2FAuth icon indicating copy to clipboard operation
2FAuth copied to clipboard

Published 20 hours ago verified publisher icon Bubka

WARN Command cancelled (env=production breaks docker entrypoint)

Open Trapulo opened this issue 1 year ago • 3 comments

Version

5.0.3

Details & Steps to reproduce

When I start the app, it fails and I have only this console output:

`Running version latest commit 35f2f1d built on 2024-01-19T14:54:35Z

supervisord version: v0.6.8

PHP 8.1.22 (fpm-fcgi) (built: Aug 3 2023 23:11:21)

nginx version: nginx/1.22.1

                       APPLICATION IN PRODUCTION.

WARN Command cancelled. `

Expectation

the app starts or reports some problem

Error & Logs

folder is empty

env debug=true, and debug level=debug

Execution environment

docker swarm

Containerization

  • [X] Docker

Additional information

I cannot find any output or log that can explain why the app does not start

Trapulo avatar Feb 14 '24 09:02 Trapulo

Hi, Does the error occur when you run the container with APP_ENV=local?

Bubka avatar Feb 17 '24 20:02 Bubka

env=production

with env=local it works

I'm confused about meaning of options

Trapulo avatar Feb 19 '24 07:02 Trapulo

There is no big difference. production only ask for confirmation when certain commands are called to prevent error/misuse while the app is in production. You can leave local to keep your instance working, I will fix the issue with production in the next version.

Bubka avatar Feb 19 '24 07:02 Bubka

I tried the new release, and there is an other problem.

My browser is authenticated with remote OID identity server (Entra ID). When I try to access 2FAuth, it reports "Already authenticated, please log out first" instead of process my access without redirect me to remote sign in service, as all OID connected apps do.

It reports this also if I try to enter using other authentication methods (webauthn or password), that did work in previous version, so I need an inprivate browser to access the app.

Can you check this?

addendum: however I cannot complete an access in a clean browser. The app reports "Authentication via SSO rejected" after the login and I cannot explain it.

Trapulo avatar Feb 29 '24 08:02 Trapulo

Try to clear cookies related to 2FAuth and sign-in with OID. Does it help?

Bubka avatar Feb 29 '24 08:02 Bubka

using a fresh browser: An error occured: Authentication via SSO rejected

Trapulo avatar Feb 29 '24 08:02 Trapulo

This message pops when the authentication cannot be done on the provider side. Did you change something in your OID configuration? Are your env vars set correctly at docker level?

Bubka avatar Feb 29 '24 08:02 Bubka

I think they are ok. I based them on other existing authentication I have enabled with other app. The authentication on Entra ID side is ok, otherwise I will have an error on their page (eg. a back url not authorized).

I cannot find a way to understand on 2fauth side what is the problem. Browsers console or results from the web server report nothing.

Trapulo avatar Feb 29 '24 08:02 Trapulo

I think is not the problem, but trying to find the problem I noticed you use Socialite: maybe you can direct include this? https://github.com/SocialiteProviders/Providers/tree/master/src/Azure

comparing you provider https://github.com/Bubka/2FAuth/blob/342448b352f6d67dfb7233835ecc014ba6cec207/app/Providers/Socialite/OpenId.php and that above, I found some differences in scopes and user fields mapping. I think I adapted permissions to your scopes (openid profile email instead of User.Read) in my EntraID but still I have the same error. Urls, tokens, etc in my opinion work also with generic OpenID.

Trapulo avatar Feb 29 '24 09:02 Trapulo