Announcement

Collapse
No announcement yet.

v7.2 login popup issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • v7.2 login popup issue

    I have same issue as "webiliya" above. Ver. 7.1x worked great. After the update I get a pop up asking me to log into NOT the espo directory (espotest) but it's parent 'domain' directory. (anc77.pairsite.com) below:

    /anc77.pairsite.com

    espotest
    Some-stuff-dir
    Other stuff0dir​

    I see no {ESPO_ROOT}/data/logs/ in my install.

    What happened during the update (done via the terminal as suggested.)

  • #2
    What changed. We don't store username in cookies anymore. We did it before to support environments w/o proper configuration for Espo. It was a fallback when auth information supposed to be sent via headers was lost someway. A security advisor recommended not to store usernames in cookies and we removed this logic.

    What happens when you enter username/password in the popup?

    Comment


    • #3
      There's where auth headers are read: https://github.com/espocrm/espocrm/b...i/Auth.php#L74.

      Comment


      • #4
        Do you wish me to start a separate thread?

        Why in 7.2 there is no /data/log file(s) . I'll enabled the trace in config but still don't see any log files. (My 7.1 production system has log files. Did 7.2 put in a new log system and deleted the previous files?)

        I can't figure out why the new version require me to log in... and why to the parent (domain) directory?)

        I'm glad I did this on my test system and not my production system.

        I'm sure you will figure it out. I'll be happy to help.

        Comment


        • #5
          When I enter the user/pass it get the same pup up as above. No change. When I click "cancel" the pop up goes away and all I see is "Auth error" at top of screen. I tried cleaning cookies and history data but still can't get into my Espo 7.2.:-(

          Comment


          • #6
            > Why in 7.2 there is no /data/log file(s).

            Because no error occurred yet.
            Last edited by yuri; 09-10-2022, 07:03 PM.

            Comment


            • #7
              Not sure what it is. We tried 7.2 on many many environments and they worked well. But they all were properly configured.

              Can you debug the login process from the method I posted a link to?

              Comment


              • dev77
                dev77 commented
                Editing a comment
                All I can do is put in some 'echo" and "exit" code but you need to tell me where to put it (them). What lines of code?

            • #8
              Could you give username/password?
              Last edited by yuri; 09-10-2022, 07:17 PM.

              Comment


              • yuri
                yuri commented
                Editing a comment
                Or private message.

              • dev77
                dev77 commented
                Editing a comment
                I sent via private message. You get it?

              • yuri
                yuri commented
                Editing a comment
                Yes. Got same popup.

            • #9
              Try changing this line https://github.com/espocrm/espocrm/b...i/Auth.php#L92

              from

              Code:
              if (!$hasAuthData && $this->isEntryPoint) {


              to

              Code:
              if (!$hasAuthData) {

              Comment


              • dev77
                dev77 commented
                Editing a comment
                I made the change

                IT WORKED!!! I can log in now.

                Version 7.2.0

                Copyright © 2014-2022 EspoCRM: Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko.

                Website: www.espocrm.com.

              • dev77
                dev77 commented
                Editing a comment
                You can try it as well. It is just 2 accounts of test data.

                How/where do I change user and pass?

            • #10
              Seems the 'Espo-Authorization' header is being stripped by your webserver.

              https://github.com/espocrm/espocrm/b.../Auth.php#L299
              Last edited by yuri; 09-11-2022, 03:35 PM.

              Comment


              • dev77
                dev77 commented
                Editing a comment
                "Seems the 'Espo-Authentication' header is being stripped by your webserver."

                How do I prevent that?

                That test site is running on an inexpensive managed, shared, Ubuntu 18.04 Pair.com server. I have no control there.

                My production Espo site runs on a Linode VPS Ubuntu 20.04 server where I have control to all of the Apache virtual host entries.

                I've not yet installed 7.2 on my production server.
                Last edited by dev77; 09-10-2022, 09:07 PM.

            • #11
              This issue most likely will happen on cheap hosting providers or misconfigured web servers. I will enable the fallback logic in the v7.2.1 so that cookies will be used for such cases.

              Comment


              • yuri
                yuri commented
                Editing a comment
                Try sending some custom header (e.g. 'Espo-Authentication') in a request and see whether it's available on your webserver from PHP.

              • dev77
                dev77 commented
                Editing a comment
                1. Until now I never had a problem running my test Espo on my shared server. My production stuff is on a Linode (shared) VPS running Ubuntu 20.04. (I could get a dedicated VPS for a few dollars more but I don't have the traffic to warrant it.) I don't want to run my own mail server so I send all mail traffic via an MX/DNS record to the Pair.com server where I also run some test versions of other apps I use... like Espo and Piwigo.com and a couple of others.

                2. If you will give me the code to run to send an authentication header I will happily enter it and run it for you. I'm a pretty good PHP applications coder but I'm not a systems guy like you. The closest I get to systems work is writing and reading to a mySQL database!

                3. I see that 7.2.2 is out and I'll try that later this morning. It is 5:40 PM Ukraine time so I'll get it done before you go to bed, I'm sure.
                Last edited by dev77; 09-12-2022, 02:45 PM.

              • dev77
                dev77 commented
                Editing a comment
                I updated my test system on the shared server AND my production backup version AND the production EspoCRM (both on a Linode VPs) to 7.2.2 and everything is working just fine. Thanks for getting this all sorted out for us.

            • #12
              It seems this also happens with the `docker` implementation. Anyone else seeing it with `docker`?

              Comment


              • #13
                Ah wait, can be easily patched up with a change to `nginx` configuration on the virtual host versus having to alter the container recipe.

                Thanks for the heads up yuri

                Comment


                • #14
                  Click image for larger version

Name:	image.png
Views:	293
Size:	83.8 KB
ID:	91024

                  Are there more headers that need to be passed other than those, on a proxy level?

                  Comment


                  • #15
                    Pardon the additional question on this yuri, but this does not seem to have any affect:

                    Code:
                    location / {
                      include proxy_params;
                      proxy_http_version 1.1;
                      proxy_pass_header HTTP-Authorization;
                      proxy_pass_header Espo-Authorization;
                      proxy_set_header Upgrade $http_upgrade;
                      proxy_set_header Connection "Upgrade";
                      proxy_pass http://127.0.0.1:$espocrm_webserver;
                    }
                    What we are seeing is that after every successful login, upon logout, there cannot be another login without first clearing the local cache on the browser.​

                    Comment

                    Working...
                    X