wallabag: Cannot upgrade to 2.6.0 / Issue with scheb_two_factor

Environment

  • Version: 2.6.0
  • Installation: git
  • PHP version: 8.2
  • OS: Ubuntu 22.04 (host), Debian 11 (PHP-FPM container)
  • Database: mariadb 11

What steps will reproduce the bug?

Tried to update my instance using make update, but getting this specific error:

composer.phar not found, we'll see if composer is installed globally.
remote: Enumerating objects: 1984, done.
remote: Counting objects: 100% (1318/1318), done.
remote: Compressing objects: 100% (278/278), done.
remote: Total 1984 (delta 1054), reused 1270 (delta 1023), pack-reused 666
Receiving objects: 100% (1984/1984), 11.40 MiB | 17.34 MiB/s, done.
Resolving deltas: 100% (1263/1263), completed with 85 local objects.
From https://github.com/wallabag/wallabag
 * [new branch]          fix-6628   -> origin/fix-6628
   7ae8b4b09..d8ef4ae6a  master     -> origin/master
 * [new tag]             2.6.0      -> 2.6.0
Previous HEAD position was 055d304bc Merge pull request #6291 from wallabag/release/2.5.4
HEAD is now at d8ef4ae6a Merge pull request #6646 from weblate/weblate-wallabag-messages
Installing dependencies from lock file
Verifying lock file contents can be installed on current platform.
Package operations: 29 installs, 58 updates, 27 removals
As there is no 'unzip' nor '7z' command installed zip files are being unpacked using the PHP zip extension.
This may cause invalid reports of corrupted archives. Besides, any UNIX permissions (e.g. executable) defined in the archives will be lost.
Installing 'unzip' or '7z' (21.01+) may remediate them.
Cannot create cache directory /home/web/.composer/cache/files/, or directory is not writable. Proceeding without cache. See also cache-read-only config if your filesystem is read-only.
  - Downloading php-http/discovery (1.19.0)
  - Downloading twig/twig (v3.6.1)
  - Downloading symfony/polyfill-php81 (v1.27.0)
  - Downloading symfony/contracts (v1.1.13)
  - Downloading symfony/symfony (v4.4.50)
  - Downloading laminas/laminas-code (4.7.1)
  - Downloading friendsofphp/proxy-manager-lts (v1.0.16)
  - Downloading doctrine/deprecations (v1.1.1)
  - Downloading doctrine/persistence (3.2.0)
  - Downloading pagerfanta/core (v3.8.0)
  - Downloading babdev/pagerfanta-bundle (v3.8.0)
  - Downloading dasprid/enum (1.0.4)
  - Downloading bacon/bacon-qr-code (2.0.8)
  - Downloading react/promise (v2.10.0)
  - Downloading doctrine/sql-formatter (1.1.3)
  - Downloading doctrine/cache (2.2.0)
  - Downloading doctrine/dbal (3.6.3)
  - Downloading doctrine/lexer (2.1.0)
  - Downloading doctrine/doctrine-bundle (2.7.2)
  - Downloading craue/config-bundle (2.6.0)
  - Downloading paragonie/random_compat (v9.99.100)
  - Downloading defuse/php-encryption (v2.4.0)
  - Downloading doctrine/common (3.4.3)
  - Downloading doctrine/migrations (3.5.5)
  - Downloading doctrine/doctrine-migrations-bundle (3.2.4)
  - Downloading doctrine/inflector (2.0.6)
  - Downloading egulias/email-validator (3.2.6)
  - Downloading friendsofsymfony/oauth-server-bundle (dev-master dc8ff34)
  - Downloading friendsofsymfony/rest-bundle (3.5.0)
  - Downloading friendsofsymfony/user-bundle (v3.1.0)
  - Downloading guzzlehttp/promises (2.0.0)
  - Downloading psr/http-message (1.1)
  - Downloading php-http/message (1.16.0)
  - Downloading psr/http-client (1.0.2)
  - Downloading php-http/httplug (2.4.0)
  - Downloading psr/http-factory (1.0.2)
  - Downloading php-http/client-common (2.7.0)
  - Downloading masterminds/html5 (2.8.0)
  - Downloading php-http/message-factory (1.1.0)
  - Downloading j0k3r/graby-site-config (1.0.169)
