Absolute path loading `deletegateGenerateKey` worker

[isaaclw]

ISSUE NAME

• Passbolt Version: 3.12.0-3 (installed through apt)
• Platform and Target: -- Operating system: debian -- PHP: php7.4 -- Web server: nginx -- Database server: n/a

What you did

Running passbolt with a subdirectory

https://domain.name/passbolt/

What happened

Got past mysql database setup, it was generating a key and it hung.

Looked at the code, and it as using an absolute (incorrect) path for a javascript file.

  const delegateGenerateKey = async (name, email) => {
    const worker = new Worker('/js/web_installer/generate_key_worker.js');

    return new Promise((resolve, reject) => {
      const channel = new MessageChannel();
      channel.port1.onmessage = (result) => {
        if (result.data instanceof Error) {
          reject(result.data);
        } else {
          resolve(result.data);
        }
        worker.terminate();
      };
      worker.postMessage({ name, email }, [channel.port2]);
    });
  }

The new worker should have a relative path instead of an absolute path here, or a way to detect when running in a subdirectory.

Thanks!

[isaaclw]

I couldn't find the code at first, but it does seem to still be there (so my version isn't too old):

https://github.com/passbolt/passbolt_api/blob/master/webroot/js/web_installer/gpg_key_generate.js#L170

[isaaclw]

same issue here:

webroot/js/web_installer/generate_key_worker.js:15:importScripts('/js/vendors/openpgp.min.js');

[garrettboone]

Not a bug, see https://github.com/passbolt/passbolt_api/blob/f8e0e15ddf7f2e935ee2de35375c86a84db7e90d/config/passbolt.default.php#L52

in what should become passbolt.php for after installation.

[isaaclw]

Maybe, but I still need to manually edit the javascript files in order to get through the key generation, or I get messages like:

GET https://domain.name/js/web_installer/generate_key_worker.js 404 (Not Found)

[garrettboone]

If you didn't initially have the base setting: set it, then clear browser cache, then reinstall the extension and report back.

[isaaclw]

It seems like the whole guide is assuming you'll port forward or install on localhost.

That wasn't an option for me, so I beat my head against the nginx config, trying to get the url subdir to work before hitting /install

Now that I got through the install, I'm getting URLs like: /passbolt/passbolt/favicon.ico

If it's not possible to install at https://domain.name/passbolt then it might be helpful to put that in the guide.

[isaaclw]

I ended up generating the gpg key manually since the script was failing.

[garrettboone]

https://community.passbolt.com/t/running-passbolt-on-context-path/5247/4

[garrettboone]

Please post which guide you are following.

[isaaclw]

I wasn't following any one guide, I didn't see any guides on the website, so I had to scrounge up any kind of nginx guide I could find.

in the end I have it working, but it seems like there needs to be some kind of update to various guides.

Here's what I have:

location ^~ /passbolt {
                alias /var/www/passbolt/webroot; 
                index index.php;
                try_files $uri $uri/ @passbolt;

                location ~ \.php$ {
                include                         snippets/fastcgi-php.conf;
                        fastcgi_param   SCRIPT_FILENAME $request_filename; 
                fastcgi_pass             unix:/run/php/php7.4-fpm.sock;
                }
        }

        location @passbolt {
                rewrite /passbolt/(.*)$ /passbolt/index.php?/$1 last;
        }

I had to remove the /passbolt/ from the config:

        'fullBaseUrl' => 'https://domain.name',

Because it was mis-behaving

but add it to the js files.

I also had to cp from /usr/share/php/passbolt to /var/www/ because of weird permissions, so I'm a wee bit worried about patches, but at least I'm running this system stop-gaped, so it's firewalled from the rest of the internet.

Anyway, if you're 100% sure that my use case is abhorant, feel free to close this.

[garrettboone]

The documentation is sometimes unclear, that's true. To have the path of passbolt, it needs to be served from an actual subdirectory, and noted as such in the config. Here's another example with NGINX https://github.com/passbolt/passbolt_docker/issues/174#issuecomment-1198807110

It will likely become problematic that you altered the source code. Not needed. The app supports what you want, you just have to get the config settings in place.

[isaaclw]

Thanks. Maybe by the time I need to update I'll have the energy to look at why things weren't working. At this point I need to get back to other things.

Also the fact that I'm through with installation will make me feel a bit more comfortable screwing around with the config.

As far as I can tell, there's not really any good option for running the setup on a system with a subdirectory, since all the guides say to set up the subdirectory after installation/setup.

If I had done port forwarding and gone to an abnormal port initially, then I would have had ssl issues.

I'm not sure what the solution is there... Maybe if there was a commandline tool that did the whole setup instead of a web-ui then it would help? I'm not sure.

[garrettboone]

The documentation probably needs to note that if a subdirectory is desired, installing from source may be the more appropriate option. I'm not sure the package install handles a subdirectory, as you are saying.

@stripthis How do you see this one?

[stripthis]

Installing in a subdirectory is generally something we've tried to support, thus a bit reluctantly, e.g. try to fix it when it breaks but we don't officially document or test against it.

[garrettboone]

https://github.com/passbolt/passbolt_help/pull/89

I added a PR for the help site.