2fauth - blank screen after login

Hi all,

My YunoHost server

Hardware: computer at home
YunoHost version:

  • yunohost version: 11.2.9.1 (stable)
  • yunohost-admin version: 11.2.4 (stable)
  • moulinette version: 11.2 (stable)
  • ssowat version: 11.2 (stable)
    I have access to my server : Through SSH , through the webadmin , direct access via keyboard / screen
    Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? :
    If yes, please explain:
    If your request is related to an app, specify its name and version: 2fauth 5.0.4~ynh1

After accruing a number of 2FA codes for various services, and sometimes not having my phone near me when wanting to log in, I started imagining what would happen if I lost access to my phone or the program, for whatever reason.

Clearly it was time for mitigating actions! I found 2fauth in the catalog. I think it is exactly what I am looking for.

Only, I had a problem:

Thanks to the link posted by @amomp3 , I could quickly start troubleshooting the issue.

According to the Github-thread, a new property is needed in 2fauth’s docker .env-file, namely ASSET_URL. It needs to have the same value as the (existing) property APP_URL. I just copied the line and changed a few letters.

The .env-file is found (in my case) at /var/www/2fauth/.env.

Docker is already running, so it does not know about the change of the file until after reloading the configuration. Reloading my 2fauth-page and pressing F12 for the web console, showed there is a CORS transfer blocked (in my limited understanding, 2fauth.domain.tld requests something, and bumps into SSO at domain.tld, which doesn’t match).

I don’t have docker or docker-compose installed; the only executable I found was composer.phar which does not want to run as root. I don’t know which mechanism is used to start the container, but I don’t want to reboot my server yet.

As suggested on Github, I ran:

root@online:/var/www/2fauth# php8.2 artisan cache:clear
   INFO  Application cache cleared successfully.  
root@online:/var/www/2fauth# php8.2 artisan config:cache
   INFO  Configuration cached successfully.  
root@online:/var/www/2fauth# php8.2 artisan view:clear
   INFO  Compiled views cleared successfully.  

That did not resolve the problem.

The subsequent reboot also did not resolve the problem. After the reboot I ran the above artisan-commands once more, with no result.

I payed closer attention to the errors in the browser. There are a few transfers in the “Network” tab:

  1. get / at 2fauth.domain.tld: HTTP 200
  2. get app-(serial).js at 2fauth.domain.tld: HTTP 302
    1.Loading module from “https://domain.tld/yunohost/sso/?r=etc was blocked because of a disallowed MIME type (“text/html”).
    2. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://domain.tldl/yunohost/sso/?r=etc (Reason: CORS request did not succeed). Status code: (null).
    3. Module source URI is not allowed in this document: “http://2fauth.domain.tld/build/assets/app-06176200.js”.
  3. get /yunohost/sso/?r=(token) : blocked, CORS failed
  4. get favicon_lg.png at 2fauth.domain.tld: HTTP 200
  5. get favicon.png at 2fauth.domain.tld: HTTP 200

Manually (browsing there) I can open the `app-(serial).js and see/guess that it is the app’s code. (If someone more knowledgeable passes by: is this file an ‘asset’, as mentioned in the new parameter?)

I think I need to prevent SSO from catching the call to the https://2fauth.domain.tld/assets/app-(serial).js , but I don’t know how.

I realized I set the access permissions for the app from “Visitors” to “All users”; it’s one of the keys to the kingdom, after all. I reset the permissions to ‘Visitors’ which had the effect of changing the blanc page to a black page, and of removing the app from my user’s Yunohost-interface. On to something :slight_smile: But not :frowning: After adding 2fauth to all users, the behaviour is the same: a black page.

There are no CORS errors in the browser console, so there is progress, but instead I get a HTTP 401 on https://2fauth.domain.tld/api/v1/user even though I just logged in. The same happens when I log into Yunohost as the 2fauth-admin as when I log in with another user.

It’s too late to type the whole conversation, I only take a screenshot of th e network-tab.

If you have a suggestion what I can try to get the app working, let me know!

Did you try the testing branch? It works for me

Thanks for the suggestion, that didn’t occur to me!

153  DEBUG initializing base actions map parser for cli
155  DEBUG loading actions map
156  DEBUG building parser...
175  DEBUG building parser took 0.019s
177  DEBUG acquiring lock...
192  DEBUG lock has been acquired
206  DEBUG loading python module yunohost.app took 0.014s
206  DEBUG processing action [22354.1]: yunohost.app.install with args={'app': 'https://github.com/YunoHost-Apps/2fauth_ynh/tree/testing', 'label': None, 'args': None, 'no_remove_on_failure': False, 'force': False}
560  DEBUG Using selector: EpollSelector
DANGER! This app is not part of YunoHost's app catalog. Installing third-party apps may compromise the integrity and security of yo
ur system. You should probably NOT install it unless you know what you are doing. NO SUPPORT will be provided if this app doesn't w
ork or breaks your system... If you are willing to take that risk anyway, type 'Yes, I understand': Yes, I understand
8949 DEBUG Checking default branch
8955 ERROR Command '['git', 'ls-remote', '--symref', 'https://github.com/YunoHost-Apps/2fauth_ynh', 'HEAD']' returned non-zero exit status 128.
8955 DEBUG action [22354.1] executed in 8.749s
8956 DEBUG lock has been released
8956 ERROR Could not fetch source files, is the URL correct?

