Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verifying mail signature failed on prod #149

Open
fschasse opened this issue Nov 25, 2023 · 4 comments
Open

Verifying mail signature failed on prod #149

fschasse opened this issue Nov 25, 2023 · 4 comments
Labels
Status: Needs Review Needs to be reviewed

Comments

@fschasse
Copy link

Hey,

Thanks your for verify-email-bundle.
I've a problem with the mail signature online.

I've use this tutorial for use the bundle : https://symfonycasts.com/screencast/symfony-security/verify-email

All is right on local (127.0.0.1). The mail link is valid.
When I try to use in prod (online) I've a message : The link is invalid.

This is a link example on prod :
https://www.chasseprecision.com/user/verify/email?expires=1700923576&id=37&signature=KooiveHUhpnzAPZN4VciLsoPeiKswPJuA2rly3gBNAQ%3D&token=qFp07VBkjvF0gkKZ%2B%2F30yCTaw8rSxjPjyMcSs0Txe2E%3D

There is a special config for prod ?
How can I verifying the right signature ? (with log for compare the link send in mail)

Thank you

@Vastuney
Copy link

It's the same with me, on the local dev and prod work flawlessly while on the target domain (prod) pops up a message that the link is invalid.

@jrushlow
Copy link
Collaborator

Howdy, I'm working out tests related to this now over in maker-bundle. But, I'm not able to reproduce the error. VerifyEmailBundle should just work regardless of the environment.

The only thing that I can think of is http vs https - e.g. if verify-email signs http://example.com but the user is redirected to https://example.com - validation will fail because the resulting hmac will be different from those 2 strings. I'm not sure this is the actual problem but I have a feeling it's something to do with the domain / url thats generated vs what the user is actually "clicking" in the email + redirects.

An app the reproduces this error between the different environments would help.

@Ciolfire
Copy link

Ciolfire commented Jun 25, 2024

Hello @jrushlow ,

I think I have found the origin of this "bug".

Here is what I had in local:

+query: [Symfony\Component\HttpFoundation\InputBag](file:///var/www/darkness/vendor/symfony/http-foundation/InputBag.php#L22) {#15 ▼
    #parameters: array:4 [▼
      "expires" => "1719306424"
[...]
+server: [Symfony\Component\HttpFoundation\ServerBag](file:///var/www/darkness/vendor/symfony/http-foundation/ServerBag.php#L21) {#21 ▼
    #parameters: array:63 [▼
"QUERY_STRING" =>"expires=1719306424&id=20&signature=pLXcJULHxNVDW1oFbk0tGPcD0x4aIp1lSxhokvaZUSs%3D&token=Ak35INUSPMafNHDsb7hopf5ydU63wEFSOOb3O%2F4kKoU%3D%20%E2%97%80"

And in prod:

 +query: Symfony\Component\HttpFoundation\InputBag {#13 ▼
    #parameters: array:4 [▼
      "?expires" => "1719307683"
[...]
+server: Symfony\Component\HttpFoundation\ServerBag {#19 ▼
    #parameters: array:48 [▼
      "QUERY_STRING" => "?expires=1719307683&id=114&signature=RrIAKR1ksZDfdw5xkxRzsaXt6ysR0X%2BRMF90PlLiQ6I%3D&token=ouC9VsTjJeZ5NO03TK%2BO9nm28nrZiiWE1nugVy%2FXzgE%3D"

Notice that the question mark is parsed as being a part of the query string.
I had a guess that the server was not configured correctly, so I checked the conf file and found the following:

try_files $uri /index.php$is_args?$args;

Removing the question mark fixed the issue.

Cheers !

@wlcdesigns
Copy link

wlcdesigns commented Jul 17, 2024

This isn't working for me in production either. I'm on Symfony 7.1.2 using "symfonycasts/verify-email-bundle": "^1.17.0".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Status: Needs Review Needs to be reviewed
Projects
None yet
Development

No branches or pull requests

5 participants