WebAuthn account recovery and password recovery doesn't work. Email template broken.

Question

WebAuthn account recovery and password recovery doesn't work. Email template broken.

PeopleInside opened this issue 5 months ago · comments

Marco Borla commented 5 months ago

Version

5.0.3

Details & Steps to reproduce

In settings activate WebAuthn (I tested with Android device added)
Open an incognito window and simulate the have lost your device. Ask for a recovery link
The recovery link will open the recovery page, insert your password and try to log-in
Nothing happen when press continue.

Expectation

Expect to login after following the device lost procedure.
The screen shot the recovery page but after inserted the password the WebAuthn still be active and still be unable to login

Error & Logs

no logs

Execution environment

Date: Thu, 15 Feb 2024 14:40:52 +0000
userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Version: 5.0.3
Environment: production
Install path: /
Debug: false
Cache driver: file
Log channel: daily
Log level: notice
DB driver: mysql
PHP version: 8.2.15
Operating system: Linux
interface: fpm-fcgi
Auth guard: web-guard
webauthn user verification: preferred
Trusted proxies: none

Additional information

Cannot test in the demo :-)

The issue is just the email template.
I don't know why but when I recover a password or I try to recover access because of device lost, I get two email broken in the template with the wrong link. From those email I'm now able to fix the link to be correct and works.

What email I get:

<:message style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; position: relative;"> # Hello! You are receiving this email because we received an account recovery request for your account. <:button :url="$actionUrl" :color="$color" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; position: relative;"> Recover Account This recovery link will expire in 60 minutes. If you did not request an account recovery, no further action is required. Regards,
2FAuth If you're having trouble clicking the "Recover Account" button, copy and paste the URL below into your web browser: [https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext](https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext)

The link will be:
https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext](https://something.domain.ext//webauthn/recover?token=123456&email=emailaddress%40domain.ext)

So I just need fix this link removing the duplicate link and [ ( and the link works.
The issue is present in reset password and also in the WebAuthn lost device reset.

I don't know why email get no well formatted and I don't know how to help to fix this.
Are you able to reproduce?

No response

Bubka · Answer 1 · Sun Feb 18 2024 04:33:50 GMT+0800 (China Standard Time)

This is really weird... I struggle to understand why this is happening while I stick to most Laravel default for this feature.

Marco Borla · Answer 2 · Sun Feb 18 2024 04:35:34 GMT+0800 (China Standard Time)

This is really weird... I struggle to understand why this is happening while I stick to most Laravel default for this feature.

Are you able to reproduce?

Bubka · Answer 3 · Sun Feb 18 2024 04:37:28 GMT+0800 (China Standard Time)

Yes I do. I already made several tests/changes to fix it but nothing worked.

Marco Borla · Answer 4 · Sun Feb 18 2024 04:40:23 GMT+0800 (China Standard Time)

You may try to ask here if someone reply.
Unfortunately I'm unable to help, I tried to look at this issue as well also if I'm not a developer :P but was not able to figure out.

Bubka · Answer 5 · Sun Feb 18 2024 05:05:55 GMT+0800 (China Standard Time)

Got it! This is due to a directive introduced by Laravel v7 that breaks email rendering since v9. Removing the directive restore email formatting. Will push a fix asap.

Alex Masyukov · Answer 6 · Tue Feb 27 2024 00:11:06 GMT+0800 (China Standard Time)

Updated to 5.0.4, but nothing changed for me. Still receiving <:message style="... emails. Is it just me?

Marco Borla · Answer 7 · Tue Feb 27 2024 00:16:08 GMT+0800 (China Standard Time)

Yes seems it's only you, for me all works.
Have you cleaned the cache?
Have you also checked if the changes has been applied to your install?
You just need to have a line removed as showed here:
f2d4c43

Alex Masyukov · Answer 8 · Tue Feb 27 2024 00:29:25 GMT+0800 (China Standard Time)

Have you cleaned the cache? Have you also checked if the changes has been applied to your install?

Yes and yes. I have upgraded according to the upgrade instruction. Also have restarted my Apache server. Still the same problem. By the way, my email provider is MS Outlook

Marco Borla · Answer 9 · Tue Feb 27 2024 00:36:21 GMT+0800 (China Standard Time)

Very strange because the fix works for me. What PHP version are you running?
Have you checked and the fix is present in your installation?

Feel strange the fix is not working for you as everything seems fine and I don't think Outlook can cause an issue with that email.

Alex Masyukov · Answer 10 · Tue Feb 27 2024 00:42:51 GMT+0800 (China Standard Time)

What PHP version are you running?

PHP 8.1.2-1ubuntu2.14

Have you checked and the fix is present in your installation?

Yes, app/Providers/AppServiceProvider.php is updated

Marco Borla · Answer 11 · Tue Feb 27 2024 00:46:22 GMT+0800 (China Standard Time)

What PHP version are you running?

PHP 8.1.2-1ubuntu2.14

Have you checked and the fix is present in your installation?

Yes, app/Providers/AppServiceProvider.php is updated

I don't know so.
I tested for you some minutes ago but the issue is fixed for me.
Sorry I have no idea of what can be the cause on your install to still have the old issue.