I can't seem to find any API documentation other than the code itself (which given my unfamiliarity with cake, doesn't really jump out at me:). Am I missing something?

I can't connnect to my passbolt instance with ipv6.
Thé main message is internal error. In thé debug mode thé issue is an error on thé log controler because it can't store the ip v6 format

Distro: Debian 8
SQL DB: MariaDB 10.2
PHP: 5
HTTP Server: Apache (v2)

The error I get:

https://hastebin.com/idevoxocaj.scala

database.php file (this is on a dummy server so not worried about credentials)

https://hastebin.com/focamefuhu.php

PHP Packages I installed:

• php5-common
• libapache2-mod-php5
• php5-cli
• php5-common
• php5-gd
• php5-mcrypt
• php5-dev
• php-pear
• php5-fpm
• php5-mysql
• php5-gnupg

The files have cloned into the /var/www/html directory

So what am I doing wrong?

Why secret can be only password?
When creating new record allow to enter plain text as secret.

No big changes needed here.

1. Change field secrets.data to mediumtext.
2. Add new field secrets.type to indicate what kind of field type to show in edit.
3. Add option to choose type in add and edit view.

And after this we can start thinking about full file encryption: issue #25

Hello

It's possible to rename the file /app/Config/email.php to email.php.default.
The last pull overwrites our email setting the renaming could prevent this in the future.

Best regards
Daniel

The config.json is requesting the path /app/webroot/js/app/config/config.json when it should just be requesting /js/app/config/config.json And the same is true for notification.json

Did the project already had a security review?

Hi,
I have set up and install passbolt on a centos 7 VM, the install seems to have worked ok and I can create users, I created the first admin user and the response is this:

"The user has been registered with success, to complete the registration process follow the link : http://localhost/setup/install/58ac2c36-a7d4-4a75-9a20-0d22c0a810be/69c64f45-4501-4c82-aaa6-075fe6fe42ba"

Firstly I would expect this to be a https link and secondly to display either the hostname I have supplied or an IP. I have run grep -R looking for localhost in the config files and it is not set as any defaults that are not commented out. Under the app.php settings I have left "force-ssl" as true. I have also supplied hostnames where I believe I should so I would expect this to

Does anyone have any ideas how I can change this?

I have pointed my root directory to /usr/share/nginx/html and I cannot see any files (other than index.html and 50x.html)created there, or any .htaccess. I am not sure where this setup directory is as I have searched with "find / -name setup" and turned up nothing.

Hi,

If I want to add a user with a plus in email (ie. [email protected]), I cannot validate the form (error "Only email format is allowed" is returned). Adding the user from CLI (app/Console/cake passbolt register_user ...) works fine.

Thanks.

Currently passbolt permissions views are not SQL99 compliant and triggering the following errors when mysql sql_mode contains only_full_group_by (a default setting since 5.7):

[PDOException] SQLSTATE[42000]: Syntax error or access violation: 1140 In aggregated query without GROUP BY, expression #2 of SELECT list contains nonaggregated column 'UserResourcePermission.permission_id'; this is incompat\
ible with sql_mode=only_full_group_by

In order to run passbolt on mysql5.7 you will still need to disable the sql_mode only_full_group_by with for example the following command:

SET global sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION';

This is a temporary workaround, we’ll try to address this in a future release.
ref. PASSBOLT-1646

Error message: The server was unable to respect the authentication protocol.
Tested on my server and Passbolt demo page.

When running migration for v1.2.0 I get the following error message:

Cake Migration Shell
---------------------------------------------------------------
Running migrations:
  [1474629203] 1474629203_Migration_1.2.0
PHP Fatal error:  Cannot use 'String' as class name as it is reserved in /var/www/passbolt/lib/Cake/Utility/String.php on line 26

Fatal error: Cannot use 'String' as class name as it is reserved in /var/www/passbolt/lib/Cake/Utility/String.php on line 26
Fatal Error Error: Cannot use 'String' as class name as it is reserved in [/var/www/passbolt/lib/Cake/Utility/String.php, line 26]

Looks like an issue with php 7 for me...

We have planned to migrate CakePHP to v3.x in the coming months. Stay tuned.

Will be very helpful a kdbx exporter of the password like a backup :-)

I'm currently exploring passbolt as a replacement for my current secret safe. I'm using "secret notes" in Apple's keychain on OS X which allows me to store all website/app passwords but also qrcodes, ssl certificates private keys, etc.
That would be an absolutely killing feature if passbolt would allow storage of more complex items than passwords!
see attached screenshot.

Not sure if this is an issue, but the value Security.salt and Security.cipherSeed is already set by default in passbolt_api/app/Config/core.php.default

I have deleted a user and then created a new user with the same email. When I try to recover the user (from chrome) I have an error message :

This user has been deleted. Please contact your administrator.

