I lost Access After Upgrade To v1.6.2
-
@BetterWP Can you send me the URL of your instance to support@cloudron.io ? Let me see if it's something obvious.
-
The issue is to do with Cloudflare. The logs show the error. The backend is getting a 403 when trying to access the dashboard. Looks like it is getting some captcha because of Cloudflare.
2024-01-31T20:00:20.310913401Z: ERROR ▶ openid/GetAllProviders 0d3 Error while getting openid provider Cloudron: 403 Forbidden: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>@keyframes lds-ring{0%{transform:rotate(0deg)}to{transform:rotate(360deg)}}*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}button,html{font-family:system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{color:#fff}body a:hover{text-decoration:underline;color:#ee730a}body .lds-ring div{border-color:#999 transparent transparent}body .font-red{color:#b20f03}body .big-button,body .pow-button{background-color:#4693ff;color:#1d1d1d}body #challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4)}}body{display:flex;flex-direction:column;min-height:100vh}body.no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}a:hover,body.dark a:hover,body.light a:hover{text-decoration:underline;color:#ee730a}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark #challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4)}body.light{color:#313131}a,body.light a{color:#0051c3}body.light .lds-ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{border-color:#003681;background-color:#003681;color:#fff}body.light #challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}a,body.light{background-color:transparent}a{transition:color 150ms ease;text-decoration:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}.footer,.main-content{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.core-msg,.h2{line-height:2.25rem;font-size:1.5rem}.h2{font-weight:500}.body-text,.core-msg{font-weight:400}.body-text{line-height:1.25rem;font-size:1rem}#challenge-error-text,#challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}#challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=);padding-left:42px}.text-center{text-align:center}.big-button{transition-duration:200ms;transition-property:background-color,border-color,color;transition-timing-function:ease;border:.063rem solid #0051c3;border-radius:.313rem;padding:.375rem 1rem;line-height:1.313rem;font-size:.875rem}.big-button:hover{cursor:pointer}.captcha-prompt:not(.hidden){display:flex}.pow-button{margin:2rem 0;background-color:#0051c3;color:#fff}.pow-button:hover{border-color:#003681;background-color:#003681;color:#fff}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.clearfix::after{display:table;clear:both;content:""}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}.loading-spinner{height:76.391px}.lds-ring,.lds-ring div{display:inline-block;position:relative;width:1.875rem;height:1.875rem}.lds-ring div{box-sizing:border-box;display:block;position:absolute;border:.3rem solid #595959;border-radius:50%;border-color:#313131 transparent transparent;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite}.lds-ring div:nth-child(1){animation-delay:-.45s}.lds-ring div:nth-child(2){animation-delay:-.3s}.lds-ring div:nth-child(3){animation-delay:-.15s}@media screen and (-ms-high-contrast:active),screen and (-ms-high-contrast:none){.main-wrapper,body{display:block}}</style><meta http-equiv="refresh" content="375"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div id="challenge-error-title"><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "",cType: 'managed',cNounce: '79852',cRay: '84e48a4ecfca9134',cHash: 'dfb3620a0ed18b3',cUPMDTk: "\/openid\/.well-known\/openid-configuration?__cf_chl_tk=FDuAkfZczwkZYNP5UZvSzVUjCLMyr7FYv2qZgwZMFPo-1706731220-0-gaNycGzNCzs",cFPWv: 'g',cTTimeMs: '1000',cMTimeMs: '375000',cTplV: 5,cTplB: 'cf',cK: "visitor-time",fa: "\/openid\/.well-known\/openid-configuration?__cf_chl_f_tk=FDuAkfZczwkZYNP5UZvSzVUjCLMyr7FYv2qZgwZMFPo-1706731220-0-gaNycGzNCzs",md: "rpPS5TfjTiYBQgUGoIIzsRoirE5GKSoleHixD7dC1Dk-1706731220-1-Aa8ZRLNw3F7sJ2jlMQIWO5oLEqqw4E3FmWK9_fobA6oT9hBICzbCoArogIOlhOR7EeMqyXOY12MeU6iDJ0dJG1JWNDB-RSYbqGtx25vujDiG9SKdMUlWS4_VgtUorniXE5Wow10hIM_Fk2eJklQZYW0zryqHqIYfiPK01xB6zmWrFnNIiK5vRg4dro2mYAy3y1y7-iIvO1kiOPBuApiNz5Cha9VJsNZm5rCH3t3PMfduVKOTh3IrWjCSvas0ribeGTzgEhRPTRH34fiHfR8DCU8LVtzE60KbHdTc4VNMnntL2ykzPwdNQ6nQ7XiUASUSin5FAQcWXkcmqVrPiKV9VtcnHj-CriBGlWW2OUceqBjcMAgKmZvBATXjSvrtKInI6RzVkj6RyEgU84SzjkJMMvR1o1vgnSgsRSwNXpGWTSOZVnLo09zbNDa_TLHCN7AsDqRbCpw6KI2BtINsX5DlGVKa28LB8jGecZ1SI0BMeOqEyn7HIxKB1Mdk4NKjxdcv7pei9eaYl6mWSkR7aFWXTpQs1pK_EEgx7vVUr3z4SmLqK1_eMls__ZehnydOUJ1iSWmKm_4cACQCBEx_uv4HuJBsglnkiktENTPbsdzSiu3RVCZgAivODxfaqYr5EWQChYSqte70wbcKkiEIC31qXGZqZRad1dQyvTl_9zBKeUarmW4Z3wjdtn5faZ6mjfWuKW99MqoFiOJ5WKKnODCSrcgt7i-8EPnE_ksjDJlKFFvh6MUW0cfLXCW2n7H7kPHYtULwQsabp2zTsTQRcSOamT3ypaJFNSeBJJyHV3VJh6JRnkSpfPl54HETkbcW05Up9e4abtJ3FQ9u0vPeeiMJoSNvw0dceyl7F-Auvf-TKya4vazxVX-T7QOYywK-5SrblvWLvOew5uho_PFroA_IXbgmVN9xbjPMLq12oZeLQ_BhZ2hUQ7aI6R5C9tjmlIksY2ThuVzv5bCm7lKb5i1kjYTyHz9bR2GnXOYs13a5w8GxToS2T00R3UyAhSsXUozLdE7WlkYT9S8lji8INA8CmxM9LDGNE8Q7FtxksSJYFcmA4Ph-HxZYYUdcxG2GLQZkJHSe5_wUhOLWu_bRjHTonAeMIOPNMzUYrOP_v6iLPggw7TEmsNqESvFR6_m_JT6XjVQOu8SYOdqdS2zJn4VcFqYpaw2z0EjGwVTiacBZ6B_GMmZ2E3aUie2IvG-roVBTYC5h2RhaBvksDnvXMzUaaZvMX7jI-lVrUhZ5PjSCFM9Na4GQprij3z_5ZWj9kgW67819fCWdSKQNsMHtX0zb8ZX4GNNRW5L1dJ6HSQ9-cNNW8YXYoopjufu2aLS5sfqc9rdqm3bxt3fBdwdziOZ3_bYCQjvJJI7HIU_drNk_-MguUC0J6HJigluE5oIaP0aTNIJlJXx5FXRh_OUdbQ_5BpOtdthuUs4J7CWXSFBCA-3nHmETlG0MavPj0MAiAgPTDvutO1Q4gJQlegA-37Txrc732K-6GGUPFiU82zWISRupLs0TqR9dekkUHefK0hBI2nY-xKqvxa9r09lTDZAldxBPNLpXuCUEAECP8k2mVkGJPCPcKFvkxyzXL9VE0FV1D2TccloMdvhrVBkmtpbwK6Hio3-0mvxlwGmwIjJyxjhG99Xo20SwdRHQZeEhPmNBkUdbqIboCAf3uU0kbCh4eiA-BhFwF1tU9B6ZwHbTr5gVe1VBbQBso56o6_o0MgVv3I2Q24bCKeGu0pZTiEuE8EnrfvjkZkiy5Eb-OIXatoVBoHS4u0dNbBWl-tFoafxI0WjgpVSzdjiX1LSh45XGUs-OC_Z0gAMvhf0k-mGB_FQrZF3Lxj-5UzJX0uVF4r7QqdG2jBPPU1LPeUizn4w0tL3qn5LmvSBbyzo8ZzrToBZXVLemiRMAmBAc2fNWbXM5wRXxlC_Rr_WUfdoA3fOvnmOByCkVg_XR3hBY-KsspolLDTRJbgBbXh_fHbog0eUD9PgWZ-6V6gIHYD5Q3YD955g6rMA2vAW3-E50tJJTKsEYRYwvQB6gjpSLbl0fyh8CFyvTZ0DRE4oPpcUpSuXP-hzcBBHFnbrQ9hGUGv-ESKIPnkYVqkYpHjsEGHj6aZQLUGdKdlg8Msb0-VQK9ogRJqWMVYnTHhbJjq2KKYwuVkncud4JcVFYfrvsCAiTtb_F461yxpaRxqMbSZOrLmP-nMPGDSGwkacdTn_juKQQLrDJzmeLV44fI2LQh8ud4pBKAZCTsnqcbGT4l_UvdFgqwlhrrR2AoEFDd94q5sqYWkV414PT8wXrZVAsf_5hdtnSuL6DD0E7H3nMDK1bJ88MyP_T60SkOapOwa4dtNnMt7RgoXPQLvTJPUaNGDVm6S-mLVxgcUpaxm9EYqeCQvaK0wELuhOY0x-qXqd2zrOeWNGgBgRg7XCFaJKFd7PLuTrBiaT0EWsNW_CksfahUlEwNcJO0etSx3KGo3Qxr6v6Racq37zHadzGf-nH4bircIVRKP8mCb8UmweGITFcuBaFrQh0dt4C3jI80Q180ZhQ83jvW7-1yS3WFRcTNc4IE49w0DIs8dDzDKelmwmZWiTH-7Y4ua9sbpn6m9NY5hKvT78h3e2oe8UtoI7gvVdxa1F2PFaV7_u9neLXIIGnVyXpXASO2NmgSXocST6lw0XHLfm5bPd6fB5jq-KTViTKUwsenr0V_iSIwzR57P3lHYo0qKsHBRncgjmPe_g6aUTLUddld8m4a4gc3E6sFpeskwgJTVTujXiP2JMQxuMgmsigYzHGZPV3ZGymecTh5OEWevO-JVffqG0w4y8DiJFYqqX1XQ",cRq: {ru: 'aHR0cHM6Ly9teS5iZXR0ZXJ3cC5jbG91ZC9vcGVuaWQvLndlbGwta25vd24vb3BlbmlkLWNvbmZpZ3VyYXRpb24=',ra: 'R28taHR0cC1jbGllbnQvMi4w',rm: 'R0VU',d: 'g6QdYZrof7AgntuBjHtWFGEsNJNIxHao4Jk43rMDxKb4BlPDBkicLVm5rWAq6LIL3hDF3uBvXJXDec7M3ViDc4uGGKtyJ3kZTP4Dlp+ELtTh/90AZdiohGwivxsFKn/WsBbxlP9y+CHKe/VCLXVIabpav4PW+W9LPVR78c4ItknWhajE4jfC+xsoNbVtSlf+QLlsZoykppi36l6sQV54J2iBviv0DX+uJjMbGf9mOZ2v4YQ2m3xHJbPebb5j5bRVEN6ytlVchpCsbXurGpY5Jv/rbckEcR5uvDIZRXhCWMzXd4R2y2BcykV9TdiQJ6r5kcbCnJdR6Fxut+kQ6KfLLuOX+w4qT4f0ErD71WcOiV49uWvQ9bziYSNJB0UmMnfFo4Xd9NKUqjWQ1mnmmAQXUEao1e90uGc2gByxY8HpX5PtrYvP+e4LNZQp1ZHRZ4PREtv+8nze+m4oUUQ4Aj+n6USfDwaOnvzrqKLprY9A3ZYb+AKJSb/eBONeQINArrI9rfjC/fVA9zMNx+nyWHNeuIlO6XJTyFLsPTof09FQmNklBn++kbCkJbmk70GL1Rqccp4/WkCnJRyRRFbMuTHkDYLJVYkcKVmZyPnP8lcW2ZU=',t: 'MTcwNjczMTIyMC4yOTEwMDA=',cT: Math.floor(Date.now() / 1000),m: 'eqNgIQB+X661z5EffTFVGv/vK3qIxe5tFSBHa1+rMQc=',i1: 'u35QDiXmYdAzEC5KkqAk1g==',i2: 'clgEn7VHpkd4h8UFw9XlUg==',zh: 'Rq8b2sp8WWC4VEc7Q2WFrARt3jXrGg+dA4IeFXggSZk=',uh: 'AN+5vvENMpdOACvuRa1plLx7uNq9y3wYG+zurIv4jHM=',hh: 'rG6duFo5K1o+uwE7Bi6BUcdAaflycru+zDRuoSogfd0=',}};var cpo = document.createElement('script');cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=84e48a4ecfca9134';window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, "\/openid\/.well-known\/openid-configuration?__cf_chl_rt_tk=FDuAkfZczwkZYNP5UZvSzVUjCLMyr7FYv2qZgwZMFPo-1706731220-0-gaNycGzNCzs" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>
@BetterWP I think you have to add some Cloudflare rules to allow
https://my.domain.com/openid/.well-known/openid-configuration
to not show captcha/challenge. If you curl the URL from web terminal, it doesn't work. -
@BetterWP this was in the app logs. If you open the log viewer and then try to login , you will see the error.
Also, you can quickly disable Cloudflare proxying (for the dashboard domain my.xx) and test out if it works without it to narrow down the issue.
-
@BetterWP have you disabled cloudflare entirely for the dashboard domain (my.xx.com) and tried? Basically, cloudflare is returning a captcha when trying to get the well-known file. You can try
curl https://my.domain.com/openid/.well-known/openid-configuration
from the Web terminal of Vikunja. It should display something like this:$ curl https://my.smartserver.io/openid/.well-known/openid-configuration {"authorization_endpoint":"https://my.smartserver.io/openid/auth","claims_parameter_supported":false,"claims_supported":["sub","email","email_verified","family_name","given_name","locale","name","preferred_username","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"issuer":"https://my.smartserver.io/openid","jwks_uri":"https://my.smartserver.io/openid/jwks","authorization_response_iss_parameter_supported":true,"response_modes_supported":["form_post","fragment","query"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token","none"],"scopes_supported":["openid","offline_access","email","profile"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","none"],"token_endpoint_auth_signing_alg_values_supported":["HS256","RS256","PS256","ES256","EdDSA"],"token_endpoint":"https://my.smartserver.io/openid/token","id_token_signing_alg_values_supported":["RS256"],"pushed_authorization_request_endpoint":"https://my.smartserver.io/openid/request","request_parameter_supported":false,"request_uri_parameter_supported":false,"userinfo_endpoint":"https://my.smartserver.io/openid/me","claim_types_supported":["normal"]}
In your case, it returns some html from cloudflare.
-
@girish Disabling Cloudflare is not an option, and it is unnecessary. I need to know exactly which URL I should use to whitelist. Also, Cloudflare has been operating flawlessly since the beginning, and other apps are functioning properly.
Until now, I could not find the URL you indicated in the log. Could you provide a screenshot via email?
-