Error on passwort reset request -> Invalid signature - SecurityException using browser (Chrome)

matli2 months ago

Following screnario:

1.) User requests password reset from the login page using a browser (Google Chrome)
2.) Email received with password reset link
3.) Following the link points the user to the correct reset page -> enter a new password
4.) Error is prompted:

Invalid signature - SecurityException (CryptoManager:76 < TokenManager:77 < PasswordResource:78 < ... < OverrideFilter:49 < ...)

No indication in the log file. Server config is pretty standard:

<properties>
    <entry key="config.default">./conf/default.xml</entry>

    <entry key='database.driver'>com.mysql.cj.jdbc.Driver</entry>
    <entry key='database.url'>jdbc:mysql://127.0.0.1/traksify_db?zeroDateTimeBehavior=round&amp;serverTimezone=UTC&amp;allowPublicKeyRetrieval=true&amp;useSSL=false&amp;allowMultiQueries=true&amp;autoReconnect=true&amp;useUnicode=yes&amp;characterEncoding=UTF-8&amp;sessionVariables=sql_mode=''</entry>
    <entry key='database.user'>xxxxxx</entry>
    <entry key='database.password'>xxxxxx</entry>

        <!-- Email notification CONFIG -->
        <entry key='mail.smtp.host'>mail.smtp2go.com</entry>
        <entry key='mail.smtp.port'>2525</entry>
        <entry key='mail.smtp.ssl.enable'>false</entry>
        <entry key='mail.smtp.from'>do-not-reply@traksify.com</entry>
        <entry key='mail.smtp.auth'>true</entry>
        <entry key='mail.smtp.username'>xxxxxx</entry>
        <entry key='mail.smtp.password'>xxxxxx</entry>
        
        <!-- TWILIO Notification Type CONFIG -->
        <entry key='notificator.types'>web,mail,sms,traccar,telegram</entry>
        
        <!-- TWILIO SMS CONFIG -->
        <entry key='notificator.sms.manager.class'>org.traccar.sms.HttpSmsClient</entry>
        <entry key='sms.http.url'>https://api.twilio.com/2010-04-01/Accounts/ACc4d6a9afdcd199562997290e6ee0921a/Messages.json</entry>
        <entry key='sms.http.user'>xxxxxx</entry>
        <entry key='sms.http.password'>xxxxxx</entry>
        <entry key='sms.http.template'>From=%2B16128888812&amp;To={phone}&amp;Body={message}</entry>
        
        <!-- Telegram CONFIG -->
        <entry key='notificator.telegram.key'>xxxxxx</entry>
        <entry key='notificator.telegram.chatId'>xxxxxx</entry>
        <entry key='notificator.telegram.sendLocation'>true</entry>
 
        <!-- Geo Coding CONFIG -->
    <entry key='geocoder.enable'>true</entry>
    <entry key='geocoder.type'>opencage</entry>
    <entry key='geocoder.key'>xxxxxx</entry>
    <entry key='geocoder.format'>%f</entry>
    <entry key='geocoder.language'>en</entry>                
        
        <!-- Server Log CONFIG -->
    <entry key="logger.enable">true</entry>
    <entry key="logger.level">fine</entry> 
    
    <!-- USER DAFAULTS -->
    <entry key="users.defaultDeviceLimit">10</entry>
    <entry key="users.defaultExpirationDays">3650</entry>
    <entry key="database.registerUnknown.defaultGroupId">1</entry>
    
    <!-- SSO Configuration -->
    <entry key='openid.clientId'>xxxxxx</entry>-->
    <entry key='openid.clientSecret'>xxxxxx</entry>
    <entry key='openid.authUrl'>https://accounts.google.com/o/oauth2/v2/auth</entry>
    <entry key='openid.tokenUrl'>https://oauth2.googleapis.com/token</entry>
        <entry key='openid.userInfoUrl'>https://openidconnect.googleapis.com/v1/userinfo</entry>

        <!-- General Settings -->
        <entry key='web.url'>https://hello.traksify.com/</entry>
        
        <!-- Allowed protocols -->
        <entry key='protocols.enable'>gt06,tlt2h,osmand</entry>
</properties>

One thing to note, everything else works perfectly fine as it should. Ideas?

matli2 months ago

To add: Server is v.6.5 on AWS Ubuntu.

Anton Tananaev2 months ago

Try clearing the key store table in the database.

matli2 months ago

Thanks Anton. I have cleaned the rows of the affected table, restarted the server and it appears fine again since. What could have caused it and how can we prevent it from happening again. Perhaps a regular maintenance of the keystore table by clearing all rows?

Anton Tananaev2 months ago

In the past I've seen it happen when people copy database and it gets corrupted.

matli2 months ago

Thanks for the quick reply. We will keep an eye open. It could explain the issue as we moved the installation from DO to AWS.