  - Downloading guzzlehttp/psr7 (2.5.0)
  - Downloading j0k3r/graby (2.4.4)
  - Downloading phpstan/phpdoc-parser (1.22.0)
  - Downloading jms/metadata (2.8.0)
  - Downloading jms/serializer (3.25.0)
  - Downloading khanamiryan/qrcode-detector-decoder (1.0.6)
  - Downloading lcobucci/clock (2.0.0)
  - Downloading doctrine/orm (2.15.2)
  - Downloading lexik/form-filter-bundle (v7.0.3)
  - Downloading myclabs/php-enum (1.8.4)
  - Downloading zircote/swagger-php (4.7.10)
  - Downloading webmozart/assert (1.11.0)
  - Downloading phpdocumentor/reflection-common (2.2.0)
  - Downloading phpdocumentor/type-resolver (1.7.2)
  - Downloading phpdocumentor/reflection-docblock (5.3.0)
  - Downloading nelmio/api-doc-bundle (v4.11.1)
  - Downloading nelmio/cors-bundle (2.3.1)
  - Downloading pagerfanta/doctrine-orm-adapter (v3.8.0)
  - Downloading pagerfanta/twig (v3.8.0)
  - Downloading phpseclib/phpseclib (3.0.19)
  - Downloading php-amqplib/php-amqplib (v3.5.3)
  - Downloading php-amqplib/rabbitmq-bundle (2.11.0)
  - Downloading php-http/httplug-bundle (1.29.1)
  - Downloading predis/predis (v2.2.0)
  - Downloading scheb/2fa-bundle (v5.13.2)
  - Downloading scheb/2fa-backup-code (v5.13.2)
  - Downloading scheb/2fa-email (v5.13.2)
  - Downloading scheb/2fa-google-authenticator (v5.13.2)
  - Downloading endroid/qr-code (3.9.7)
  - Downloading scheb/2fa-qr-code (v5.13.2)
  - Downloading lcobucci/jwt (4.1.5)
  - Downloading scheb/2fa-trusted-device (v5.13.2)
  - Downloading sensio/framework-extra-bundle (v6.2.10)
  - Downloading symfony/psr-http-message-bridge (v2.1.4)
  - Downloading jean85/pretty-package-versions (2.0.5)
  - Downloading sentry/sentry (3.19.1)
  - Downloading sentry/sentry-symfony (4.9.2)
  - Downloading gedmo/doctrine-extensions (v3.11.1)
  - Downloading stof/doctrine-extensions-bundle (v1.7.1)
  - Downloading symfony/monolog-bundle (v3.8.0)
  - Downloading symfony/polyfill-intl-grapheme (v1.27.0)
  - Downloading twig/extra-bundle (v3.6.1)
  - Downloading symfony/string (v5.4.22)
  - Downloading twig/string-extra (v3.6.0)
  - Downloading willdurand/hateoas (3.9.0)
  - Downloading jms/serializer-bundle (5.3.1)
  - Removing webimpress/safe-writer (2.2.0)
  - Removing twig/extensions (v1.5.4)
  - Removing symfony/swiftmailer-bundle (v3.3.1)
  - Removing symfony/service-contracts (v2.5.2)
  - Removing symfony/polyfill-uuid (v1.27.0)
  - Removing symfony/polyfill-php70 (v1.20.0)
  - Removing symfony/polyfill-php56 (v1.20.0)
  - Removing symfony/polyfill-iconv (v1.27.0)
  - Removing symfony/polyfill-apcu (v1.27.0)
  - Removing symfony/mime (v5.4.13)
  - Removing symfony/http-client-contracts (v2.5.2)
  - Removing symfony/http-client (v5.4.20)
  - Removing swiftmailer/swiftmailer (v6.3.0)
  - Removing sensiolabs/security-checker (v6.0.3)
  - Removing sensio/distribution-bundle (v5.0.25)
  - Removing scheb/two-factor-bundle (v4.18.4)
  - Removing pagerfanta/pagerfanta (v2.7.3)
  - Removing ocramius/proxy-manager (2.10.2)
  - Removing michelf/php-markdown (1.9.1)
  - Removing liip/theme-bundle (1.7.0)
  - Removing laminas/laminas-zendframework-bridge (1.6.1)
  - Removing laminas/laminas-eventmanager (3.5.0)
  - Removing jdorn/sql-formatter (v1.2.17)
  - Removing fig/link-util (1.1.2)
  - Removing doctrine/reflection (1.2.3)
  - Removing doctrine/doctrine-cache-bundle (1.4.0)
  - Removing composer/package-versions-deprecated (1.11.99.5)
  - Removing php-http/discovery (1.14.3)
  - Installing php-http/discovery (1.19.0): Extracting archive
  - Upgrading twig/twig (v2.15.4 => v3.6.1): Extracting archive
