Rocket.Chat icon indicating copy to clipboard operation
Rocket.Chat copied to clipboard
verified publisher icon RocketChat

Meteor.loginToken in localStorage and sessionStorage causing HTTP 401

Open cs35-owncloud opened this issue 1 year ago • 9 comments

Description:

Hello, it seems that Rocket.Chat is using both the localStorage and sessionStorage to keep user's credential data in the web browser. I can find Meteor.loginToken in both localStorage and sessionStorage, but with a different content. This behavior throws HTTP 401 errors when trying to login. If one disables its localStorage then the bug disappears. I believe that Rocket.Chat is getting confused when reaching the data from localStorage and sessionStorage and does not get the correct data for Meteor.loginToken

These screenshots have been taken at the same time, notice the content of Meteor.loginToken being completely different

rocketchat_sessionstorage

rocketchat_localstorage

Steps to reproduce:

  1. Go to your Rocket.Chat URL with Chrome or Firefox
  2. Open your web console
  3. Login
  4. Logoff
  5. Attempt to Login again
  6. The page should display an endless loader or a Register your username page
  7. Check the console log, you should notice several HTTP 401 or a single one on /api/v1/users.getUsernameSuggestion

Expected behavior:

No error while login

Actual behavior:

rocketchat_login_register_username

Server Setup Information:

  • Version of Rocket.Chat Server: 6.10.2 (the problem was already there with 6.10.1)
  • License Type: none
  • Number of Users: ~ 50
  • Operating System: docker
  • Deployment Method: docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v14.21.3
  • MongoDB Version: 6.0.13 / wiredTiger (oplog Activé)

Client Setup Information

  • Desktop App or Browser Version: irrelevant
  • Operating System: irrelevant

Additional context

Nothing specific

Relevant logs:

Nothing specific

Thanks !

cs35-owncloud avatar Aug 01 '24 09:08 cs35-owncloud

Thanks for the report.

I'll ask the team to take a look.

reetp avatar Aug 01 '24 15:08 reetp

same problem.

OloBo-MSK avatar Aug 14 '24 14:08 OloBo-MSK

same problem.

If it's the absolutely same setup there's no need to comment.

Just +1 the original.

Otherwise fill out the server details please.

reetp avatar Aug 14 '24 21:08 reetp

Server Setup Information: Version of Rocket.Chat Server: 6.10.2 License Type: Ent Number of Users: 41 Operating System: docker Deployment Method: docker Number of Running Instances: 1 MongoDB Version: docker -- mongo:5.0 / wiredTiger (oplog Activé) Client Setup Information Desktop App or Browser Version: irrelevant Operating System: irrelevant

OloBo-MSK avatar Aug 15 '24 10:08 OloBo-MSK

License Type: Ent

If you have an enterprise licence please contact support directly.

reetp avatar Aug 15 '24 10:08 reetp

Is there any updates regarding this issue ? Do you need any additional information ? Feel free to ask if needed, this issue is quite a bummer since weeks. Thanks.

cs35-owncloud avatar Aug 27 '24 07:08 cs35-owncloud

Is there any updates regarding this issue ? Do you need any additional information ? Feel free to ask if needed, this issue is quite a bummer since weeks. Thanks.

Note this is open source. Not free support....

I've already asked the team to take a look.

There is a huge system that goes on behind github. Rocket.Chat looks after its paying customers first. If you have a paid plan then you can contact support directly. Otherwise they will look at this as and when they see fit.

I have just been looking on a Chromium browser with my own server and I cannot see anything set in the Session Storage.

Nor can I see anything in Session storage here on open.rocket.chat nor can I see it on my own servers.

Screenshot_2024-08-27_13-46-48

Screenshot_2024-08-27_13-46-17

So the question is what are you doing that is odd that you haven't told us about?

reetp avatar Aug 27 '24 11:08 reetp

Well in no way I considered this issue as a free support, I'm just reporting a bug to help having a good quality tool... I'm just asking if it needs more information to try to solve the problem, I didn't know about the huge system that goes on behind github, it's fine by me, sorry if you felt I was trying to take any advantage. I haven't done anything out of the ordinary that wasn't explained in my first message. I think you should relax a bit, as I haven't spammed or violated any code of conduct. @OloBo-MSK do you still have this same exact problem ? Could you reach out the support if you do have an enterprise license please ?

