Hi all,
My YunoHost server
Hardware: computer at home
YunoHost version:
- yunohost version: 11.2.9.1 (stable)
- yunohost-admin version: 11.2.4 (stable)
- moulinette version: 11.2 (stable)
- ssowat version: 11.2 (stable)
I have access to my server : Through SSH , through the webadmin , direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? :
If yes, please explain:
If your request is related to an app, specify its name and version: 2fauth 5.0.4~ynh1
After accruing a number of 2FA codes for various services, and sometimes not having my phone near me when wanting to log in, I started imagining what would happen if I lost access to my phone or the program, for whatever reason.
Clearly it was time for mitigating actions! I found 2fauth in the catalog. I think it is exactly what I am looking for.
Only, I had a problem:
Thanks to the link posted by @amomp3 , I could quickly start troubleshooting the issue.
According to the Github-thread, a new property is needed in 2fauthās docker .env
-file, namely ASSET_URL
. It needs to have the same value as the (existing) property APP_URL
. I just copied the line and changed a few letters.
The .env
-file is found (in my case) at /var/www/2fauth/.env
.
Docker is already running, so it does not know about the change of the file until after reloading the configuration. Reloading my 2fauth-page and pressing F12 for the web console, showed there is a CORS transfer blocked (in my limited understanding, 2fauth.domain.tld requests something, and bumps into SSO at domain.tld, which doesnāt match).
I donāt have docker or docker-compose installed; the only executable I found was composer.phar which does not want to run as root. I donāt know which mechanism is used to start the container, but I donāt want to reboot my server yet.
As suggested on Github, I ran:
root@online:/var/www/2fauth# php8.2 artisan cache:clear
INFO Application cache cleared successfully.
root@online:/var/www/2fauth# php8.2 artisan config:cache
INFO Configuration cached successfully.
root@online:/var/www/2fauth# php8.2 artisan view:clear
INFO Compiled views cleared successfully.
That did not resolve the problem.
The subsequent reboot also did not resolve the problem. After the reboot I ran the above artisan
-commands once more, with no result.
I payed closer attention to the errors in the browser. There are a few transfers in the āNetworkā tab:
- get
/
at 2fauth.domain.tld: HTTP 200 - get
app-(serial).js
at 2fauth.domain.tld: HTTP 302
1.Loading module from āhttps://domain.tld/yunohost/sso/?r=etc was blocked because of a disallowed MIME type (ātext/htmlā).
2. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://domain.tldl/yunohost/sso/?r=etc (Reason: CORS request did not succeed). Status code: (null).
3. Module source URI is not allowed in this document: āhttp://2fauth.domain.tld/build/assets/app-06176200.jsā. - get
/yunohost/sso/?r=(token)
: blocked, CORS failed - get
favicon_lg.png
at 2fauth.domain.tld: HTTP 200 - get
favicon.png
at 2fauth.domain.tld: HTTP 200
Manually (browsing there) I can open the `app-(serial).js and see/guess that it is the appās code. (If someone more knowledgeable passes by: is this file an āassetā, as mentioned in the new parameter?)
I think I need to prevent SSO from catching the call to the https://2fauth.domain.tld/assets/app-(serial).js , but I donāt know how.
I realized I set the access permissions for the app from āVisitorsā to āAll usersā; itās one of the keys to the kingdom, after all. I reset the permissions to āVisitorsā which had the effect of changing the blanc page to a black page, and of removing the app from my userās Yunohost-interface. On to something But not After adding 2fauth to all users, the behaviour is the same: a black page.
There are no CORS errors in the browser console, so there is progress, but instead I get a HTTP 401 on https://2fauth.domain.tld/api/v1/user even though I just logged in. The same happens when I log into Yunohost as the 2fauth-admin as when I log in with another user.
Itās too late to type the whole conversation, I only take a screenshot of th e network-tab.
If you have a suggestion what I can try to get the app working, let me know!