Heimdall icon indicating copy to clipboard operation
Heimdall copied to clipboard
verified publisher icon linuxserver

SessionGuard error behind Auth0 authentication

Open solarchemist opened this issue 6 years ago • 0 comments

On Ubuntu 18.04, with PHP 7.2.24, Apache 2.4.29, and Composer 1.9.1.

I got a fresh Heimdall install working just fine behind this Apache vhost:

<VirtualHost *:80>
   ServerAdmin [email protected]
   ServerName sub.domain.se
   DocumentRoot /var/www/html/heimdall

   Redirect permanent / https://sub.domain.se
   ErrorLog ${APACHE_LOG_DIR}/sub.domain.se_error.log
   CustomLog ${APACHE_LOG_DIR}/sub.domain.se_access.log combined
</VirtualHost>

<VirtualHost *:443>
   ServerAdmin [email protected]
   ServerName sub.domain.se
   DocumentRoot /var/www/html/heimdall

   DirectoryIndex index.php index.html default.php welcome.php
   <Directory /var/www/html/heimdall>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride all
      Order allow,deny
      allow from all
   </Directory>

   SSLEngine on
   SSLCertificateKeyFile   /etc/letsencrypt/live/sub.domain.se/privkey.pem
   SSLCertificateFile      /etc/letsencrypt/live/sub.domain.se/cert.pem
   SSLCertificateChainFile /etc/letsencrypt/live/sub.domain.se/chain.pem
        
   ErrorLog ${APACHE_LOG_DIR}/sub.domain.se_error.log
   CustomLog ${APACHE_LOG_DIR}/sub.domain.se_access.log combined
</VirtualHost>

So with the above vhost, Heimdall works just as expected.

But when adding Auth0 authentication (vhost below) in front of the app Heimdall throws this error:

Symfony \ Component \ Debug \ Exception \ FatalThrowableError (E_RECOVERABLE_ERROR)
Argument 1 passed to Illuminate\Auth\SessionGuard::login() 
must implement interface Illuminate\Contracts\Auth\Authenticatable, null given, 
called in /home/user/public/heimdall/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php on line 294

The (very nice, by the way) error page also highlights this function

/home/user/public/heimdall/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php:
public function login(AuthenticatableContract $user, $remember = false) {
$this->updateSession($user->getAuthIdentifier());

I consider my Auth0 authenticator code-block very well-tested, and I strongly suspect the issue lies with Heimdall. Auth0 is working fine for me in front of several other webapps (Muximux, Radarr, Sonarr, et al.) with exactly the same code as here (except for domain names and so on).

Here's my Apache vhost which seems to cause Heimdall to throw the error:

<VirtualHost *:80>
   ServerAdmin [email protected]
   ServerName sub.domain.se
   DocumentRoot /var/www/html/heimdall

   Redirect permanent / https://sub.domain.se
   ErrorLog ${APACHE_LOG_DIR}/sub.domain.se_error.log
   CustomLog ${APACHE_LOG_DIR}/sub.domain.se_access.log combined
</VirtualHost>

<VirtualHost *:443>
   ServerAdmin [email protected]
   ServerName sub.domain.se
   DocumentRoot /var/www/html/heimdall

   DirectoryIndex index.php index.html default.php welcome.php
   <Directory /var/www/html/heimdall>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride all
      Order allow,deny
      allow from all
   </Directory>

   # Auth0 authentication
   OIDCProviderIssuer https://mydomain.eu.auth0.com
   OIDCProviderAuthorizationEndpoint https://mydomain.eu.auth0.com/authorize
   OIDCProviderTokenEndpoint https://mydomain.eu.auth0.com/oauth/token
   OIDCProviderTokenEndpointAuth client_secret_post
   OIDCProviderUserInfoEndpoint https://mydomain.eu.auth0.com/userinfo
   OIDCClientID <secret-string>
   OIDCClientSecret <secret-string>
   OIDCCryptoPassphrase <secret-string>
   OIDCProviderJwksUri https://mydomain.eu.auth0.com/.well-known/jwks.json
   OIDCScope "openid profile"
   OIDCRedirectURI https://sub.domain.se/oauth2callback
   OIDCCookiePath /
   <Location />
      AuthType openid-connect
      Require valid-user
      LogLevel debug
   </Location>

   SSLEngine on
   SSLCertificateKeyFile   /etc/letsencrypt/live/sub.domain.se/privkey.pem
   SSLCertificateFile      /etc/letsencrypt/live/sub.domain.se/cert.pem
   SSLCertificateChainFile /etc/letsencrypt/live/sub.domain.se/chain.pem
        
   ErrorLog ${APACHE_LOG_DIR}/sub.domain.se_error.log
   CustomLog ${APACHE_LOG_DIR}/sub.domain.se_access.log combined
</VirtualHost>

And finally, my .env:

APP_NAME=Heimdall
APP_ENV=local
APP_KEY=base64:<secret-string>
APP_DEBUG=true
APP_LOG_LEVEL=debug
APP_URL=http://sub.domain.se

DB_CONNECTION=sqlite
DB_DATABASE=app.sqlite

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

solarchemist avatar Jan 05 '20 03:01 solarchemist