Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CAS not working after migration to ynh 12 #497

Open
Thatoo opened this issue Nov 13, 2024 · 10 comments
Open

CAS not working after migration to ynh 12 #497

Thatoo opened this issue Nov 13, 2024 · 10 comments

Comments

@Thatoo
Copy link

Thatoo commented Nov 13, 2024

Describe the bug

After migrating to ynh 12, I can't connect to matrix account. When I click on "Continue with CAS", it goes to the ynh user app list only.

Context

  • Hardware: Old laptop or computer
  • YunoHost version: 12.0.7
  • I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no

Steps to reproduce

Connect to ynh SSO.
Go to app.element.io
Choose synapse server address
Click on "Continue with CAS"
Reach to the user ynh app list screen

Also, if I go on https://domain.tld/_matrix/cas_server.php, then I get a "Bad URL" page.

Expected behavior

Be able to click on continue/accept and be connected to matrix account within Element.

Logs

@Thatoo
Copy link
Author

Thatoo commented Nov 13, 2024

Well, I discover that if I'm not already logged in when I click on "Continue with CAS" but I login after then it works.

@Josue-T
Copy link

Josue-T commented Nov 20, 2024

Hello,

Can you try from testing to see if it solve the issue.

@Josue-T Josue-T added the bug label Nov 20, 2024
@Thatoo
Copy link
Author

Thatoo commented Nov 21, 2024

Still the same.
If I'm not logged in (private browser window), CAS is working and I can connect but if I'm already logged in as a user to ynh portal then CAS isn't working, I reach to the ynh user app list and I can't connect to Matrix in Element web app.

@Josue-T
Copy link

Josue-T commented Nov 21, 2024

So if I understand correctly the issue is with the session on which you are already logged in. If it's the case can you try to logout then login and try again. I would like to be sure that you have the correct cookie when you send the request.

@Thatoo
Copy link
Author

Thatoo commented Nov 21, 2024

No, it's the same. If I'm logged in (even if I first logout and then login again) when I click on the button "continue with CAS" then it goes to the ynh user app list instead of asking me to "accept".
If I'm logged out when I click on the button "continue with CAS", then I reach to the ynh login screen and after login, I have the page to "accept" and then it works.

I tried app.element.io on both Firefox private page and Firefox dev (not private, without any addons).

@Josue-T
Copy link

Josue-T commented Nov 21, 2024

Ok, maybe it coule be a crash of the php part. Can you share me the content of you php and nginx log ?

@Thatoo
Copy link
Author

Thatoo commented Nov 23, 2024

I could not find anything relevant in /var/log/php8.3-fpm.log nor in /var/log/nginx/:

  • error.log
  • ssowat.log
  • matrix.domain.tld-error.log

The only error I could find in logs when I repeat the action was in /var/log/domain.tld-error.log :

2024/11/23 20:02:25 [error] 264350#264350: *292189 open() "/usr/share/yunohost/portal/customassets/domain.tld.custom.css" failed (2: No such file or directory), client: 89.234.177.94, server: domain.tld, request: "GET /yunohost/sso/customassets/custom.css HTTP/2.0", host: "hamdel.in", referrer: "https://domain.tld/yunohost/sso/?r=aHR0cHM6Ly9tYXRyaXguaGFtZGVsLmluL19tYXRyaXgvY2FzX3NlcnZlci5waHAvbG9naW4/c2VydmljZT1odHRwczovL21hdHJpeC5oYW1kZWwuaW4vX21hdHJpeC9jbGllbnQvcjAvbG9naW4vY2FzL3RpY2tldD9yZWRpcmVjdFVybD1odHRwcyUzQSUyRiUyRmFwcC5lbGVtZW50LmlvJTJG"

@Josue-T
Copy link

Josue-T commented Nov 25, 2024

Can you share me the log that you have while do try a login in /var/log/nginx/<synapse domain>-access.log ?

@Thatoo
Copy link
Author

Thatoo commented Nov 25, 2024

xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:32 +0100] "GET /.well-known/matrix/client HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:32 +0100] "GET /_matrix/client/versions HTTP/2.0" 200 1063 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:32 +0100] "GET /_matrix/client/unstable/org.matrix.msc2965/auth_issuer HTTP/2.0" 404 59 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
::1 - - [25/Nov/2024:11:36:32 +0100] "GET /_matrix/client/v3/sync?timeout=30000&since=s51095_3444130_247_54547_10614_34_5635_29148_0_7&filter=0&set_presence=online HTTP/1.1" 200 225 "-" "mautrix-telegram/0.15.1+dev.unknown mautrix-python/0.20.6 aiohttp/3.11.0 Python/3.11.2"
yyy.yyy.yyy.yyy - - [25/Nov/2024:11:36:46 +0100] "GET /_matrix/client/v3/sync?filter=2&timeout=30000&set_presence=unavailable&since=s51095_3444134_247_54547_10614_34_5635_29148_0_7 HTTP/2.0" 200 252 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.86 Chrome/130.0.6723.59 Electron/33.0.2 Safari/537.36"
yyy.yyy.yyy.yyy - - [25/Nov/2024:11:36:46 +0100] "OPTIONS /_matrix/client/v3/sync?filter=2&timeout=30000&set_presence=unavailable&since=s51095_3444134_247_54547_10614_34_5635_29148_0_7 HTTP/2.0" 204 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.86 Chrome/130.0.6723.59 Electron/33.0.2 Safari/537.36"
yyy.yyy.yyy.yyy - - [25/Nov/2024:11:36:46 +0100] "GET /_matrix/client/v3/sync?filter=2&timeout=30000&set_presence=unavailable&since=s51095_3444134_247_54547_10614_34_5635_29148_0_7 HTTP/2.0" 200 402 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.86 Chrome/130.0.6723.59 Electron/33.0.2 Safari/537.36"
yyy.yyy.yyy.yyy - - [25/Nov/2024:11:36:47 +0100] "OPTIONS /_matrix/client/v3/sync?filter=2&timeout=30000&set_presence=unavailable&since=s51095_3444138_247_54547_10614_34_5635_29148_0_7 HTTP/2.0" 204 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.86 Chrome/130.0.6723.59 Electron/33.0.2 Safari/537.36"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /.well-known/matrix/client HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/versions HTTP/2.0" 200 1063 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/unstable/org.matrix.msc2965/auth_issuer HTTP/2.0" 404 59 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /.well-known/matrix/client HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/versions HTTP/2.0" 200 1063 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/unstable/org.matrix.msc2965/auth_issuer HTTP/2.0" 404 59 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/versions HTTP/2.0" 200 1063 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/unstable/org.matrix.msc2965/auth_issuer HTTP/2.0" 404 59 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:50 +0100] "GET /_matrix/client/v3/login HTTP/2.0" 200 170 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:52 +0100] "GET /_matrix/client/v3/login/sso/redirect/cas?redirectUrl=https%3A%2F%2Fapp.element.io%2F&org.matrix.msc3824.action=login HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
xxx.xxx.xxx.xxx - - [25/Nov/2024:11:36:52 +0100] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.domain.tld%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
^C

@Josue-T
Copy link

Josue-T commented Dec 17, 2024

So after some (long) investigation I confirm that it's a regression and it's an upstream issue. cf YunoHost/yunohost#2018

One important clarification of how to reproduce this issue is that this happen when the Yunohost portal domain is completely different than the element app domain. So by example we can easily reproduce the issue if we use element from https://app.element.io

So the current known workaround is to install on the Yunohost instance the element app and login on matrix from this app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants