v7.2 login popup issue

**yuri** · 09-10-2022, 06:44 PM

What changed. We don't store username in cookies anymore. We did it before to support environments w/o proper configuration for Espo. It was a fallback when auth information supposed to be sent via headers was lost someway. A security advisor recommended not to store usernames in cookies and we removed this logic.

What happens when you enter username/password in the popup?

**yuri** · 09-10-2022, 06:46 PM

There's where auth headers are read: https://github.com/espocrm/espocrm/b...i/Auth.php#L74.

**dev77** · 09-10-2022, 06:52 PM

Do you wish me to start a separate thread?

Why in 7.2 there is no /data/log file(s) . I'll enabled the trace in config but still don't see any log files. (My 7.1 production system has log files. Did 7.2 put in a new log system and deleted the previous files?)

I can't figure out why the new version require me to log in... and why to the parent (domain) directory?)

I'm glad I did this on my test system and not my production system.

I'm sure you will figure it out. I'll be happy to help.

**dev77** · 09-10-2022, 06:56 PM

When I enter the user/pass it get the same pup up as above. No change. When I click "cancel" the pop up goes away and all I see is "Auth error" at top of screen. I tried cleaning cookies and history data but still can't get into my Espo 7.2.:-(

**yuri** · 09-10-2022, 06:57 PM

> Why in 7.2 there is no /data/log file(s).

Because no error occurred yet.

**yuri** · 09-10-2022, 07:07 PM

Not sure what it is. We tried 7.2 on many many environments and they worked well. But they all were properly configured.

Can you debug the login process from the method I posted a link to?

**yuri** · 09-10-2022, 07:13 PM

Could you give username/password?

**yuri** · 09-10-2022, 07:28 PM

Try changing this line https://github.com/espocrm/espocrm/b...i/Auth.php#L92

from

Code:

if (!$hasAuthData && $this->isEntryPoint) {

to

Code:

if (!$hasAuthData) {

**yuri** · 09-10-2022, 07:40 PM

Seems the 'Espo-Authorization' header is being stripped by your webserver.

https://github.com/espocrm/espocrm/b.../Auth.php#L299

**yuri** · 09-11-2022, 03:35 PM

This issue most likely will happen on cheap hosting providers or misconfigured web servers. I will enable the fallback logic in the v7.2.1 so that cookies will be used for such cases.

**migrator** · 04-17-2023, 02:31 AM

It seems this also happens with the `docker` implementation. Anyone else seeing it with `docker`?

**migrator** · 04-17-2023, 02:35 AM

Ah wait, can be easily patched up with a change to `nginx` configuration on the virtual host versus having to alter the container recipe.

Thanks for the heads up yuri

**migrator** · 04-17-2023, 02:39 AM

Are there more headers that need to be passed other than those, on a proxy level?

**migrator** · 04-17-2023, 04:24 AM

Pardon the additional question on this yuri, but this does not seem to have any affect:

Code:

location / {
  include proxy_params;
  proxy_http_version 1.1;
  proxy_pass_header HTTP-Authorization;
  proxy_pass_header Espo-Authorization;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_pass http://127.0.0.1:$espocrm_webserver;
}

What we are seeing is that after every successful login, upon logout, there cannot be another login without first clearing the local cache on the browser.

v7.2 login popup issue

v7.2 login popup issue

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment