Closed PeterXQChen closed 1 year ago
Heres the full error in the logs:
{"level":"error","message":"Error: Unsupported state or unable to authenticate data\n at Decipheriv.final (node:internal/crypto/cipher:199:29)\n at CryptoNode.aes256GcmDecrypt (/opt/bundled/auth/packages/sncrypto-node/dist/src/CryptoNode.js:23:103)\n at CrypterNode.decryptUserServerKey (/opt/bundled/auth/packages/auth/dist/src/Domain/Encryption/CrypterNode.js:71:32)\n at CrypterNode.decryptForUser (/opt/bundled/auth/packages/auth/dist/src/Domain/Encryption/CrypterNode.js:53:51)\n at SettingDecrypter.decryptSettingValue (/opt/bundled/auth/packages/auth/dist/src/Domain/Setting/SettingDecrypter.js:32:33)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async SettingService.findSettingWithDecryptedValue (/opt/bundled/auth/packages/auth/dist/src/Domain/Setting/SettingService.js:65:25)\n at async VerifyMFA.execute (/opt/bundled/auth/packages/auth/dist/src/Domain/UseCase/VerifyMFA.js:91:31)\n at async InversifyExpressAuthController.pkceParams (/opt/bundled/auth/packages/auth/dist/src/Infra/InversifyExpressUtils/InversifyExpressAuthController.js:149:35)"}
I receive the same error message
==> logs/api-gateway.log <==
{"level":"error","message":"Could not pass the request to http://localhost:3103/auth/pkce_params on underlying service: {\"error\":{\"message\":\"Unfortunately, we couldn't handle your request. Please try again or contact our support if the error persists.\"}}"
Could not replicate on latest server version. Can you try docker compose down && docker compose pull && docker compose up -d
and let me know if this still occurres?
Yep same error. Something to do with the Cipher.
Hm the odd part is that we don't see this on prod and I can't replicate this on my local environment. So has to be something specific either to the env or data.
If you register a new user does it happen as well?
Also could you supply what OS are you running and did you run everything as in the self hosting docs or did you do anything custom to your setup?
Hmm one other suspicion might be the following.
Could you set in your .env
file the value of AUTH_SERVER_ENCRYPTION_SERVER_KEY
to the same value you had in your legacy setup at docker/auth.env
for ENCRYPTION_SERVER_KEY
.
then do docker compose down && docker compose pull && docker compose up -d
and see if that helps?
Im running Ubuntu 22.04 LTS, its a new setup with only Docker installed.
Standard Notes installation follows the self hosting doc exactly with no changes. See below for my docker compose file:
services:
server:
image: standardnotes/server
container_name: sn-server
env_file: .env
ports:
- 3000:3000
- 3125:3104
volumes:
- ./logs:/var/lib/server/logs
- ./uploads:/opt/bundled/files/packages/files/dist/uploads
networks:
- standardnotes
localstack:
image: localstack/localstack:1.3
container_name: sn-localstack
expose:
- 4566
restart: unless-stopped
environment:
- SERVICES=sns,sqs
- HOSTNAME_EXTERNAL=localstack
- LS_LOG=warn
volumes:
- ./localstack_bootstrap.sh:/etc/localstack/init/ready.d/localstack_bootstrap.sh
networks:
- standardnotes
db:
image: mysql:8
container_name: sn-db
environment:
- MYSQL_DATABASE=standard_notes_db
- MYSQL_USER=std_notes_user
- MYSQL_ROOT_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxx
- MYSQL_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxx
expose:
- 3306
restart: unless-stopped
command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci
volumes:
- ./data/mysql:/var/lib/mysql
- ./data/import:/docker-entrypoint-initdb.d
networks:
- standardnotes
cache:
image: redis:6.0-alpine
container_name: sn-cache
volumes:
- ./data/redis/:/data
expose:
- 6379
restart: unless-stopped
networks:
- standardnotes
networks:
standardnotes:
name: standardnotes
This is my .env:
######
# DB #
######
DB_HOST=db
DB_PORT=3306
DB_USERNAME=std_notes_user
DB_PASSWORD=xxxxxxxxxxxxxxxxxx
DB_DATABASE=standard_notes_db
DB_DEBUG_LEVEL=all
#########
# CACHE #
#########
REDIS_PORT=6379
REDIS_HOST=cache
This issue only appears when you enable 2FA for said user. Everything works fine when 2FA is off.
Hmm one other suspicion might be the following.
Could you set in your
.env
file the value ofAUTH_SERVER_ENCRYPTION_SERVER_KEY
to the same value you had in your legacy setup atdocker/auth.env
forENCRYPTION_SERVER_KEY
.then do
docker compose down && docker compose pull && docker compose up -d
and see if that helps?
This is a brand new install so I dont have any legacy values or setups.
Could not replicate on latest server version. Can you try
docker compose down && docker compose pull && docker compose up -d
and let me know if this still occurres?
To Reproduse:
docker compose down && docker compose pull && docker compose up -d
However adding AUTH_SERVER_ENCRYPTION_SERVER_KEY
seems to help...
How is it with the other variables in docker-entrypoint.sh
which are generated with openssl rand
?
Which ones need to be set in addition to DB_PASSWORD
?
Should be fixed by https://github.com/standardnotes/server/pull/481
I've updated the docs on what env vars should be set in the .env
file
Migrated everything from the previous version to this new version, everything was working well but when I restarted the docker containers and then tried to log again, I get the following error:
This seems to only happen if 2FA is enabled for the account. If 2FA is disabled, everything still works.