Content
View differences
Updated by Ivan Kuchin almost 2 years ago
### Before filing a report
* [x] _Before you file a report, please ensure you are running the latest version of OpenProject and_
_have searched for similar bug reports._
### Steps to reproduce
_Please write down the steps to reproduce. Try to write down all necessary preconditions (what permissions do you have, are other users involved?). Example:_
1. Administrative creation of a new user
2. New user follows the registration link from the invitation e-mail
3. User assigns password for newly created account
4. User is asked to register a 2FA device according to the security policy
5. "Register 2-FA device" via WebAuthn
6. User assigns a name for the device
7. Clicking "continue" results in the following error
### What is the buggy behavior?
_Please describe the bug in as much detail as possible. Example:_
* JSON Error: _Error registering device: Unexpected end of JSON input_
### What is the expected behavior?
_Describe how the application should behave like. Example:_
1. User should be able to register a device via WebAuthn if the 2-FA security policy is activated
### Important note
_Please note that unless you are a contributor to OpenProject, you can no longer edit this bug report after saving. You can still add new comments, new images and upload attachments though, but updating description or modifying fields will not be possible after saving. Please make sure that all necessary information and attachments are added, and the following attributes are set:_
### **Logs**
_Are there errors in the browser console? (_[_Click here for information on how to open your browser's console_](https://webmasters.stackexchange.com/a/77337)_) For a local installation: Are there relevant logs output by_ `_openproject logs_` _(packaged installation) (_[_click here for details_](https://docs.openproject.org/installation-and-operations/operation/monitoring/#show-logs)_) or in a log/production.log or /var/log/openproject/ ? Please attach error output in these log files if applicable_
**Console:**
two-factor-authentication.controller.ts:89
https://XXXXXX.openproject.com/two\_factor\_authentication/device\_registration/webauthn\_challenge.json 500 (Internal Server Error)
**Sources:**
Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.
...
### Screenshots and other files
<img class="op-uc-image op-uc-image_inline" style="aspect-ratio:1256/324;height:3.375in;width:13.083in;" src="/api/v3/attachments/120874/content" width="1256" height="324">
### Environment information
_Please check and fill out the following details to help us identify in what versions and distributions of OpenProject the error occurs_
**OpenProject installation type**
* [x] Hosted cloud edition
* [ ] Packaged installation
* What distribution?
* [ ] Docker All-in-one container
* [ ] Docker-compose installation
* [ ] Other (please specify)
**OpenProject version**
_If you're not running on the cloud edition, please specify the version of OpenProject you're running. Example: v12.1.5_
**Browser**
* [x] Chrome
* [ ] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [x] Other (Edge)
**Language**
_German_
* [x] _Before you file a report, please ensure you are running the latest version of OpenProject and_
_have searched for similar bug reports._
### Steps to reproduce
_Please write down the steps to reproduce. Try to write down all necessary preconditions (what permissions do you have, are other users involved?). Example:_
1. Administrative creation of a new user
2. New user follows the registration link from the invitation e-mail
3. User assigns password for newly created account
4. User is asked to register a 2FA device according to the security policy
5. "Register 2-FA device" via WebAuthn
6. User assigns a name for the device
7. Clicking "continue" results in the following error
### What is the buggy behavior?
_Please describe the bug in as much detail as possible. Example:_
* JSON Error: _Error registering device: Unexpected end of JSON input_
### What is the expected behavior?
_Describe how the application should behave like. Example:_
1. User should be able to register a device via WebAuthn if the 2-FA security policy is activated
### Important note
_Please note that unless you are a contributor to OpenProject, you can no longer edit this bug report after saving. You can still add new comments, new images and upload attachments though, but updating description or modifying fields will not be possible after saving. Please make sure that all necessary information and attachments are added, and the following attributes are set:_
### **Logs**
_Are there errors in the browser console? (_[_Click here for information on how to open your browser's console_](https://webmasters.stackexchange.com/a/77337)_) For a local installation: Are there relevant logs output by_ `_openproject logs_` _(packaged installation) (_[_click here for details_](https://docs.openproject.org/installation-and-operations/operation/monitoring/#show-logs)_) or in a log/production.log or /var/log/openproject/ ? Please attach error output in these log files if applicable_
two-factor-authentication.controller.ts:89
https://XXXXXX.openproject.com/two\_factor\_authentication/device\_registration/webauthn\_challenge.json 500 (Internal Server Error)
**Sources:**
Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.
...
<img class="op-uc-image op-uc-image_inline" style="aspect-ratio:1256/324;height:3.375in;width:13.083in;" src="/api/v3/attachments/120874/content" width="1256" height="324">
_Please check and fill out the following details to help us identify in what versions and distributions of OpenProject the error occurs_
**OpenProject installation type**
* [x] Hosted cloud edition
* [ ] Packaged installation
* What distribution?
* [ ] Docker All-in-one container
* [ ] Docker-compose installation
* [ ] Other (please specify)
**OpenProject version**
_If you're not running on the cloud edition, please specify the version of OpenProject you're running. Example: v12.1.5_
**Browser**
* [x] Chrome
* [ ] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [x] Other (Edge)
**Language**
_German_