Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 2024.10.2 breaks Captcha stage #12042

Closed
AstroGD opened this issue Nov 15, 2024 · 8 comments · Fixed by #12048
Closed

Version 2024.10.2 breaks Captcha stage #12042

AstroGD opened this issue Nov 15, 2024 · 8 comments · Fixed by #12048
Labels
bug Something isn't working

Comments

@AstroGD
Copy link

AstroGD commented Nov 15, 2024
edited
Loading

Describe the bug
When updating to 2024.10.2, if you have a captcha stage, the login flow loads indefinitely and throws an error to console:

Uncaught (in promise) DOMException: Node.appendChild: Cannot have more than one Element child of a Document
    updated CaptchaStage.ts:176
    _$AE reactive-element.ts:1490
    performUpdate reactive-element.ts:1455
    scheduleUpdate reactive-element.ts:1338
    _$ET reactive-element.ts:1310
    requestUpdate reactive-element.ts:1268
    _$Ev reactive-element.ts:1017
    f reactive-element.ts:1000
    C lit-element.ts:122
    g Base.ts:63
    f base.ts:52
    me CaptchaStage.ts:69
    u lit-html.ts:1212
    $ lit-html.ts:1633
    _$AI lit-html.ts:1469
    setValue async-directive.ts:366
    update until.ts:90
    promise callback*update until.ts:72
    _$AS directive.ts:135
    S lit-html.ts:1168
    _$AI lit-html.ts:1446
    p lit-html.ts:1276
    $ lit-html.ts:1630
    _$AI lit-html.ts:1469
    Ct lit-html.ts:2269
    update lit-element.ts:163
    performUpdate reactive-element.ts:1441
    scheduleUpdate reactive-element.ts:1338
    _$ET reactive-element.ts:1310
    requestUpdate reactive-element.ts:1268
    set challenge FlowExecutor.ts:67
    set reactive-element.ts:756
    firstUpdated FlowExecutor.ts:251
    _$AE reactive-element.ts:1488
    performUpdate reactive-element.ts:1455
    scheduleUpdate reactive-element.ts:1338
    _$ET reactive-element.ts:1310
    requestUpdate reactive-element.ts:1268
    _$Ev reactive-element.ts:1017
    f reactive-element.ts:1000
    C lit-element.ts:122
    g Base.ts:63
    kn Interface.ts:45
    xn FlowExecutor.ts:167
    Ho custom-element.ts:60
    s chunk-SYELWAOX.js:1
    <anonymous> FlowExecutor.ts:53
CaptchaStage.ts:118:62

To Reproduce
Steps to reproduce the behavior:

  1. Have a flow with captcha stage as first step
  2. Update to version 2024.10.2
  3. Try to log in by visiting the flow
  4. Infinite loading circle and error to console appear

Expected behavior
Captcha stage is loaded correctly and the login form is shown

Screenshots

  • My Flow: Example flow
  • The infinite loading circle: Loading state

Logs
Here are the frontend console outputs:
console_output
Backend logs are provided below in the comment

Version and Deployment (please complete the following information):

  • authentik version: 2024.10.2 (It works as intended in 2024.10.1)
  • Deployment: docker compose
@AstroGD AstroGD added the bug Something isn't working label Nov 15, 2024
@AstroGD
Copy link
Author

AstroGD commented Nov 15, 2024
edited
Loading

These are the backend logs fired when accessing the login page:

{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "535459689b034ac49ba45de5380c9068", "runtime": 18, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-15T13:27:49.740781", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/flows/-/default/authentication/?next=/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "9090aee5c9404e93a21bcbf1015ba007", "runtime": 25, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-15T13:27:49.831025", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/if/flow/login/?next=%2F", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "99f0c7c825424cce9f2a3c7b140ff42c", "runtime": 44, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:49.940793", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/api/v3/root/config/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "9da332d6cd2743799b5cd0c8155b1073", "runtime": 28, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:50.398084", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/api/v3/core/brands/current/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 102, "remote": "redacted-0.0.0.0", "request_id": "1f222ed9b4d94ce2a95112019fce071b", "runtime": 68, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:50.463866", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/api/v3/root/config/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 102, "remote": "redacted-0.0.0.0", "request_id": "f5ddcc47831c4b078b1f51ee109d0d70", "runtime": 30, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:50.489553", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/api/v3/core/brands/current/", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "880251281d0c47e19cfb02c6ae40905b", "runtime": 60, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:50.494008", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "authentik.tld", "event": "/api/v3/flows/executor/login/?query=next%3D%252F", "host": "authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 103, "remote": "redacted-0.0.0.0", "request_id": "9aa7a20e5b684f1d8f73b81558081003", "runtime": 47, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-15T13:27:50.516408", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 102, "remote": "redacted-0.0.0.0, redacted-0.0.0.0", "schema_name": "public", "scheme": "ws", "timestamp": "2024-11-15T13:27:51.357426", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}

@BeryJu
Copy link
Member

BeryJu commented Nov 15, 2024

Which captcha provider are you using?

@aefly
Copy link

aefly commented Nov 15, 2024
edited
Loading

Same here after upgrading from 2024.10.1, I tried both reCaptcha and Cloudflare Turnstile

@BeryJu
Copy link
Member

BeryJu commented Nov 15, 2024
edited
Loading

When either captcha is configured as previously it should continue to work just fine, for reCaptcha v2 / Turnstile managed the new "Interactive" flag needs to be enabled

We'll test this with an upgraded instance with a captcha configured known working on 2024.10.1 as that should continue to work as is

@aefly
Copy link

aefly commented Nov 15, 2024

I attempted a complete reinstallation of Authentik using the latest Docker image. I reconfigured my Turnstile Captcha, which is currently set to invisible mode (so interactive mode isn't required). However, I’m still encountering the same issue: an infinite loading circle, along with the same error appearing in the browser console.

@gergosimonyi gergosimonyi mentioned this issue Nov 15, 2024
Merged
@BeryJu
Copy link
Member

BeryJu commented Nov 15, 2024

The PR above will fix this issue. However as we've announced the security release 2024.10.3 for next week we can't create a bugfix release for this, however this will be available on the container image ghcr.io/goauthentik/dev-server:gh-version-2024.10 once the PR (and the cherry-pick) are merged

@BeryJu BeryJu pinned this issue Nov 15, 2024
@carsten-re
Copy link

"Glad" to see that I'm not the only one :-)
The login is working for me, when using WebAuthn as a login method. Hope, that it will be fixed in 2024.10.3

@yurividal
Copy link

yurividal commented Nov 16, 2024
edited
Loading

Decided to update my reverse proxy today. After i was finished, i noticed my authelia was not working.
Spent 4 hours trying to troubleshoot thinking the problem was on the proxy. turns out it was Authentik's 2024.10.2 broken captcha.
Terrible timing...
Downgraded to 2024.10.1, works fine now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

web/flows: fix invisible captcha call goauthentik/authentik
5 participants
@BeryJu @yurividal @AstroGD @carsten-re @aefly