-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.4 - rev c74193e - 403 Invalid signture when we click on the url to verify the email #3714
Comments
I shall investigate this tonight. Apologies for the bug! |
@anthosz it's working locally 🤔 How long after the email was sent are you clicking the link? |
@jbrooksuk less 1 minute, I can reproduce with 2 différents instances |
Can you send me your |
Have also seen this issue with newly-installed build, today. Looks to be reproducible by selecting 'Edit' on an unverified user, from within the dashboard. |
Also getting the same error message in a newly installed app. Running it locally, so here's my .env file:
|
Getting the same error when verifying the email address. Running on a new 2.4.0 install done today. |
Hi, This is my .env:
TheBags |
Apologies for the delay, I've recently started a new job so I've been a bit busy. This is a really weird issue because it works locally, but I'll keep looking. |
Into the "subscribers" the user is however into "Verified" state. |
Out of interest, can someone send me a slightly modified link for their verification URL, please? I’m wondering if the URL is being modified by your email services? |
I have the same issue. We send our emails through Mandrill. This is the full link which according to the email goes to |
Hello everyone, |
I have the same issue as pmkakaci. |
Any update about this issue ? |
It's happening to me too. If I have some time later maybe I will take a look. Regards. |
Hello, Same issue here. Kind regards, |
Hello All, Same problem here. Any updates? Thank you! |
Hello, I can confirm this error in the current 2.4 version. Verification-Link is not modified. Thanks. |
Hi Team, Any updates? |
Hi @jbrooksuk, did you had time to took a look on it ? |
Bump, Hi Team, Any updates? |
Hi, I think I've found the issue: I hope this helps you to fix the problem! |
Thank you apentermann, can you please give me some more information on how to do this? |
Bump, Any updates? |
Same here when trying to edit a subscriber - 2.4 |
Same issue, 403 Forbidden - Invalid Signature, when trying to manage subscriber, Cachet v2.4 |
@jbrooksuk I am able to reproduce it on my machine. Here are the datas I have, if it can help you. Cachet version: 2.4 - 212d807. [2019-09-27 13:08:29] development.DEBUG: Message-ID: <b6203d481cf9709d1d4e723f5fafeaeb@cachet-2-4.local>
Date: Fri, 27 Sep 2019 13:08:29 +0000
Subject: Verify Your Subscription
From: Cachet <cachet-local@dev.local>
To: [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_1569589709_b794720a9ecab40442ff8f31735a4d3c_=_"
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; background-color: #f5f8fa; color: #74787E; height: 100%; hyphens: auto; line-height: 1.4; margin: 0; -moz-hyphens: auto; -ms-word-break: break-all; width: 100% !important; -webkit-hyphens: auto; -webkit-text-size-adjust: none; word-break: break-word;">
<style>
@media only screen and (max-width: 600px) {
.inner-body {
width: 100% !important;
}
.footer {
width: 100% !important;
}
}
@media only screen and (max-width: 500px) {
.button {
width: 100% !important;
}
}
</style>
<table class="wrapper" width="100%" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; background-color: #f5f8fa; margin: 0; padding: 0; width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%;">
<tr>
<td align="center" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<table class="content" width="100%" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; margin: 0; padding: 0; width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%;">
<tr>
<td class="header" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; padding: 25px 0; text-align: center;">
<a href="http://cachet-2-4.local" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #bbbfc3; font-size: 19px; font-weight: bold; text-decoration: none; text-shadow: 0 1px 0 white;">
Cachet 2.4 Dev
</a>
</td>
</tr>
<!-- Email Body -->
<tr>
<td class="body" width="100%" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; background-color: #FFFFFF; border-bottom: 1px solid #EDEFF2; border-top: 1px solid #EDEFF2; margin: 0; padding: 0; width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%;">
<table class="inner-body" align="center" width="570" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; background-color: #FFFFFF; margin: 0 auto; padding: 0; width: 570px; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 570px;">
<!-- Body content -->
<tr>
<td class="content-cell" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; padding: 35px;">
<h1 style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #2F3133; font-size: 19px; font-weight: bold; margin-top: 0; text-align: left;">Verify your subscription to status page.</h1>
<table class="action" align="center" width="100%" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; margin: 30px auto; padding: 0; text-align: center; width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%;">
<tr>
<td align="center" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<tr>
<td align="center" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<table border="0" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<tr>
<td style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<a href="http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f" class="button button-primary" target="_blank" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; border-radius: 3px; box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16); color: #FFF; display: inline-block; text-decoration: none; -webkit-text-size-adjust: none; background-color: #3097D1; border-top: 10px solid #3097D1; border-right: 18px solid #3097D1; border-bottom: 10px solid #3097D1; border-left: 18px solid #3097D1;">Verify</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<p style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #74787E; font-size: 16px; line-height: 1.5em; margin-top: 0; text-align: left;">Click to verify your subscription to status page.</p>
<p style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #74787E; font-size: 16px; line-height: 1.5em; margin-top: 0; text-align: left;">Regards,<br>Cachet 2.4 Dev</p>
<table class="subcopy" width="100%" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; border-top: 1px solid #EDEFF2; margin-top: 25px; padding-top: 25px;">
<tr>
<td style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<p style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #74787E; line-height: 1.5em; margin-top: 0; text-align: left; font-size: 12px;">If you’re having trouble clicking the "Verify" button, copy and paste the URL below
into your web browser: <a href="http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; color: #3869D4;">http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f</a></p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box;">
<table class="footer" align="center" width="570" cellpadding="0" cellspacing="0" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; margin: 0 auto; padding: 0; text-align: center; width: 570px; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 570px;">
<tr>
<td class="content-cell" align="center" style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; padding: 35px;">
<p style="font-family: Avenir, Helvetica, sans-serif; box-sizing: border-box; line-height: 1.5em; margin-top: 0; color: #AEAEAE; font-size: 12px; text-align: center;">© 2019 Cachet 2.4 Dev. All rights reserved.</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
[Cachet 2.4 Dev](http://cachet-2-4.local)
# Verify your subscription to status page.
Verify: http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f
Click to verify your subscription to status page.
Regards,Cachet 2.4 Dev
If you’re having trouble clicking the "Verify" button, copy and paste the URL below
into your web browser:
[http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f](http://cachet-2-4.local/subscribe/verify/TrwzUW7g0hbmFv8NAtYfLKPMixcSALD6aYC8wjw9LI?signature=1c8181eef6a0bdc22fe7a9166023c2d02bcf1e0211eab62794306be6f6ff6b7f) Every URL to verify the subscription is signed and the signature is invalid. That's quite strange since Laravel generates the hash (sha256) based on the route name, a key generator and the parameters. It would be useful to log every parameter when the URL is generated, to find a difference. |
Same issue on latest 2.4.0-dev when using normal smtp. the PHP log doesn't show any errors than:
After the click its still showing verified in the backend. Any update here? |
Bump, Any updates? |
We have tried a bunch of things, yet nothing seems to fix it. We are seriously considering another solution since this bug has made our status platform useless for 2+ months :/ |
It seems like the route uses the singed middleware but the generated URLs are not signed. Verification seems to work, as the signature is appended, but the user is redirected to manage (without a signature), where it results in an error. |
any updates? |
Per OPs original comment on this, commit version 8f91f6d indeed still works. You can update the Dockerfile with this configuration to grab this release at build:
|
Bump. |
@craigballinger @jbrooksuk I confirm that we can now validate the email but cannot change our subscriptions. When we want to modify them, we have the same issue once we want to confirm the changes (Invalid signature) |
Any updates on this? We all have the same issue >.< |
For me the latest state (2.4) works fine. |
Same for me (works well) |
i just checked. I am on the latest release, but it doesn't work for me |
I have the similar problem by clicking "Manage subscription" from the notification. |
i found a workaround for me. Maybe this helps you:
BUT, if you login as admin and try to edit subs, still results in 403 |
Hello,
With the last release of Cachet (2.4), we have this 403 when we try to verify the email subscription:
Moreover, the email is well in "verified" mode in the subscribers tab.
If I try to rollback to 8f91f6d (23 june), works.
The text was updated successfully, but these errors were encountered: