacing the bits in all caps (url and token)

snipe commented 3 years ago

(Also switch that to http:// if you're not using SSL)

bakfiets2 commented 3 years ago

Looks like it works. No errors

{"total":1,"rows":[{"id":1,"avatar":"\/\/gravatar.com\/avatar\/3dfb4dd2322ec32a9b7bddf5956b1415","name":"Jelle van Setten","first_name":"Jelle","last_name":"van Setten","username":"admin","employee_num":"","manager":null,"jobtitle":null,"phone":null,"website":null,"address":null,"city":null,"state":null,"country":null,"zip":null,"email":"noreply@ict.jellevansetten.nl","department":null,"location":null,"notes":"","permissions":{"superuser":1},"activated":true,"two_factor_activated":false,"two_factor_enrolled":false,"assets_count":0,"licenses_count":0,"accessories_count":0,"consumables_count":0,"company":null,"created_at":{"datetime":"2020-09-23 21:07:46","formatted":"2020-09-23 09:07 PM"},"updated_at":{"datetime":"2020-09-23 22:17:03","formatted":"2020-09-23 10:17 PM"},"last_login":{"datetime":"2020-09-23 22:17:03","formatted":"2020-09-23 10:17 PM"},"available_actions":{"update":true,"delete":true,"clone":true,"restore":false},"groups":null}]}$

snipe commented 3 years ago

@bakfiets2 okay - that's good news. This still definitely feels like a weird header issue to me. I think @yosiasz is progressing through the releases to find the latest one where it still works, which should help us narrow down what change may have made this go wonky. I'm nearly convinced it's a header issue, but surprised that the HSTS stuff didn't resolve it.

bakfiets2 commented 3 years ago

Let's wait on the result of @yosiasz then! I will try to go down from 4.9.5 towards @yosiasz

snipe commented 3 years ago

One additional thing...

if you add:

ENABLE_HSTS=false

to your .env file and then clear your config caches with php artisan config:clear, does that change anything?

(It's a long shot, but what the hell, right?)

yosiasz commented 3 years ago

4.9.2 works!

snipe commented 3 years ago

(Seriously, I really appreciate both of your time on this. Without being able to reproduce it, it makes it really hard to fix it. We'll get this fixed, for sure, and I wouldn't be able to do it without your help.)

bakfiets2 commented 3 years ago

One additional thing...

if you add:
ENABLE_HSTS=false
to your .env file and then clear your config caches with php artisan config:clear, does that change anything?

(It's a long shot, but what the hell, right?)

Same error haha.

If you need or want acces to my server for a time let me know. Thnx for your time also!!!

snipe commented 3 years ago

Same error haha.

Sigh.

If you need or want acces to my server for a time let me know.

Actually, that could potentially be really useful, since I can't reproduce this anywhere. If that's something you can do, shoot me an email snipe@snipe.net.

snipe commented 3 years ago

Also, just got a report that version 4.9.4 build 4437 does work. We're getting closer! That diff is WAY easier to parse through: https://github.com/snipe/snipe-it/compare/v4.9.4...v4.9.5

(Any additional confirmation of that would be really helpful though)

bakfiets22 commented 3 years ago

I will sent you a mail! We are getting closer haha

yosiasz commented 3 years ago

👯 👏

yosiasz commented 3 years ago

spinning up 4.9.4

yosiasz commented 3 years ago

Confirming v4.9.4 - build 4437 is golden 🥇 . Someone messed up on 4.9.5

bakfiets2 commented 3 years ago

Error still exists on 4.9.4. Fresh install. Same error...

snipe commented 3 years ago

Huh - two different results then... That's... more confusing.

Also in looking at the diff between 4.9.4 and 4.9.5, I'm not seeing anything in there that would have affected headers or anything like this. https://github.com/snipe/snipe-it/compare/v4.9.4...v4.9.5

bakfiets22 commented 3 years ago

Confusing it is! I think i will wait till v5 arrives. Maybe that solves a lot!

snipe commented 3 years ago

Well, knowing what caused it is the only way we make sure the error wasn't carried over to v5.

bakfiets22 commented 3 years ago

True. I will send you the acces to my server tomorrow. You need all acces i assume? Acces to plesk and ssh?

snipe commented 3 years ago

@bakfiets2 I'll take whatever you're comfortable giving me :)

bakfiets22 commented 3 years ago

@bakfiets2 I'll take whatever you're comfortable giving me :)

All acces it is then!

snipe commented 3 years ago

Can either of you give develop a try? (Again, you'll need to run migrations, composer install, etc) and see if it happens in v5? We're really close to releasing, so it should be safe to try out.

bakfiets22 commented 3 years ago

Can either of you give develop a try? (Again, you'll need to run migrations, composer install, etc) and see if it happens in v5? We're really close to releasing, so it should be safe to try out.

Will do as soon as i can. Will be tomorrow!

yosiasz commented 3 years ago

Tested latest v5. Can't set LDAP configuration. After filling everything out (this would be nice if it was a config file you can manually set and hence copy around) and clicking save. it goes back to login screen.

snipe commented 3 years ago

@yosiasz Huh. That's... new.... Is that the latest RC or the develop branch?

We can't make the LDAP stuff a config file unfortunately because our hosted customers don't have access to the config file (and shouldn't). They could easily break their install with a typo, and also it would expose some of our API keys (for Amazon SES for example.) I suppose we could potentially check for the .env variables and offer the LDAP form if they don't exist though...