Thanks for trying to have the bug too, did you follow exactly the procedure I left ? I tried on Firefox just to check and got the same problem. But at first once I logged in for the first time I got this error

RC Firefox stuck loading

It just kept on waiting with the error you can see on FF console. I had to refresh my page and then I got logged in, and there I have again information in the local and session storage.

cs35-owncloud avatar Aug 27 '24 13:08 cs35-owncloud

Well in no way I considered this issue as a free support

Is there any updates regarding this issue ? Do you need any additional information ? Feel free to ask if needed, this issue is quite a bummer since weeks.

Hmm. Seems you want an answer and fix NOW.

@OloBo-MSK do you still have this same exact problem?

Please don't @ people - it is annoying and unnecessary. People will help if they can.

Could you reach out the support if you do have an enterprise license please ?

As per point one above.... Even if they get support there is no guarantee that anyone will come back here. You also don't realise that although I am not a Rocket employee I do work hand in hand with the team.

I think you should relax a bit, as I haven't spammed or violated any code of conduct.

Hmmm. I think you should understand what open source really means. And note that so far I am the only one trying to understand and respond on your issue. Don't bite the hand that feeds you.

I digress.

I followed your steps on a few servers and did not experience your error at all. If we can't replicate it, we can't fix it.

I expect you are doing something you have not explained accurately or you have a sub optimal setup somewhere.

I notice your latest screen shot does not echo what you first said:

I can find Meteor.loginToken in both localStorage and sessionStorage, but with a different content.

But your last screenshot above only shows localStorage? What happened to sessionStorage?

Also your shots appear to show a 401 on getUserNameSuggestion

So what is the trigger for that?

Exactly what are you doing to get that error because I don't believe it is as simple as login, and logout.

Client Setup Information Desktop App or Browser Version: irrelevant Operating System: irrelevant

Also why are these 'irrelevant' ? It is better to let others decide what is or isn't irrelevant. If you knew you would not be asking here.....

For all we know you are on Windows 7 and an ancient version of Firefox both of which are unsupported.

So what OS and browsers and browser versions are you using please?

reetp avatar Aug 27 '24 14:08 reetp

Hi reetp, I'm sorry to respond to a discussion you're having with someone else, but regarding the cookie issue, have you tried turning on or off the deletion of user interaction when the chat window is closed in the server settings? As long as I had this feature turned on (prevention of unwanted readers), I had exactly this problem with login and the authorization token was stored in both local and session storage. If I turned this feature off, the login now works fine and the session store is empty, if I turn the feature back on, the problem recurs. As for the device, even I would venture to say that it's irrelevant, it works for me on all the devices I own, Windows 10, Windows 11, Android, Chrome, Firefox, Edge, Opera... I haven't tried the Linux desktop, I had to I would like to install it in virtual and I don't have a lot of free resources right now.

Also interesting is that if I install the latest version via snap everything is fine. If I restore the disk image backup from the time of rocketchat 6.4.x installation on another virtual machine and update to 6.11 from there according to the official instructions in the rocketchat documentation. And that includes the procedure to add the folder for the RC 6.10 version... This login problem occurs. I tried to do a clean install of the older version (again on ubuntu 22.04) and update from there to give you more info, but I had to leave to deal with something important and now I can't and can't get to it

I would also like to thank you for trying to help us, I understand the meaning of open source, unfortunately I am not good enough to solve this problem at the code level. And it seems I'm not the only one with this problem.

If you need any additional information, please let me know, I'll try to do what I can. I don't want it for free from you, unfortunately I only use this platform privately within 5 users because I needed a secure platform that will be protected from unwanted readers and an operator so that I have full control of all content and on my own servers, so I can't pay enterprise license...

matoproject avatar Aug 31 '24 07:08 matoproject

I think this may be related.

Look at 6.11.2 changelog

https://github.com/RocketChat/Rocket.Chat/pull/33129

https://github.com/RocketChat/Rocket.Chat/pull/33040

reetp avatar Sep 03 '24 22:09 reetp

Hello everyone,

thanks @matoproject for your support, indeed that's why I set irrelevant, the problem was there no matter what client I was testing, browser, RC client, no matter the version.

https://github.com/RocketChat/Rocket.Chat/pull/33129 is clearly the fix, thanks to the devs, I can confirm now that my test process that I described above does not yield any error anymore.

cs35-owncloud avatar Sep 04 '24 06:09 cs35-owncloud