Create a user, then delete it.
Recreate this user, with the same email address.
An error will be thrown :

error SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '402b74d8-f0ec-33dd-a6a0-e8bd66058def' for key 'PRIMARY'

From logs :

2017-01-09 17:24:47 Error: [BadRequestException] SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '402b74d8-f0ec-33dd-a6a0-e8bd66058def' for key 'PRIMARY'
Request URL: /users
Stack Trace:
#0 /usr/share/webapps/passbolt/app/Controller/UsersController.php(224): MessageComponent->error('SQLSTATE[23000]...')
#1 [internal function]: UsersController->add()
#2 /usr/share/webapps/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(UsersController), Array)
#3 /usr/share/webapps/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#4 /usr/share/webapps/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(UsersController), Object(CakeRequest))
#5 /usr/share/webapps/passbolt/app/webroot/index.php(110): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#6 {main}

I did a new installation on debian jessie, i used /var/www/passbolt/app/webroot as document root

rewrite module is enabled and running in apache2

this runs without errors and creates mysql tables:
app/Console/cake install --no-admin

when i create admin like this:
app/Console/cake passbolt register_user -u [email protected] -f myFirtsname -l myLastname -r admin

i get mail, but in the url it mentions "localhost",
when i correct localhost to the actual ip, it also cannot find the URL

If i go to server like https://ip-address it gives:
Not Found
The requested URL /users/login was not found on this server.

User www-data has read rights to passbolt folders and write rights to:
/var/www/passbolt/app/tmp/

Please help, below are installed php modules:

php -m
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
date
dba
dom
ereg
exif
fileinfo
filter
ftp
gd
gettext
gnupg
hash
iconv
intl
json
libxml
mbstring
memcached
mhash
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

Hi guys

I'm looking forward for a first release of Passbolt, as a modern replacement to keepass someday hopefully.

For that purpose I'm wondering about the integration between passbolt and desktop app : will it be possible to clic somewhere to open the connexion ?

That could be quite easy, like a custom field with ssh://, ftp://, rdp:// links and a doc about how to setup those protocol on Linux / Windows to be forwarded to ssh cli, ftp cli, Putty, Filezilla, Firefox FireFTP / FireSSH module, remina or mstsc

Best regards

At the end of installation I'm just revceiving:

"response": {
      "header": {
        "id": "9bf47528-77ef-3d3f-aefc-2c398e536538",
        "status": "error",
        "title": "app_users_validateaccount_error",
        "servertime": 1488395737,
        "message": "Invalid request method, should be PUT",
        "controller": "Users",
        "action": "validateAccount"
      },
      "body": []
    }

I'm looking forward to this project, but there are some problems.

1. Minimum PHP version 5.3 is to old, no security updates
2. The mcrypt extension is deprecated on PHP 7.1

Any plans to update to PHP >= 7.1 ?

I wanted to try out Passbolt so I'm trying to install it locally on a testing machine but I keep running into:
PHP Gnupg library is not installed
Installation failed.

PHP Version 7.0.13
gnupg support enabled
GPGme Version 1.6.0
Extension Version 1.4.0

Is PHP7 not supported?

Hi guys and girls,

So after configuring everything else, i get this error in the browser when connecting to https://passbolt.DOMAIN.com

Fatal error: Class 'Status' not found in /home/passbolt/passbolt/app/Controller/CakeErrorController.php on line 63

Any Idea what could be causing this?

Running on:

• Debian 8.6
• Apache 2.4
• PHP 5.6

during the installation process, there was so many of errors like this.
when I fix one, I get another error for another table/field

Installing data set:default
---------------------------------------------------------------
Data for model DataDefault.Role inserted
Data for model DataDefault.User inserted
could not find key/var/www/html/passbolt/app/Plugin/DataUnitTests/Console/Command/Task/gpg/anonymous_public.key for [email protected] using dummy one.
Data for model DataDefault.Gpgkey inserted
Error: SQLSTATE[HY000]: General error: 1364 Field 'description' doesn't have a default value
#0 /var/www/html/passbolt/lib/Cake/Model/Datasource/DboSource.php(461): PDOStatement->execute(Array)
#1 /var/www/html/passbolt/lib/Cake/Model/Datasource/DboSource.php(427): DboSource->_execute('INSERT INTO `pa...', Array)
#2 /var/www/html/passbolt/lib/Cake/Model/Datasource/DboSource.php(1019): DboSource->execute('INSERT INTO `pa...')
#3 /var/www/html/passbolt/lib/Cake/Model/Model.php(1933): DboSource->create(Object(PermissionType), Array, Array)
#4 /var/www/html/passbolt/lib/Cake/Model/Model.php(1751): Model->_doSave(Array, Array)
#5 /var/www/html/passbolt/app/Console/Command/Task/ModelTask.php(26): Model->save(Array, false)
#6 /var/www/html/passbolt/app/Console/Command/DataShell.php(129): ModelTask->execute()
#7 /var/www/html/passbolt/lib/Cake/Console/Shell.php(458): DataShell->import()
#8 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(212): Shell->runCommand('import', Array)
#9 /var/www/html/passbolt/lib/Cake/Console/Shell.php(399): ShellDispatcher->dispatch()
#10 /var/www/html/passbolt/app/Console/Command/InstallShell.php(234): Shell->dispatchShell('data import --d...')
#11 /var/www/html/passbolt/app/Console/Command/InstallShell.php(115): InstallShell->data('default')
#12 /var/www/html/passbolt/lib/Cake/Console/Shell.php(461): InstallShell->main()
#13 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(212): Shell->runCommand('--no-admin', Array)
#14 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#15 /var/www/html/passbolt/app/Console/cake.php(47): ShellDispatcher::run(Array)
#16 {main}

I finally find the solution in one of this two ways:

A: In app/Config/Schema/schema.php
Replace all
array('type' => 'string', 'null' => false, 'default' => null,
with
array('type' => 'string', 'null' => false, 'default' => '',

B: In this directory app/Plugin/DataDefault/Console/Command/Task/
check files ony by one to fix default data , and add the missing value for some string fields

Obviously I choose the first way for my case. but I think this issue is better to be fixed soon

I realized that an anonymous user account was created in the database. What is the reasoning behind this? It looks a bit wired for a sofware claiming to be respectful of privacy to have such account in place. Maybe I missed a bit in the documentation but I did not realize that such an accounts exists.

As noticed on Linuxfr (French), the documentation license Passbolt uses is CC BY-NC-SA, which does not follow the Open Source Definition.

Would you please consider changing it to a free license like CC BY-SA or CC BY? Many open source projects like Bootstrap already use CC BY 3.0 for their documentation, so it could make sense to go CC BY, but going CC BY-SA also makes sense since the code is under a copyleft license as well.

No emails are being sent out by my Passbolt server. I'm wondering if the problem is that Passbolt doesn't support SSL/TLS?

I verified that there are several emails in the queue using the command:

/var/www/passbolt/app/Console/cake EmailQueue.preview

My email service is hosted by google and I have 2 step authentication enabled. I created an app password within my gmail account specifically for Passbolt. I've configured app/Config/email.php with the the following settings:

        public $default = array(
                'transport' => 'Smtp',
                'from' => array('[email protected]' => 'Passbolt'),
                'host' => 'smtp.gmail.com',
                'port' => 587,
                'timeout' => 300,
                'username' => '[email protected]',
                'password' => 'xxxxxxxxx',
        );

I haven't set up a cron job yet for sending emails but when I run the command:

/var/www/passbolt/app/Console/cake EmailQueue.sender

I get an error:

    SMTP Error: 530 5.7.0 Must issue a STARTTLS command first. 23sm1297540qtp.20 - gsmtp
Email 58b5a42e-2c18-4691-aeae-3067f2bb754b was not sent

Does Passbolt not support SSL/TLS? Or am I doing something wrong?

Hello.

I am getting htis error now. Any help?

2016-07-14 12:28:37 Error: [CakeException] The GPG Server key defined in the config is not found in the gpg keyring
Request URL: /auth/login
Stack Trace:
#0 /var/www/passbolt/app/Controller/Component/Auth/GpgAuthenticate.php(52): GpgAuthenticate->_initKeyring()
#1 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(766): GpgAuthenticate->authenticate(Object(CakeRequest), Object(CakeResponse))
#2 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(611): AuthComponent->identify(Object(CakeRequest), Object(CakeResponse))
#3 /var/www/passbolt/app/Controller/AuthController.php(35): AuthComponent->login()
#4 [internal function]: AuthController->login()
#5 /var/www/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(AuthController), Array)
#6 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#7 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController), Object(CakeRequest))
#8 /var/www/passbolt/app/webroot/index.php(111): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#9 {main}

And when i list the keys i see them

[root@localhost .gnupg]# gpg --list-secret-keys

/root/.gnupg/secring.gpg

sec 1024R/C8C161D6 2016-07-13
uid passbolt xxx@xxx
ssb 1024R/336082AA 2016-07-13

sec 4096R/573EE67E 2015-10-26 [expires: 2019-10-26]
uid Passbolt Server Test Key [email protected]
ssb 4096R/D0A5D96B 2015-10-26

I know the keyring should be in the /root but i am just testing it.

Albert.

Hello,

I've installed passbolt following the link https://www.passbolt.com/help/tech/install using CentOS7

Created the user, key, color and etc.

When I try to login, I just see loading, please wait... message... can't find any relevant log anywhere.

Do you have any idea?

Thanks!

• Registration:

==> /logs/nginx/passbolt-ssl-access.log <==
10.150.10.109 - - [21/Feb/2017:22:13:20 +0000] "PUT /users/validateAccount/8360c3e2-c21c-3302-a758-43854cbb4c8d.json HTTP/1.1" 200 2082 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:22 +0000] "GET /auth/login HTTP/1.1" 200 1846 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:23 +0000] "GET /fonts/opensans-bold.woff HTTP/1.1" 304 0 "https://passbolt.acme.com/css/login.min.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:23 +0000] "GET /img/logo/icon-20_white.png HTTP/1.1" 304 0 "https://passbolt.acme.com/css/login.min.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:24 +0000] "POST /auth/verify.json HTTP/1.1" 200 2 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:32 +0000] "POST /auth/login.json HTTP/1.1" 200 1846 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

• Login:

10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "POST /auth/login.json HTTP/1.1" 200 2 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET /auth/checkSession.json HTTP/1.1" 200 206 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET / HTTP/1.1" 200 1302 "https://passbolt.acme.com/auth/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET /css/main.min.css HTTP/1.1" 304 0 "https://passbolt.acme.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET /js/lib/steal/steal.production.js HTTP/1.1" 304 0 "https://passbolt.acme.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET /js/dist/bundles/app/passbolt.js HTTP/1.1" 304 0 "https://passbolt.acme.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
10.150.10.109 - - [21/Feb/2017:22:13:33 +0000] "GET /img/controls/infinite-bar.gif HTTP/1.1" 304 0 "https://passbolt.acme.com/css/main.min.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

• Versions

php-process-5.4.16-42.el7.x86_64
php-pecl-imagick-3.1.0-0.6.RC2.el7.x86_64
php-pecl-memcache-3.0.8-4.el7.x86_64
php-symfony-common-2.8.12-2.el7.noarch
php-mysql-5.4.16-42.el7.x86_64
php-common-5.4.16-42.el7.x86_64
php-mcrypt-5.4.16-7.el7.x86_64
php-pear-1.9.4-21.el7.noarch
php-pear-crypt-gpg-1.4.3-1.el7.noarch
php-intl-5.4.16-42.el7.x86_64
php-jsonlint-1.4.1-1.el7.noarch
php-devel-5.4.16-42.el7.x86_64
php-xml-5.4.16-42.el7.x86_64
php-mbstring-5.4.16-42.el7.x86_64
php-seld-phar-utils-1.0.1-1.el7.noarch
php-gd-5.4.16-42.el7.x86_64
php-cli-5.4.16-42.el7.x86_64
php-pear-Console-CommandLine-1.2.1-1.el7.noarch
php-pdo-5.4.16-42.el7.x86_64
php-symfony-class-loader-2.8.12-2.el7.noarch
php-fpm-5.4.16-42.el7.x86_64

mariadb-libs-5.5.52-1.el7.x86_64
mariadb-5.5.52-1.el7.x86_64
mariadb-server-5.5.52-1.el7.x86_64

Hello,
can you provide nginx config for passbolt?

Hi,

I wonder if i am missing something or its not possible yet, is there an option to bulk share ? I have a few passwords stored and i'd like to share them all with another user but i can only choose one at a time to share.

Thanks for a great project.

Danny.

Hi,

When I create a new password on the web interface, I could not use the "+" in the login or the comment.
There's a similar issue : #14

Thanks

Hi,

I just updated passbolt to the latest git commit, and now I can't login.

2016-07-25 14:09:31 Error: [PDOException] SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')   ORDER BY `created` DESC  LIMIT 1' at line 1
Request URL: /auth/login.json
Stack Trace:
#0 /usr/local/src/passbolt/lib/Cake/Model/Datasource/DboSource.php(461): PDOStatement->execute(Array)
#1 /usr/local/src/passbolt/lib/Cake/Model/Datasource/DboSource.php(427): DboSource->_execute('SELECT `Authent...', Array)
#2 /usr/local/src/passbolt/lib/Cake/Model/Datasource/DboSource.php(664): DboSource->execute('SELECT `Authent...', Array, Array)
#3 /usr/local/src/passbolt/lib/Cake/Model/Datasource/DboSource.php(1113): DboSource->fetchAll('SELECT `Authent...', false)
#4 /usr/local/src/passbolt/lib/Cake/Model/Model.php(3031): DboSource->read(Object(AuthenticationToken), Array)
#5 /usr/local/src/passbolt/lib/Cake/Model/Model.php(3003): Model->_readDataSource('first', Array)
#6 /usr/local/src/passbolt/app/Model/AuthenticationToken.php(146): Model->find('first', Array)
#7 /usr/local/src/passbolt/app/Controller/Component/Auth/GpgAuthenticate.php(126): AuthenticationToken::isValid('536e6f18-412b-4...', '57385cb8-1dd8-4...')
#8 /usr/local/src/passbolt/lib/Cake/Controller/Component/AuthComponent.php(766): GpgAuthenticate->authenticate(Object(CakeRequest), Object(CakeResponse))
#9 /usr/local/src/passbolt/lib/Cake/Controller/Component/AuthComponent.php(611): AuthComponent->identify(Object(CakeRequest), Object(CakeResponse))
#10 /usr/local/src/passbolt/app/Controller/AuthController.php(35): AuthComponent->login()
#11 [internal function]: AuthController->login()
#12 /usr/local/src/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(AuthController), Array)
#13 /usr/local/src/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#14 /usr/local/src/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController), Object(CakeRequest))
#15 /usr/local/src/passbolt/app/webroot/index.php(111): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#16 {main}

Debian GNU/Linux 8 (jessie)
PHP 5.6.23+dfsg-0+deb8u1
php5-gnupg 1.3.3-1+b1
php5-json 1.3.6-1
MariaDB 10.1.8+maria-1~jessie
Linux 3.16.0-4-amd64 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux

Thanks.

Here is the setup:

CentOS 7
PHP 7.0
Nginx

I have Passbolt installed in /var/www/html/passbolt and the permissions are set and Nginx is pointing there as the default. But when I try to navigate it instead downloads a file called "download" (no extension) and the contents of it are:

https://hastebin.com/uvofanenib.php

What am I missing or doing wrong?

Hi there,
I followed the installation instructions word for word with the exception of changing the serverKey fingerprint and the private/public key links to the ASC files produced by the export in the first few steps but I get this error:

root@passbolt:/var/www/passbolt# app/Console/cake install --no-admin
     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
 (c) 2015-present passbolt.com

---------------------------------------------------------------
Default GnuPG server key cannot be used in production. Please change the values of 'GPG.server' in 'APP/Config/app.php' with your server key information. If you don't have yet a server key, please generate one, take a look at the install documentation.

It's mildly infuriating as I have followed the steps religiously!

The GPG Server key defined in the config is not found in the gpg keyring

Error: An Internal Error Has Occurred.
Stack Trace

APP/Controller/Component/Auth/GpgAuthenticate.php line 49 → GpgAuthenticate->_initKeyring()
CORE/Cake/Controller/Component/AuthComponent.php line 770 → GpgAuthenticate->authenticate(CakeRequest, CakeResponse)
CORE/Cake/Controller/Component/AuthComponent.php line 611 → AuthComponent->identify(CakeRequest, CakeResponse)
APP/Controller/AuthController.php line 35 → AuthComponent->login()
[internal function] → AuthController->login()
CORE/Cake/Controller/Controller.php line 491 → ReflectionMethod->invokeArgs(AuthController, array)
CORE/Cake/Routing/Dispatcher.php line 193 → Controller->invokeAction(CakeRequest)
CORE/Cake/Routing/Dispatcher.php line 167 → Dispatcher->_invoke(AuthController, CakeRequest)
APP/webroot/index.php line 110 → Dispatcher->dispatch(CakeRequest, CakeResponse)

gpg --homedir /home/www-data/.gnupg --gen-key
gpg --homedir /home/www-data/.gnupg --armor --export-secret-keys [email protected] > /var/www/passbolt/app/Config/gpg/serverkey.private.asc
gpg --homedir /home/www-data/.gnupg --armor --export [email protected] > /var/www/passbolt/app/Config/gpg/serverkey.asc

/var/www/passbolt/app/Config/app.php

$config = [
  // GPG Configuration
  'GPG' => [
	// Tell GPG where to find the keyring
	// Needs to be available by the user the webserver is running as
	'env' => [
	  // you can set this to false if you want to use *nix $GNUPGHOME environment variable
	  'setenv' => true,
	  // otherwise you can set the location here
	  // typically on Centos it would be in '/usr/share/httpd/.gnupg'
	  'home' => '/home/www-data/.gnupg',
	],
	// Main server key
	'serverKey' => [
	  // Server private key location and fingerprint
	  'fingerprint' => '683BDFDC69BDC5A4B0AAC64EEBA1095058A19',
	  'public' => APP . 'Config' . DS . 'gpg' . DS . 'serverkey.asc',
	  'private' => APP . 'Config' . DS . 'gpg' . DS . 'serverkey.private.asc',

	  // PHP Gnupg module currently does not support passphrase, please leave blank
	  'passphrase' => ''
	]
  ]
];

Hello,
I can't add special characters in a URL.

We need sometimes for exotic login links :)

#44

Hi,

During the creation of a password, we can set a description, but the field in which we can put information is limited by the interface.
When I've looked into the database, I've seen that the type of this field is "TEXT", so I don't understand why there's this limitation.

Thank's

Please, fix validation in the form:

• allow line-wrap symbols (\n) in the description: https://goo.gl/SX8SQ2 (example has been simplified specially)
• allow symbol "#" in the URI field: https://goo.gl/ODoFu0 Hashtag has important sometimes

First time i tried to create a password, during entering the password, Firefox crashed.
After a restart, the password field is not visible.

Hello, when at last step of admin account creation (5. Login!), it fails :
Error! Something unexpected happened. The setup cannot be completed.

Returned JSON :

{
  "error": "server response error",
  "setup": {
    "stepId": "login_redirection",
    "stepsHistory": "domain_check/define_key/secret/backup_key/security_token",
    "user": {
      "username": "[email protected]",
      "firstname": "Guillaume",
      "lastname": "Friloux",
      "id": "_STRIPPED_"
    },
    "key": {
      "ownerName": "Guillaume Friloux",
      "ownerEmail": "[email protected]",
      "comment": "",
      "length": "2048",
      "algorithm": "RSA-DSA",
      "passphrase": "",
      "publicKeyArmored": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v2.3.2\r\nComment: http://openpgpjs.org\r\n\r\nxsBNBFhxH/4BCADBZqzELEYL7N4h1M56FTgWRNUqiSTWymfBwhM78/TA4bWk\nK6SkeSI/cDfUH0WwkwlxGR318KliGklyQ6qAAqt6YLRjvXcbAO+Ma7YC3Xd1\n3MQPdgiDOM2LFCPT00QmNdnbmLANp5dMai30OBEEPU4xqWgqNf66RGjFOV7E\nBTjPZH8ihlqCoQyOXlnf84Us+EpFqKBD9AhWx9a64md50DjEvFu0hIIGM5OH\nbCZ6HISt7PDDmszbE0cvVvlyZLOsTAmEaI/oNl3v7IS/rUmwkgADR+tGaZNt\nAInVXtwcGlMl0UHOl5bF4Jz9z9x6M2NKCNz4mo86l57IQT/Y8bxlhHL3ABEB\nAAHNKEd1aWxsYXVtZSBGcmlsb3V4IDxndWlsbGF1bWVAZnJpbG91eC5tZT7C\nwHUEEAEIACkFAlhxH/8GCwkHCAMCCRC3/OgigYw5CwQVCAIKAxYCAQIZAQIb\nAwIeAQAAKdgH/12SDYvufRBJJDdps7d3xXE0z3vpiUXPNoe8XOUjLuiX8t9v\nW4QRxxszp31mBPFRgNKy1gEGyBMYkSikMCbH2fmz8B3c18kYIHg2W0L6OC7I\nSxOql7D5rDJutmBf9eSHYYv3YdeZNDXcab2zhv9eyBTz/wY4uGBcBOdXNbtL\ngGy5lJbS3PgW2RM+KWbOdnaqN1s9FNpw7Csz3nSwvvLO6CUyCCHV08HzFIr8\nSIM03eohhgPdHYS9TjBCYj3Tv3khfxrcKkQlW9rOytuR8grHKV4PhIcoQaXQ\no4wH5V6iomckPO0NoalwIJNY+/vrAN4tHutHxZA80WJCW8fTwsBCXafOwE0E\nWHEf/gEIAMs6OBH9bBfDAZmKyX5z6WSw1El6rqmWJR9gTjRazpEu7b/TNkUd\nZX08qjTh00eGqfM4g9I6eTJEULdyNF/5o+NU8ymSLcs5TVkMPeMa3BwBJ5dO\nLQu1V3OAXi71EHRPG7PlZxmXOHlg1ROrXtKF1c6SIuFaBUOnYHzOJFDignLG\n5j/Ee45VJC6nQDSjG6s3he9GVbSTPKRsolPq4ukVpCCUiyqyYFmHBRlMjc+F\nRbbW1EyYPOKLCQP/jgMSQNcKqtAzt9lfjjZsXF2qoNqDuGplOMu5dO9YyVlM\nRjPPpylC0etMcdpr6bcMu66V5rVO5IlTJwjSegphoqspWV4QKl8AEQEAAcLA\nXwQYAQgAEwUCWHEf/wkQt/zoIoGMOQsCGwwAAA2jCACozu0NrlC/ur7KC23T\nBc+jG8f7hftpCMp5c6vr3HjbO4c/31ENpZpvxwTve0Av3jeHRGs61rdpRUxV\nMyrHxuegjkawTKMzHmh9IA9lPNCilET3NMQ1udln2i0pqDucJocedQlr8FTN\ng4df7wKTs/w8IwtfCi7BNOahpsChqrRYVbmElZd6rPe8zsrHkz21ke6ZId6H\nDQ1us4F8D17twxUziW8wchFPK+rnk8sSLXRTMpg7p1nEeuZuIQrZnnTW+0QI\nv4MjPxLIl6B3SmNE+zcjIyjiE0AbbQBtSprOK8LxDTMPEL8fKQj5H9KVECzE\nMmDQ3hcvUNvSUDC7d4RZH6dj\r\n=FEr1\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n",
      "privateKeyArmored": ""
    },
    "settings": {
      "token": "_STRIPPED_",
      "domain": "_STRIPPED_",
      "armoredServerKey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQENBFhxCpIBCACteVEK3LRCcuS43B9oYZJbnFdv0ZjVKZRavge7St+v4906K07C\nHlrgyP85iXDLoJkzLp3EUrKol2FDoaoEflYS8MUyQbekd+5eVOUMAywHECMciqRV\nvI3h3OkB4MeGqt1zsTJ4GoPhElbXHQEAOsB4sU37Ce3spogaiPW4h6Hf8KQ9nASj\nfT7/nIvHpzzwMAw9t5wZFmn4F32chQnevCxyyNuwPrGJ+bM8Amq5M3PSn6tu4eRw\nqq2pCyrfjAZUiMI2gTsVtgRDfP6BytxP6whoGhhwRGaVD4YryoLZSLFglL1+94PU\ngi8bNiOE44YPvmTzi5ZhH1W49R7gSj9wWdyFABEBAAG0IXBhc3MuZnJpbG91eC5t\nZSA8cm9vdEBmcmlsb3V4Lm1lPokBVAQTAQgAPhYhBAVLawnTMgZKU5wdALix+NJr\ndHisBQJYcQqSAhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELix\n+NJrdHisKm0H/jU4fW1t0bgD000SONerBbLJeQVm35JGRhywzXBAQvhSbudi2uLw\n4tc3Lr844/3/uxFJqFrcG3OhCKl/bm6kaMu3fXLymLZ3qNkfTbFtqHrmwKShGTM3\n6tJ6a0Y/A0YRKuL65BrSWPyAVooy9s7ZtUmdw7D6ie5HJ9cAmyw96dlZbaZIDCEZ\nlCNtb0TU8DurtNWM3g0XzuvxsXq2Kqbx7EuQ/et+qrI28t99HB275bXbHG3TSCB7\ndkErzJWzNzNHPMhlR3LAu5YAnRAMaMwoayTEOpr4L1SugRwsUPEzHTz70QrSAPm5\nQ+NyZuGUqPAfpXE47YdiR8j0kVb/YJGbUoC5AQ0EWHEKkgEIALsBLZxs9XlXCh9w\nEWwPRwZ6AdDHBGqOThrSk6X8dSlwWRy23lE83rYUU64R5sNEKIM0HxNox/N4z+oC\nyw0E0YHAhcVfDiX6N4GVxTpC3f4fNeZ2lpHjyTerjuvI9/Vv4cVJiLOz0eYw7tqY\nFwgQHC0dnV8BzSJQm6QcQqoBKTae6CiyH7vHsTxNwuuNaFZvLdWLssU/aaDn0aHa\npJwxi8MKyvAlWkq5x56xIMX8sP5pj++uUt9Fk7of6mTTiYGKG6UVp99jfCmOkUdW\nL19nPZtyRzMG87DJAYDS8rnCW8DBsphxnTvSk1Y0IgZC8zIQ+pNLe7TJdfnMaB7j\nW9q2h/kAEQEAAYkBPAQYAQgAJhYhBAVLawnTMgZKU5wdALix+NJrdHisBQJYcQqS\nAhsMBQkDwmcAAAoJELix+NJrdHis878IAKeWjHMekkCo+PWxKf+WILagiewv8DtC\njpH0+r9/BX3Q+8PUVC3Vg1rusAeNNDyg7UB2yWvaArfHTC3udwWBGpXcmkTCPJmy\nM/nx13aB/uqm/SjEQqZ/T78iXfI0aYNLK6TCC4HcnU23Ddof4e9y0yP9Upxc1r4h\nV8psED+mV/SwF0XCgF+a0eOgD88f6yriyx+e8h9LZ3SBDA1mUn7O3fYwyFDXmwAb\ntqYSuMNWSVNuQUhJpwQsL/QDuuReTddWJ3XrHPDKukZI016bd9rMqFLBTlZV9RNU\nJfV/qb1CR1MNC8x5vnK1t2kDUHAyITE4dxsLq1udHE7dS6zUeN+JkOo=\n=OPdW\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "securityToken": {
        "code": "_STRIPPED_",
        "color": "_STRIPPED_",
        "textcolor": "#000"
      }
    }
  },
  "additional": {
    "request": {
      "AuthenticationToken": {
        "token": "_STRIPPED_"
      },
      "Gpgkey": {
        "key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v2.3.2\r\nComment: http://openpgpjs.org\r\n\r\nxsBNBFhxH/4BCADBZqzELEYL7N4h1M56FTgWRNUqiSTWymfBwhM78/TA4bWk\nK6SkeSI/cDfUH0WwkwlxGR318KliGklyQ6qAAqt6YLRjvXcbAO+Ma7YC3Xd1\n3MQPdgiDOM2LFCPT00QmNdnbmLANp5dMai30OBEEPU4xqWgqNf66RGjFOV7E\nBTjPZH8ihlqCoQyOXlnf84Us+EpFqKBD9AhWx9a64md50DjEvFu0hIIGM5OH\nbCZ6HISt7PDDmszbE0cvVvlyZLOsTAmEaI/oNl3v7IS/rUmwkgADR+tGaZNt\nAInVXtwcGlMl0UHOl5bF4Jz9z9x6M2NKCNz4mo86l57IQT/Y8bxlhHL3ABEB\nAAHNKEd1aWxsYXVtZSBGcmlsb3V4IDxndWlsbGF1bWVAZnJpbG91eC5tZT7C\nwHUEEAEIACkFAlhxH/8GCwkHCAMCCRC3/OgigYw5CwQVCAIKAxYCAQIZAQIb\nAwIeAQAAKdgH/12SDYvufRBJJDdps7d3xXE0z3vpiUXPNoe8XOUjLuiX8t9v\nW4QRxxszp31mBPFRgNKy1gEGyBMYkSikMCbH2fmz8B3c18kYIHg2W0L6OC7I\nSxOql7D5rDJutmBf9eSHYYv3YdeZNDXcab2zhv9eyBTz/wY4uGBcBOdXNbtL\ngGy5lJbS3PgW2RM+KWbOdnaqN1s9FNpw7Csz3nSwvvLO6CUyCCHV08HzFIr8\nSIM03eohhgPdHYS9TjBCYj3Tv3khfxrcKkQlW9rOytuR8grHKV4PhIcoQaXQ\no4wH5V6iomckPO0NoalwIJNY+/vrAN4tHutHxZA80WJCW8fTwsBCXafOwE0E\nWHEf/gEIAMs6OBH9bBfDAZmKyX5z6WSw1El6rqmWJR9gTjRazpEu7b/TNkUd\nZX08qjTh00eGqfM4g9I6eTJEULdyNF/5o+NU8ymSLcs5TVkMPeMa3BwBJ5dO\nLQu1V3OAXi71EHRPG7PlZxmXOHlg1ROrXtKF1c6SIuFaBUOnYHzOJFDignLG\n5j/Ee45VJC6nQDSjG6s3he9GVbSTPKRsolPq4ukVpCCUiyqyYFmHBRlMjc+F\nRbbW1EyYPOKLCQP/jgMSQNcKqtAzt9lfjjZsXF2qoNqDuGplOMu5dO9YyVlM\nRjPPpylC0etMcdpr6bcMu66V5rVO5IlTJwjSegphoqspWV4QKl8AEQEAAcLA\nXwQYAQgAEwUCWHEf/wkQt/zoIoGMOQsCGwwAAA2jCACozu0NrlC/ur7KC23T\nBc+jG8f7hftpCMp5c6vr3HjbO4c/31ENpZpvxwTve0Av3jeHRGs61rdpRUxV\nMyrHxuegjkawTKMzHmh9IA9lPNCilET3NMQ1udln2i0pqDucJocedQlr8FTN\ng4df7wKTs/w8IwtfCi7BNOahpsChqrRYVbmElZd6rPe8zsrHkz21ke6ZId6H\nDQ1us4F8D17twxUziW8wchFPK+rnk8sSLXRTMpg7p1nEeuZuIQrZnnTW+0QI\nv4MjPxLIl6B3SmNE+zcjIyjiE0AbbQBtSprOK8LxDTMPEL8fKQj5H9KVECzE\nMmDQ3hcvUNvSUDC7d4RZH6dj\r\n=FEr1\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n"
      }
    },
    "response": {
      "header": {
        "id": "_STRIPPED_",
        "status": "error",
        "title": "app_users_validateaccount_error",
        "servertime": 1483808592,
        "message": "The key provided couldn't be used",
        "controller": "Users",
        "action": "validateAccount"
      },
      "body": []
    }
  }
}

I dont doubt i made something wrong, but i have no idea what.
Tell me anything you need to figure out the issue.

I would love to see user groups implemented so that I am able to share an item with a whole group instead of sharing an item which each group member on a manual basis. Users should be able to belong to multiple groups.

Is it possible to add files to a login e.g. SSL certs, Keys, PDFs and so on?

Hello,

I've been very happy to find "LDAP integration" on the roadmap, but when I think about it I can find different use cases that need different developments.
As a Sysadmin (and CISO) in a university one of my main challenges is to provide my users with exclusive and secured access to resources.

• Authentication on passbolt looks very robust, falling back to LDAP login/password is not an option.
• Having a script every night that pulls new users from LDAP to inject them in passbolt could do the trick, but it'll probably create 70 to 80% never-used accounts. It can be done out of passbolt scope, though.
• An interesting option would be to allow self-registration to people only if they can authenticate first against an LDAP directory. The registration process would also pull user details (Name, email, pict?...) from the LDAP.
• A nice add-on would be to sync groups from LDAP (crontab for example), and to make it possible for a user to share a secret with a group.

Issue reported by patpro on twitter:

SSL is not detected properly in healthcheck, even though the healthcheck page is accessed through HTTPS. (cf screenshot below).

Ticket reference: PASSBOLT-1721

Why can't I setup the first Admin account? Here's what happens...

First, I successfully initialize the Passbolt mysql database and register my first admin user:

su -s /bin/bash -c "/var/www/passbolt/app/Console/cake install --no-admin" www-data
/var/www/passbolt/app/Console/cake passbolt register_user -u [email protected] -f Henry -l xxxxx -r admin

Then I copy the link displayed (I don't have email configured yet) and paste it into my browser (Chrome):
https://server-name:6443/setup/install/d46de1f2-ed84-3d5c-aedb-5bda3ecbc43a/35f779d0-072e-419a-a98e-c0182c34a54a

My browser flashes up a page for a few milli-seconds that says something like Welcome to passbolt! Let's take 5 min to setup your system But then displays a page with the following error:

Damn...
An error occured
 Error! Something unexpected happened. The setup cannot be completed.
What to do now ?
Please contact us or your system administrator, and provide the debug information below.
 See debug info

Here's the debug info:

{
  "error": "settings could not be validated",
  "setup": {
    "stepId": "",
    "stepsHistory": "",
    "user": {
      "username": "[email protected]",
      "firstname": "Henry",
      "lastname": "xxxxx",
      "id": "d46de1f2-ed84-3d5c-aedb-5bda3ecbc43a"
    },
    "key": {},
    "settings": {
      "token": "",
      "domain": "",
      "securityToken": {},
      "armoredServerKey": ""
    }
  },
  "additional": {
    "settings": {
      "token": "35f779d0-072e-419a-a98e-c0182c34a54a",
      "domain": "https://server-name:6443"
    },
    "user": {
      "username": "[email protected]",
      "firstname": "Henry",
      "lastname": "xxxxx",
      "id": "d46de1f2-ed84-3d5c-aedb-5bda3ecbc43a"
    }
  }
}

No errors reported in /var/log/apache2/error.log
No errors reported in /var/www/passbolt/app/tmp/logs/error.log
Are there any other log files that might help me troubleshoot this problem?

I'm running a Passbolt server on my own computer inside the Passbolt Debian Docker container. I don't think my trouble is with docker, which is why I'm looking for help here in the passbolt_api repository. I'm also using port 6443 for ssl, which shouldn't be a problem, but I'm open to anything at this point.

I suggest: can set resource group, such as Web, SSH, FTP, and so on.

After i finish install and try login to passbolt i get message

The server was unable to respect the authentication protocol.

and i don't understand what is wrong.

An account like cn=admin,dc=example,dc=com is not accepted