The repository does exist on Github at GitHub - YunoHost-Apps/2FAuth_ynh at testing

I haven’t earlier installed testing packages. Is there some preparation I have to take?

Yunohost will backup the app, but in case you want to make another backup.

I’m sorry, I forgot it wasn’t the testing branch.
Following this message on github repo, I run this command and it worked :
sudo yunohost app upgrade 2fauth -u https://github.com/Thovi98/2FAuth_ynh/tree/testing --debug

No success yet.

This is what I did following your first message:

  • uninstall the regular/stable 2fauth app that I tried to get working
  • attempt to install 2fauth from testing using the command at the bottom of the Github page, sudo yunohost app install https://github.com/YunoHost-Apps/chatgpt-web_ynh/tree/testing --debug
  • that gave the error above

Following your second message:

  • I installed the stable 2fauth package
  • did not make any changes
  • attempted to upgrade to testing by running sudo yunohost app upgrade 2fauth -u https://github.com/Thovi98/2FAuth_ynh/tree/testing --debug

The error is quite similar to installing testing directly :

$ sudo yunohost app upgrade 2fauth -u https://github.com/Thovi98/2FAuth_ynh/tree/testing --debug
151  DEBUG initializing base actions map parser for cli
152  DEBUG loading actions map
154  DEBUG building parser...
173  DEBUG building parser took 0.020s
175  DEBUG acquiring lock...
190  DEBUG lock has been acquired
205  DEBUG loading python module yunohost.app took 0.014s
205  DEBUG processing action [44660.1]: yunohost.app.upgrade with args={'app': ['2fauth'], 'url': 'https://github.com/Thovi98/2FAuth_ynh/tree/testing', 'file': None, 'force': False, 'no_safety_backup': False, 'continue_on_failure': False}
393  INFO Now upgrading 2fauth...
454  DEBUG initializing ldap interface
540  DEBUG Checking default branch
548  ERROR Command '['git', 'ls-remote', '--symref', 'https://github.com/Thovi98/2FAuth_ynh', 'HEAD']' returned non-zero exit status 128.
549  DEBUG action [44660.1] executed in 0.344s
549  DEBUG lock has been released
550  ERROR Could not fetch source files, is the URL correct?

According to Github, the repository has last been changed 2 weeks ago. Among other changes, ASSET_URL has updated in .env.example (from the app’s domain to /) and to nginx.conf has a new allow-origin header. That last change might be the needed configuration to be allowed to access SSO at domain.tld from 2fauth.domain.tld.

Clicking around a bit in Github brought me to @Tho’s releasnotes; they seem clear enough for me to be able to apply them manually.

I’ll give adding the allow-origin line to my nginx!

There seem 3 nginx-confs involved:

  • one in the 2fauth directory in /var/www/2fauth
  • one in /etc/nginx.conf.d/2fauth.domain.tld.conf
  • one in /etc/nginx.conf.d/2fauth.domain.tld.d/2fauth.conf

The last option matches the file changed by Tho, I added the line more_set_headers "Access-Control-Allow-Origin: *"; there and got a ‘modifying read-only file’-warning, which I did anyway. I also added the asset_url to the .env-file.

I restarted nginx, cleared cookies/cache in my browser and repeaeted the artisan-commands. There is no change in behaviour from what I got last night.

I tried setting ASSET_URL to two different values:

  • https://2fauth.domain.tld (identical to the other line, as suggested on the upstream Github page)
    • this gives HTTP 401 twice as in the screenshot in my previous post)
    • the result is a black page
  • https://domain.tld (which would be / , which is the configuration in the YNH testing package)
    • this gives CORS errors, for the SSO-page where I originally got it, and additionally to app-(serial).js and the SSO-base-URL (/yunohost/sso)
    • the result is a white page

2fauth can be installed multiple times. If you have the time, would you mind trying if you can still install the testing package?

I have this similar issue now and then, I don’t understand yet why it appears…
If you try again it may work.

1 Like

It worked! Thanks :slight_smile:

No idea what I did there… Probably copy/paste from the wrong Github-like tab to write my post. I’m quite sure I actually did use the 2fauth line :stuck_out_tongue:

1 Like

Thanks for confirming that it works!
Do you confirm it resolves the blank screen issue too? :slight_smile:

This happens when your current shell is in a directory that no longer exists, i.e. if you navigate to $install_dir, remove the app and try to reinstall it.

2 Likes

That’s a different app x_x

Ooh okay!
Thanks for explaining!

Ah, sorry, in my enthusiasm I conflated “installing from testing succeeded and the bug is resolved” into a single “It worked”.

I’m now trying to import my 2FA’s from my phone, but the JSON format of andOTP does not match 2fauth’s import format. Any suggestions, before I try to manually search&replace it to fit?

Yeah, I noticed :stuck_out_tongue:

1 Like

Hmm I don’t know… I came from Aegis.
Maybe there’s a way to export to Aegis and then from Aegis to 2fauth? ^^

1 Like

Neat! There is :slight_smile:

Thanks for helping me out - again - and for mentioning Aegis: I now find out that AndOTP is not maintained anymore, and totally disappeared from F-droid. I’ll be exporting, importing, exporting and importing again my OTP’s :wink:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.