Can't register new Webauthn device

[foxnoodles]

U2F is not working

This is what I get in latest when I try to add a device from U2F page.

[Error] Failed to load resource: the server responded with a status of 404 () (WebAuthn::register/options, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (stackblur.min.js.map, line 0)

Steps to reproduce the issue

Steps to reproduce the behavior:

1. Go to 'U2F page'
2. Click on 'Register New Device'
3. Check console in web inspector for error messages.

Output of the diagnostics

Warning: /home/dh_672djj/public/uploads/ has permissions 0755, but should have 2775 Warning: /home/dh_672djj/public/uploads/import has permissions 0755, but should have 2775 Warning: /home/dh_672djj/public/uploads/original has permissions 0775, but should have 2775 Warning: /home/dh_672djj/public/uploads/original/e8 has permissions 0775, but should have 2775 Warning: /home/dh_672djj/public/uploads/original/e8/e9 has permissions 0775, but should have 2775 Warning: 336 more directories with wrong permissions Warning: You may experience problems when uploading a photo of large size or handling many/large albums. Take a look in the FAQ for details. Warning: zend.assertions is enabled although Lychee is not in debug mode. Outside of debugging, code generation for assertions is recommended to be disabled for efficiency reasons

Note I can't chmod 2775 on Dreamhost shared hosting.

Browser and system

Safari 16.1 on MacOS 13.0.1

[qwerty287]

Note I can't chmod 2775 on Dreamhost shared hosting.

That's fine.

Which version are you using?

Also, where do you get this error? In the browser's console?

[foxnoodles]

I'm using the latest version (4.6.3-RC1) as stated in my post, also as stated in my post it is Safari 16.1 on MacOS 13.0.1 and again as stated in my post the error is shown in webinspector console (see "Steps to reproduce the behavior") :)

[qwerty287]

Oh sorry :)

Unfortunately, I'm not able to reproduce it (also because I can't use U2F).

Two questions:

1. Can you access the server's access log and check if there's a request?
2. Is there something in Lychee's logs?
3. Can you look at the network connections? Is there a response? (I don't know how to do in Safari, in Firefox open the doc console and select "network")

[foxnoodles]

I don't have an access to Server logs.

Network shows it loaded WebAuthN.js and frontend.js that's all. No request is being sent when I click the add new device button just an error as described above.

Lychee log has no errors just logged my login that's all.

[qwerty287]

If there's no request made Lychee's logs won't contain something of course. This is very weird because the logs you gave above seem to say that there's a request made 🤔
Do you get some error inside Lychee's UI itself (a red topbar containing the error)?

[foxnoodles]

Yeah forgot about that cuz it's pretty much useless:
error: Whoops, it looks like something went wrong. Please reload the site and try again!
in the topbar

[foxnoodles]

NVM my bad, had filters set to JS.

Request by name "options" is being made and the responce is:

`

<title>404 Not Found</title>

Not Found

The requested URL was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

`

This happens when I click the add new device btn. basically it's and 404 error as shown in console.

[qwerty287]

Sorry for the late reply, can you check the request details (path, body)? This is a really weird error.

[foxnoodles]

Not sure what do you mean.
WebAuth is calling for options and is getting 404 as a response. There is no body.

Initiator: WebAuthn.js:307
:path: /api/WebAuthn::register/options

[ildyria]

I am not sure what is going wrong in your side as it works perfectly fine on my version and a 404 error would be reproducible:

And I am using:

System Information
--------------
Lychee Version (git):                    master (f6a2615) -- Up to date (5 days ago).
DB Version:                              4.6.3

composer install:                        --no-dev
APP_ENV:                                 production
APP_DEBUG:                               false

[foxnoodles]

I'm on the same exact version. Could be OS related or Browser related? Safari 16.1 on MacOS 13.0.1

[qwerty287]

Yeah, would be cool if you could try another browser to check this.

[foxnoodles]

I don't know what is your public setup but I've tested this on DreamHost and Bluehost shared hostings with two different browsers, latest Firefox and latest Safari both on latest MacOS the error message is the same:

POST https://****/api/WebAuthn::register/options [HTTP/2 404 Not Found 248ms]

Oh well.

[stubevan]

also reproducible using Chrome on Ventura 13.1 (on M1). I get the same issue with Safari - using either a Yubikey or passkey

[ildyria]

I'll investigate as soon as I can. It's on top of my priority list. ⁣Télécharger BlueMail pour Android ​ Le 4 janv. 2023, 17:47, à 17:47, Mees Mees ***@***.***> a écrit:

…

also reproducible using Chrome on Ventura 13.1 (on M1). I get the same issue with Safari - using either a Yubikey or passkey -- Reply to this email directly or view it on GitHub: #1630 (comment) You are receiving this because you commented. Message ID: ***@***.***>

[anjanesh]

I don't know what is your public setup but I've tested this on DreamHost and Bluehost shared hostings with two different browsers, latest Firefox and latest Safari both on latest MacOS the error message is the same:

Does shared hosting with restrictions cause this ? You can test this a VPS like DO via a Laravel geared control panel like ploi.io and cross-check if the same occurs. A lot of shared hosts prevent scripts from performing certain actions.

[ildyria]

Okay so the URL are working (just tested), so if you get a 404, it means that some sort of route caching is going on.

Can you check the following commands:
php artisan route:clear This will clear the cache of the routes.

You can also make sure that the said route exists with :
php artisan route:list

However, I confirm that since 4.6.5 WebAuthn authentication is no longer working.
Registration seems fine, just did it on my production server with a Yubikey 4.
Investigating...