When I'm doing a lot of testing, I usually export the settings table contents into a scratch file and then run the SQL that re-inserts it when I reset the database. It's inelegant, but useful.

uberbrady commented 3 years ago

@yosiasz you may need to run migrations? php artisan migrate

yosiasz commented 3 years ago

latest RC. error is LdapAd.php:402#26

I m seeing new behavior when

Active Directory is checked LDAP Server is disabled and Active Directory Domain is enabled
Active Directory is unchecked LDAP Server is enabled and Active Directory Domain is disabled

yosiasz commented 3 years ago

everything is good and ready to run. issue is with ldap synch in latest RC

yosiasz commented 3 years ago

well folks, thanks for your support. We have opted to stick with

v4.8.0 - build 4186

yosiasz commented 3 years ago

Interesting. Migrating from 4.8.0 to Version v4.9.5 - build 4482 (master) (using https://snipe-it.readme.io/docs/upgrading) works no issue with the above unauthorized error.

creating a new install of 4.9.5 (using git or downloading the zip file) does not work

@snipe Could there be something cooking in the .env.example file?

snipe commented 3 years ago

@yosiasz Huh.... that's even weirder. If you copy the old .env over to the new install, do you see any change?

yosiasz commented 3 years ago

@snipe these are the net new things I see in .env.example when comparing it my working .env

ENABLE_HSTS=false

LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600

DB_SSL_IS_PAAS=false

snipe commented 3 years ago

If you comment those lines out and purge your config cache, is there any change?

#ENABLE_HSTS=false

#LDAP_MEM_LIM=500M
#LDAP_TIME_LIM=600

#DB_SSL_IS_PAAS=false

Or try setting ENABLE_HSTS to true?

ENABLE_HSTS=true

#LDAP_MEM_LIM=500M
#LDAP_TIME_LIM=600

#DB_SSL_IS_PAAS=false

to clear your config cache, run php artisan config:clear

yosiasz commented 3 years ago

did that and it is a no go. weird! Anyways we bumped it up to 4.9.5 using migrate and it works just fine. So for us, we are happy!

bakfiets2 commented 3 years ago

Tried the latest Beta. Error is still there...

Unauthenticated./var/www/vhosts/ict.jellevansetten.nl/httpdocs/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php#81Illuminate\Auth\AuthenticationException

     */
    protected function unauthenticated($request, array $guards)
    {
        throw new AuthenticationException(
            'Unauthenticated.', $guards, $this->redirectTo($request)
        );
    }

yosiasz commented 3 years ago

@snipe for version 5.0.0

php artisan snipeit:ldap-sync results in "Unable to connect to LDAP server" with exact same LDAP settings as another working instance with version 4.9.5 Looking into the settings table to see what is different there.

snipe commented 3 years ago

@uberbrady Can you look into the LDAP sync stuff here? (I know you're on vacation next week though.)

yosiasz commented 3 years ago

@uberbrady error is on testLdapAdUserConnection in LdapAd.php line 399 Windows Server 2019 IIS PHP Version 7.2.33

uberbrady commented 3 years ago

Any time you switch versions, always make sure to run composer install and php artisan migrate. That's always true, but it's even more true when you switch from 4.x to 5.x - there are some migrations there that do affect LDAP/AD setups. Those migrations need to be run in order for your Snipe-IT to continue to have access to your LDAP/AD server. There's also a new checkbox that you can mess with, which by default appends domain names to usernames. In a migrated setup, we keep that enabled.

Other questions - what are we using as the authentication query - samaccountname=? Or something else? Another thing to keep in mind when going between multiple installs - the LDAP password is encrypted using the APP_KEY to encrypt it with; if the APP_KEY changes, your password is going to be invalidated and you'd have to re-input it. I'm pretty sure we have some decent error handling around that though.

Other things, try logging in with all of: username@domain, domain\username, and just plain username - it's pretty fiddly and it's possible with the complete rewrite of the LDAP system, that we inadvertently changed something.

yosiasz commented 3 years ago

I am not doing an upgrade. I am doing a fresh install from zip download. Is v5.0.0-beta-5 for an upgrade only?

snipe commented 3 years ago

@yosiasz No, it can be a fresh install or upgrade. (All Snipe-IT versions are upgradable, even from the very first alpha release 7 years ago.)

mce-reggie commented 3 years ago

I believe that I have solved this.

I had the following set in my .env file:

COOKIE_DOMAIN=domain.com

The default is:

COOKIE_DOMAIN=null

After upgrading and setting COOKIE_DOMAIN back to the default of null, my install works normally.

Edit:

I should say that I am a fairly security conscious person and would like to set things up as tight as possible. I am not sure what the full implications of having the COOKIE_DOMAIN set back to null are, but I would like to re-enable that setting at some point if possible.

bakfiets22 commented 3 years ago

The LDAP Issue or the Unauthorized?

mce-reggie commented 3 years ago

Unauthorized issue.

mce-reggie commented 3 years ago

Update: This worked until I cleared my browser cookies, now I am back to square one.

Sorry for the false report, though, hopefully it gives you something to go on.

The issue appears to be cookie related.

In the past, after an upgrade, the issue appeared immediately. This time, I upgraded and all was well up until my browser cookies were cleared.

bakfiets2 commented 3 years ago

Still no luck. I think it has also something to do with Plesk. But i don't know what. Will try to install on a VM with ubuntu or something like that

snipe commented 3 years ago

@mce-reggie you should really be setting the COOKIE_DOMAIN to whatever domain the app is running on - and then make sure to run php artisan config:clear to clear out whatever cached env settings you had.

snipe commented 3 years ago

@mce-reggie when you cleared your browser cookies, are you getting the same issue as before ("Unauthorized") or a different one?

snipe / snipe-it

Server Error : Unauthorized #8458

Please confirm you have done the following before posting your bug report: