New version of dokuwiki (Frusterick Manners")
And after update I cannot login.
I try new install, and I cannot install it.
Only what I found was info in apache log :
Uncaught exception 'Exception' with message 'There is no suitable CSPRNG installed on your system' ...
Which came with this issues: https://github.com/splitbrain/dokuwiki/issues/1760 and https://github.com/splitbrain/dokuwiki/pull/1761
Why is there any test when install new dokuwiki ?
And maybe some warning in release notes for upgrade ?
@arnost00 You might want to take a look at #1869. As described, adding /dev/urandom to the open_basedir path resolved the issue for me.
I'm leaving this open because it might be a good idea to check for this in the installer.
This just bit me. Luckily I saw it, and found this issue.
I'm not sure how to test for it, though. The official upgrade instructions are just untarring (there is no installer), so the warning needs to be visible on the site, and to all users, because the admin can't log in to see anything...
Hmm this bit me, too, and I am not able to touch PHP configurations so as I upgraded dokuwiki, it resulted in a broken wiki for us. I was able to downgrade, which fixed the issue, though. (And I've got good working backups, too)
What should I ask my hosting provider exactly to do? I don't know what the open_basedir and /dev/urandom do, so I'm a bit wary of asking my hosting provider to apply those tweaks.
/dev/urandom is the standard source of entropy used in crypto mechanisms on Linux systems. open_basedir restricts PHP to only access certain paths. PHP needs to be able access /dev/urandom for reading or it can not create secure passwords, cookies, etc. There's nothing to argue about. It's basically a misconfiguration your provider's side. If a provider denies your PHP applications access to read from /dev/urandom you should switch providers - your setup is not secure then.
Thank you! Your answer is really great :+1:
Please be aware that the plain text password is printed in the apache ssl_error log file. Can we avoid printing plain text password on system level log file? Should I create a new ticket? Thanks
This happens with a valid user/pass using ldap authtype. Reproducible with PHP 5.3, CentOS 6.8 and Safe mode On, with /dev/urandom adder to open_basedir.
Another bug is that the authldap only uses first 8 character of the password, so adding random characters after your saved form password makes you login too.
Its working now, just upgraded a wiki from 2008, dokuwiki rocks!
Here is the log with the plaintext password
[Mon Apr 24 14:55:07 2017] [error] [client IP] PHP Fatal error: Uncaught exception 'Exception' with message 'There is no suitable CSPRNG installed on your system' in /var/www/html/mail/wiki/vendor/paragonie/random_compat/lib/random.php:203\nStack trace:\n#0 /var/www/html/mail/wiki/inc/auth.php(333): random_bytes(64)\n#1 /var/www/html/mail/wiki/inc/auth.php(315): auth_randombytes(64)\n#2 /var/www/html/mail/wiki/inc/auth.php(228): auth_cookiesalt(true, true)\n#3 /var/www/html/mail/wiki/inc/auth.php(178): auth_login(‘username_example’, ‘plaintext_password’, false, false)\n#4 /var/www/html/mail/wiki/inc/events.php(111): auth_login_wrapper(Array)\n#5 /var/www/html/mail/wiki/inc/events.php(238): Doku_Event->trigger('auth_login_wrap...', true)\n#6 /var/www/html/mail/wiki/inc/auth.php(109): trigger_event('AUTH_LOGIN_CHEC...', Array, 'auth_login_wrap...')\n#7 /var/www/html/mail/wiki/inc/init.php(223): auth_setup()\n#8 /var/www/html/mail/wiki/doku.php(34): require_once('/var/www/html/m...')\n#9 {main}\n thrown in /var/www/html/mail/wiki/vendor/paragonie/random_compat/lib/random.php on line 203, referer: https://example.net/wiki/inicio?do=login§ok=
Most helpful comment
@arnost00 You might want to take a look at #1869. As described, adding
/dev/urandomto theopen_basedirpath resolved the issue for me.