[object Object] InvalidToken error at login after update to 2.37.2

[ervee]

Describe the bug
After update to 2.37.2 over a known-good working 2.33.0 test install I get an [object Object] error at login and get thrown back at the login screen.

To Reproduce
Steps to reproduce the behavior:

1. I removed my snappymail-test folder.
2. Created a 1-on-1 copy of my known good 2.33.0 installation to a new snappymail-test folder.
3. Login to /snappymail-test/ to be sure it works.
4. Unpacked snappymail-2.37.2.tar.gz in a temporary folder and chmod directories to 755, files to 644, chown all files to www-data:www-data and copy files over existing (new) snappymail-test folder.
5. Change index and fast_cache_index caching keys in application.ini
6. Reload nginx and PHP fpm services.
7. Login the admin URL and check if version is 2.37.2.
8. Update Extensions ("Avatars", "Custom Login Mapping" and "Contacts suggestions (IMAP folder)") if needed.
9. Check a domain and test it.
10. Go to Config menu and save at the bottom for good measure.
11. Logout and change URL back to normal (non-admin) URL.
12. Login as normal user.

Expected behavior
See my mailbox :)

Screenshots

Please complete the following information:

• Browser: Multiple, does not matter.
• IMAP daemon: Dovecot 2.3.13
• PHP version: 8.1
• SnappyMail Version: 2.37.2
• Mode: Standalone

Debug/logging information
Read here how to log

• I've placed them here (few lines) or as attachments (many lines)

[2024-08-13 11:30:53.007][31fee4a4] SERVICE[WARNING]: InvalidToken[101] (HTTP Token mismatch)
/srv/www/vhosts/mydomain.tld/htdocs/webmail/snappymail-test/snappymail/v/2.37.2/app/libraries/RainLoop/ServiceActions.php#100
#0 /srv/www/vhosts/mydomain.tld/htdocs/webmail/snappymail-test/snappymail/v/2.37.2/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#1 /srv/www/vhosts/mydomain.tld/htdocs/webmail/snappymail-test/snappymail/v/2.37.2/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#2 /srv/www/vhosts/mydomain.tld/htdocs/webmail/snappymail-test/snappymail/v/2.37.2/include.php(137): RainLoop\Service::Handle()
#3 /srv/www/vhosts/mydomain.tld/htdocs/webmail/snappymail-test/index.php(11): include('...')
#4 {main}

Additional context
None

[the-djmaze]

GET /?/AppData/0/[0-9]+/ response contains a token.
The value is from \RainLoop\Utils::GetConnectionToken().
There are 2 types of values.

1. When it starts with 2- it is an active account
2. Else it is a sha1()

Login screen:

When login action, the request headers contains a header named X-SM-Token
Login action response:

Can you analyze which tokens are send/received?

[ervee]

On the login screen there is this:

Then after login attempt there are 3 of those /?/Json/&q[]=/0/ POST events:

POST Action "Login":

POST Action "Folders":

POST Action "Logout":

[the-djmaze]

The POST Action "Login" reponse data should also have a token.
That token is used in the POST "Folders".

Can you check that?

If it is different, i might know where the problem is.
You might have an additional account cookie that shouldn't be there.
If so, i will change the code in an attempt to solve it.

[ervee]

Hi, sorry I didn't mean to not respond. Life got in the way!

I notice that I can login with a test account, but not my main account. My main account has 2 extra accounts configured. Could that be the problem? I'll check if I can remove these accounts from my test setup.

[ervee]

Hi, should adding the 1 line change from daf02e5 fix the issue?
I just added the line to ./snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php but perhaps it needs to compile? I'm not that good at this :)

[the-djmaze]

Just adding the line should be sufficient.
Next release will show more details why a token fails.

[ervee]

The manual edit didn't seem to work, but I updated to v2.37.3 and this build works without issues, also on logins with multiple accounts. Great! Too bad I can't donate on GitHub, so I donated via PayPal :)

[ervee]

I spoke to soon I guess. I now get "Folders error: Call to a member function Email() on null".

[ervee]

Even if I remove the entire data/_data_/_default_/storage/mydomain.fqdn/myuser folder I still get this error.

PS: I tested the update on my test install and I thought the login went find but I didn't correctly used my test URL which redirected my to my production version so I thought it worked and updated my production too. Woops.

[ervee]

This is the log now:

[2024-08-27 18:13:05.011][e38c2f9e] SERVICE[WARNING]: Error: Call to a member function Email() on null in /srv/www/vhosts/mydomain.fqdn/htdocs/webmaeActions.php:101
Stack trace:
#0 /srv/www/vhosts/mydomain.fqdn/htdocs/webmail/snappymail-test/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions
#1 /srv/www/vhosts/mydomain.fqdn/htdocs/webmail/snappymail-test/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunRes
#2 /srv/www/vhosts/mydomain.fqdn/htdocs/webmail/snappymail-test/snappymail/v/2.37.3/include.php(137): RainLoop\Service::Handle()
#3 /srv/www/vhosts/mydomain.fqdn/htdocs/webmail/snappymail-test/index.php(11): include('...')
#4 {main}

[the-djmaze]

Oh great! Now we atleast have progress with a different error.
I will look into it!

Thanks for the donation.

[the-djmaze]

Ok the error resolved.
But it seems your token is from a logged in use, while SnappyMail thinks you are not logged in.