Password never accepted

[githubuser422]

Have grabbed the latest send & redis dockers and have send running fine. I can upload and download files via the links BUT if I try to add a password to the upload, when someone downloads the link they get the "Incorrect password. Try again" message, even though the password is correct.

I have had a google and looked through the issues here but see nothing that looks the same as this problem.

Any suggestions appreciated.

I am running the latest send & redis dockers on the latest Ubuntu if that helps any.

Thanks

[lukewegryn]

I'm having the same issue. I'm also running Ubuntu 18. I haven't found a solution yet.

[dannycoates]

This may help #830

[githubuser422]

This may help #830

@dannycoates - thanks for the reply but (and this is me showing my true newb colors here), how do I use that when using the docker setup?

I run the send docker (redis docker already running) with:

docker run --net=host -d -e 'NODE_ENV=production'
-e 'ANON_MAX_FILE_SIZE=2147483648'
-e 'ANON_MAX_EXPIRE_SECONDS=604800'
-e 'ANON_MAX_DOWNLOADS=100'
-e 'REDIS_HOST=172.17.0.2'
mozilla/send:latest

as suggested on https://github.com/mozilla/send/blob/master/docs/docker.md

It all works apart from the password part.

Thanks

[dannycoates]

The docker image runs an HTTP server (not HTTPS) but setting NODE_ENV=production forces generated links to be https. In order to use the docker image with those settings you need some kind of frontend HTTPS server like nginx or apache to proxy. This section might help https://github.com/mozilla/send/blob/master/docs/deployment.md#reverse-proxy

For local use you could use plain HTTP with NODE_ENV=development and not need the reverse proxy.

You may also need to set BASE_URL to whatever your public url is.

[githubuser422]

Sorry, forgot to say its sat behind nginx and I can upload fine - however, the "link expired" has come back!
Think its time to give up and try something else - thanks for the help though!

[timrourke]

Are you creating a password in excess of 32 characters? It's possible there's insufficient client-side validation in the file upload details UI. I ran into this problem, and on a hunch, discovered that there is a maxlength=32 attribute on the password input field. We were able to get a password that seemed broken to work by truncating it to just the first 32 chars.

Lesson: do not assume that HTML5 form controls will solve your client validation problems automagically, even if you are using Firefox.

[timrourke]

For reference, this is the code that gave me this idea: https://github.com/mozilla/send/blob/master/app/ui/downloadPassword.js#L35

I'll file a related issue about this presently. Just thought I'd share here in case you are stuck with the same problem.

[csawyerYumaed]

I was having the same issue, setting a password = 'test', so well under the 32 char limit. I think I finally figured out what was going on.

tldr; you must set NODE_ENV='production'

We use Hasicorp's Nomad to run our docker images, so this was the snippet when it was broken, showing the docker image and the ENV variables set.

                        config {
                                image = "mozilla/send:v3.0.21"
                                }
                        env {
                                REDIS_HOST="redis.service.consul"
                                PORT=1443
                                }

And after it started working:

            config {
                image = "mozilla/send:v3.0.21"
                }
            env {
                REDIS_HOST="redis.service.consul"
                PORT=1443
                NODE_ENV="production"
                }

Everything else worked except the password, for whatever reason. But now with the ENV change, passwords work now too!

This is with NGINX in front, being the TLS proxy.