Invoiceninja no login

/ Message template (english)

The “support” category is meant to ask for help or troubleshooting related to installing or using YunoHost or its applications. It is not to ask assistance on general system administration, network administration or special use cases that goes beyond the scope of the project. If you wish to discuss more advanced use case, please post in the “Advanced Use Case” category.

Before posting, please :

• Look for similar issues on this forum using the error message.
• If you did not already, consider searching / reading the administrator documentation
• Take the time to say Hi and stay friendly, this is a forum and project 100% ran by volunteer human beings

My YunoHost server

Hardware: ASUS h110 motherboard intel i3 core CPU 8 GB RAM
YunoHost version: 4.3.4.2 (stable).
I have access to my server : Through SSH | through the webadmin | direct access via keyboard terminal
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

The InvoiceNinja app worked fine until the last yunohost update.
It is now impossible to login because all InvoiceNinja files are owned by root. So even password recovery is blocked link with no access.
I have uninstalled and the restored the app but it is the same … no login.
I did not find any invoiceninja logs anywhere…
Logs are here https://paste.yunohost.org/raw/etihezoxuq

https://paste.yunohost.org/raw/majabuguvi

I did these because Invoiceninja was not on the tiles portal anymore so I set permission updates . The above are examples .
Once I allowed anon users/visitors it reappeared on the portal.
Thanks for yunohost … it kept my family together during covid via mattermost!!!

Additional info:
when asking to reset password the email is sent but the link returns “Access denied”
A permission issue ,maybe?
All folders under /var/www/invoiceninja are owned by a user called invoiceninja and a group called www-data.
Where are permissions for password reset?
Thanks if you can help …

Disclaimer: I am no InvoiceNinja user, so I have just installed it with no issue logging in and editing clients and invoices.

These look like conflicting pieces of information, and you seem to be mixing up user permission to log in and InvoiceNinja’s own login system. So let’s take a step back and start over:

1. What is the actual error when you attempt to log in? Feel free to show a screenshot of the browser.
2. Are you using a YunoHost user to log in, or a user registered directly within InvoiceNinja?
3. What do you mean by “password recovery is blocked link with no access”? A screenshot is welcome.

1.This is when I try to log in using known email and password. Not a yunohost user but a invoiceninja user credentials.

2.This is the error after clicking the reset password button from that user’s email received from the yunohost user email (presumably the invoiceninja admin)

3. I am not a invoiceninja user either. I am the server admin only and I am trying to save the existing invoice data which are owned by my son and they are on the server. I have restored invoiceninja back to Nov.2021 but it remains the same issue. If you need me to send you logs just let me know. Thank you for your help…

Thank you for your clarifications, that’s indeed helpful to understand what’s happening. Your debugging may indeed have brought you in the right direction: the Access denied written like that, with no redirection to YunoHost’s SSO means that’s an issue between InvoiceNinja and NGINX.

Can you share the access and error log of NGINX for your domain, right after triggering that Access denied error?

That would not help, since that’s not a user access issue.

I am trying to get the Nginx log but cannot find it in /var/log/nginx
I see logs called error.log and access.log and many more
Which one do I send you? Also the files contain private info about my server.
To view these files I had to change ownership from www-data to admin if not I cannot view them!!

/var/log/nginx/your.domain-error.log and /var/log/nginx/your.domain-access.log
They can also be found in the webadmin at the /yunohost/admin/#/services/nginx path.

You are free to anonymize them.

Do not do that. Use sudo <the command> or sudo su to become root user to access blocked files.

The logs are here hastebin
Thanks for helping but I thought logs were under /tools/log in webadmin!! My mistake … sorry

2021/12/22 11:25:18 [error] 29286#29286: *4612 FastCGI sent in stderr: "Access to the script '/var/www/invoiceninja/public/index.php/password/reset/REDACTED' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 172.225.10.74, server: REDACTED.ynh.fr, request: "GET /invoiceninja/index.php/password/reset/REDACTED HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm-invoiceninja.sock:", host: "REDACTED.ynh.fr"

Have you tweaked file /etc/php/7.3/fpm/pool.d/invoiceninja.conf, particularly line 385? This one should be commented out with a ;.

Thanks but that file has no mods and line 385

     ;security.limit_extensions = .php .php3 .php4 .php7.3 .php7

is commented out with ;

What is the output of ls -la /var/www/invoiceninja/public?

   sudo ls -la /var/www/invoiceninja/public

total 9180
drwxrwx— 7 invoiceninja www-data 4096 Sep 15 10:20 .
drwxr-x— 14 invoiceninja www-data 4096 Sep 26 17:45 …
-rw-rw---- 1 invoiceninja www-data 12595 Sep 15 10:20 android-chrome-192x192.png
-rw-rw---- 1 invoiceninja www-data 36038 Sep 15 10:20 android-chrome-512x512.png
-rw-rw---- 1 invoiceninja www-data 4389 Sep 15 10:20 apple-touch-icon-120x120.png
-rw-rw---- 1 invoiceninja www-data 4389 Sep 15 10:20 apple-touch-icon-120x120-precomposed.png
-rw-rw---- 1 invoiceninja www-data 7360 Sep 15 10:20 apple-touch-icon-152x152-precomposed.png
-rw-rw---- 1 invoiceninja www-data 12131 Sep 15 10:20 apple-touch-icon.png
-rw-rw---- 1 invoiceninja www-data 2207 Sep 15 10:20 apple-touch-icon-precomposed.png
-rw-rw---- 1 invoiceninja www-data 222 Sep 15 10:20 browserconfig.xml
-rw-rw---- 1 invoiceninja www-data 1010336 Sep 15 10:20 built.js
-rw-rw---- 1 invoiceninja www-data 3635419 Sep 15 10:20 built.js.map
drwxrwx— 4 invoiceninja www-data 4096 Sep 15 10:20 css
-rw-rw---- 1 invoiceninja www-data 939 Sep 15 10:20 favicon-16x16.png
-rw-rw---- 1 invoiceninja www-data 1477 Sep 15 10:20 favicon-32x32.png
-rw-rw---- 1 invoiceninja www-data 15086 Sep 15 10:20 favicon.ico
-rw-rw---- 1 invoiceninja www-data 23455 Sep 15 10:20 favicon.png
-rw-rw---- 1 invoiceninja www-data 2700 Sep 15 10:20 favicon-v2.png
drwxrwx— 6 invoiceninja www-data 4096 Sep 15 10:20 fonts
-rw-rw---- 1 invoiceninja www-data 784 Sep 15 10:20 .htaccess
-rw-rw---- 1 invoiceninja www-data 0 Sep 15 10:20 humans.txt
-rw-rw---- 1 invoiceninja www-data 287 Sep 15 10:20 ic_cloud_circle.png
drwxrwx— 9 invoiceninja www-data 4096 Sep 15 10:20 images
-rw-rw---- 1 invoiceninja www-data 1776 Sep 15 10:20 index.php
drwxrwx— 3 invoiceninja www-data 4096 Sep 15 10:20 js
drwxrwx— 2 invoiceninja www-data 4096 Sep 15 10:20 logo
-rw-rw---- 1 invoiceninja www-data 293 Sep 15 10:20 manifest.json
-rw-rw---- 1 invoiceninja www-data 8808 Sep 15 10:20 mstile-150x150.png
-rw-rw---- 1 invoiceninja www-data 1078361 Sep 15 10:20 pdf.built.js
-rw-rw---- 1 invoiceninja www-data 3400618 Sep 15 10:20 pdf.built.js.map
-rw-rw---- 1 invoiceninja www-data 3100 Sep 15 10:20 public.style.min.css
-rw-rw---- 1 invoiceninja www-data 5693 Sep 15 10:20 public.style.min.css.map
-rw-rw---- 1 invoiceninja www-data 26 Sep 15 10:20 robots.txt
-rw-rw---- 1 invoiceninja www-data 3294 Sep 15 10:20 safari-pinned-tab.svg
-rw-rw---- 1 invoiceninja www-data 36038 Sep 15 10:20 youtube.png

Hum… that’s weird.

What about sudo ls -la /var/www/invoiceninja and cat /etc/nginx/conf.d/YOUR.DOMAIN.D/invoiceninja.conf ?

   sudo ls -la /var/www/invoiceninja/

     total 708

drwxr-x— 14 invoiceninja www-data 4096 Sep 26 17:45 .
drwxr-xr-x+ 10 root root 4096 Dec 22 10:01 …
drwxrwx— 19 invoiceninja www-data 4096 Sep 15 10:20 app
-rwxrwx— 1 invoiceninja www-data 1635 Sep 15 10:20 artisan
drwxrwx— 3 invoiceninja www-data 4096 Sep 15 10:20 bootstrap
-rw-rw---- 1 invoiceninja www-data 1329 Sep 15 10:20 bower.json
-rw-rw---- 1 invoiceninja www-data 45 Sep 15 10:20 .bowerrc
-rw-rw---- 1 invoiceninja www-data 646 Sep 15 10:20 codeception.yml
-rw-rw---- 1 invoiceninja www-data 504 Sep 15 10:20 .codeclimate.yml
-rw-rw---- 1 invoiceninja www-data 358 Sep 15 10:20 CODE_OF_CONDUCT.md
-rw-rw---- 1 invoiceninja www-data 6487 Sep 15 10:20 composer.json
-rw-rw---- 1 invoiceninja www-data 542350 Sep 15 10:20 composer.lock
drwxrwx— 3 invoiceninja www-data 4096 Sep 15 10:20 config
-rw-rw---- 1 invoiceninja www-data 1879 Sep 15 10:20 CONTRIBUTING.md
drwxrwx— 5 invoiceninja www-data 4096 Sep 15 10:20 database
drwxrwx— 3 invoiceninja www-data 4096 Sep 15 10:20 docs
-r-------- 1 invoiceninja www-data 2509 Sep 26 17:45 .env
-rw-rw---- 1 invoiceninja www-data 2296 Sep 15 10:20 .env.example
-rw-rw---- 1 invoiceninja www-data 471 Sep 15 10:20 .env.travis
-rw-rw---- 1 invoiceninja www-data 199 Sep 15 10:20 .gitattributes
drwxrwx— 3 invoiceninja www-data 4096 Sep 15 10:20 .github
-rw-rw---- 1 invoiceninja www-data 732 Sep 15 10:20 .gitignore
-rw-rw---- 1 invoiceninja www-data 1219 Sep 15 10:20 Gruntfile.js
-rw-rw---- 1 invoiceninja www-data 6734 Sep 15 10:20 gulpfile.js
-rw-rw---- 1 invoiceninja www-data 6148 Sep 15 10:20 .htaccess
-rw-rw---- 1 invoiceninja www-data 3891 Sep 15 10:20 LICENSE
-rw-rw---- 1 invoiceninja www-data 371 Sep 15 10:20 package.json
-rw-rw---- 1 invoiceninja www-data 3764 Sep 15 10:20 .php_cs.dist
-rw-rw---- 1 invoiceninja www-data 87 Sep 15 10:20 phpspec.yml
-rw-rw---- 1 invoiceninja www-data 777 Sep 15 10:20 phpunit.xml
drwxrwx— 7 invoiceninja www-data 4096 Sep 15 10:20 public
-rw-rw---- 1 invoiceninja www-data 5137 Sep 15 10:20 README.md
drwxrwx— 5 invoiceninja www-data 4096 Sep 15 10:20 resources
drwxrwx— 2 invoiceninja www-data 4096 Sep 15 10:20 routes
-rw-rw---- 1 invoiceninja www-data 560 Sep 15 10:20 server.php
drwxrwx— 10 invoiceninja www-data 4096 Sep 15 10:20 storage
-rw-rw---- 1 invoiceninja www-data 247 Sep 15 10:20 .styleci.yml
drwxrwx— 8 invoiceninja www-data 4096 Sep 15 10:20 tests
-rw-rw---- 1 invoiceninja www-data 6318 Sep 15 10:20 .travis.yml
drwxrwx— 112 invoiceninja www-data 4096 Sep 15 10:20 vendor

sudo cat /etc/nginx/conf.d/MYSERVER.ynh.fr.d/invoiceninja.conf
rewrite ^/invoiceninja$ /invoiceninja/ permanent;

location ^~ /invoiceninja/ {

 # Path to source
 alias /var/www/invoiceninja/public/ ;

 location /invoiceninja/ {
   rewrite ^ /invoiceninja/index.php;
 }

 # Force usage of https
 if ($scheme = http) {
   rewrite ^ https://$server_name$request_uri? permanent;
 }

 # Add headers to serve security related headers
 more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
 more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "X-XSS-Protection: 1; mode=block";
 more_set_headers "X-Robots-Tag: none";
 more_set_headers "X-Download-Options: noopen";
 more_set_headers "X-Permitted-Cross-Domain-Policies: none";
 more_set_headers "Referrer-Policy: no-referrer";

 #index index.php;

 location ~ ^/invoiceninja/index\.php(/.*|)$ {
   fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
   set $path_info $fastcgi_path_info;
   fastcgi_pass unix:/var/run/php/php7.3-fpm-invoiceninja.sock;

   fastcgi_index index.php;
   include fastcgi_params;
   fastcgi_param REMOTE_USER $remote_user;
   fastcgi_param PATH_INFO $fastcgi_path_info;
   fastcgi_param SCRIPT_FILENAME $request_filename;
 }

 # Adding the cache control header for js and css files
 location ~ \.(?:css|js|woff2?|svg|gif)$ {
   try_files $uri /invoiceninja/index.php$request_uri;
   more_set_headers "Cache-Control: public, max-age=15778463";
   # Add headers to serve security related headers
   more_set_headers "Strict-Transport-Security: max-age=15768000";
   more_set_headers "X-Content-Type-Options: nosniff";
   more_set_headers "X-XSS-Protection: 1; mode=block";
   more_set_headers "X-Robots-Tag: none";
   more_set_headers "X-Download-Options: noopen";
   more_set_headers "X-Permitted-Cross-Domain-Policies: none";
   more_set_headers "Referrer-Policy: no-referrer";

   # Optional: Don't log access to assets
   access_log off;
 }

 location ~* \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
   try_files $uri /var/www/invoiceninja/index.php$request_uri;
   # Optional: Don't log access to other assets
   access_log off;
 }

   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;
}

These seem OK. Can you try enabling Visitors access to app, and try the link again?

Done that but login fails again. Shall I try reset password again?

Sure.
Also, I have found the app’s internal logs at /var/www/invoiceninja/storage/logs/. Do they contain anything useful in yours?

checked it contains logins like this one:

2021-12-22 02:52:37 EMAIL@gmail.com 104.28.89.30 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15

which is me login into the invoiceninja from my iMac…

Also the password reset came back with the same error

@tituspijean Thank you so much for all your work to try and resolve this issue.
I have concluded that there is no solution and that invoiceninja is not a well structured app in yunohost.
Summary: I have done all the recommended actions, I have restored from a month old backup, I have restarted the server many times.
The valuable date will be lost.
I am thinking of reinstalling my yunohost from scratch since looking at the logs invoiceninja has produced strange errors in the logs. The author of the app has launched v.5.0 and has stopped supporting my Yunohost version.

My suggested solution would be the following : uninstall invoiceninja
backup all the databases for it
reinstall from scratch
restore the database data manually ie. copy and paste in FileZilla

But I don’t dare to do this since I do not understand how to manipulate databases and php stuff!! That’s why I asked for help!!