  - Installing symfony/polyfill-php81 (v1.27.0): Extracting archive
  - Installing symfony/contracts (v1.1.13): Extracting archive
  - Upgrading symfony/symfony (v3.4.49 => v4.4.50): Extracting archive
  - Upgrading laminas/laminas-code (3.5.1 => 4.7.1): Extracting archive
  - Installing friendsofphp/proxy-manager-lts (v1.0.16): Extracting archive
  - Upgrading doctrine/deprecations (v1.0.0 => v1.1.1): Extracting archive
  - Upgrading doctrine/persistence (1.3.8 => 3.2.0): Extracting archive
  - Installing pagerfanta/core (v3.8.0): Extracting archive
  - Upgrading babdev/pagerfanta-bundle (v2.11.0 => v3.8.0): Extracting archive
  - Installing dasprid/enum (1.0.4): Extracting archive
  - Installing bacon/bacon-qr-code (2.0.8): Extracting archive
  - Upgrading react/promise (v2.9.0 => v2.10.0): Extracting archive
  - Installing doctrine/sql-formatter (1.1.3): Extracting archive
  - Upgrading doctrine/cache (1.13.0 => 2.2.0): Extracting archive
  - Upgrading doctrine/dbal (2.13.9 => 3.6.3): Extracting archive
  - Upgrading doctrine/lexer (1.2.3 => 2.1.0): Extracting archive
  - Upgrading doctrine/doctrine-bundle (1.12.13 => 2.7.2): Extracting archive
  - Upgrading craue/config-bundle (2.5.0 => 2.6.0): Extracting archive
  - Upgrading paragonie/random_compat (v2.0.21 => v9.99.100): Extracting archive
  - Upgrading defuse/php-encryption (v2.3.1 => v2.4.0): Extracting archive
  - Upgrading doctrine/common (2.13.3 => 3.4.3): Extracting archive
  - Upgrading doctrine/migrations (v1.8.1 => 3.5.5): Extracting archive
  - Upgrading doctrine/doctrine-migrations-bundle (v1.3.2 => 3.2.4): Extracting archive
  - Upgrading doctrine/inflector (1.4.4 => 2.0.6): Extracting archive
  - Upgrading egulias/email-validator (3.2.5 => 3.2.6): Extracting archive
  - Upgrading friendsofsymfony/oauth-server-bundle (1.6.2 => dev-master dc8ff34): Extracting archive
  - Upgrading friendsofsymfony/rest-bundle (2.8.6 => 3.5.0): Extracting archive
  - Upgrading friendsofsymfony/user-bundle (v2.0.2 => v3.1.0): Extracting archive
  - Upgrading guzzlehttp/promises (1.5.2 => 2.0.0): Extracting archive
  - Upgrading psr/http-message (1.0.1 => 1.1): Extracting archive
  - Upgrading php-http/message (1.13.0 => 1.16.0): Extracting archive
  - Upgrading psr/http-client (1.0.1 => 1.0.2): Extracting archive
  - Upgrading php-http/httplug (2.3.0 => 2.4.0): Extracting archive
  - Upgrading psr/http-factory (1.0.1 => 1.0.2): Extracting archive
  - Upgrading php-http/client-common (2.4.0 => 2.7.0): Extracting archive
  - Upgrading masterminds/html5 (2.7.6 => 2.8.0): Extracting archive
  - Upgrading php-http/message-factory (v1.0.2 => 1.1.0): Extracting archive
  - Upgrading j0k3r/graby-site-config (1.0.163 => 1.0.169): Extracting archive
  - Upgrading guzzlehttp/psr7 (1.9.0 => 2.5.0): Extracting archive
  - Upgrading j0k3r/graby (2.4.2 => 2.4.4): Extracting archive
  - Upgrading phpstan/phpdoc-parser (1.16.1 => 1.22.0): Extracting archive
  - Upgrading jms/metadata (2.7.0 => 2.8.0): Extracting archive
  - Upgrading jms/serializer (3.22.0 => 3.25.0): Extracting archive
  - Installing khanamiryan/qrcode-detector-decoder (1.0.6): Extracting archive
  - Installing lcobucci/clock (2.0.0): Extracting archive
  - Upgrading doctrine/orm (2.7.5 => 2.15.2): Extracting archive
  - Upgrading lexik/form-filter-bundle (v5.0.10 => v7.0.3): Extracting archive
  - Installing myclabs/php-enum (1.8.4): Extracting archive
  - Installing zircote/swagger-php (4.7.10): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.7.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Removing nelmio/api-doc-bundle (2.13.5)
  - Upgrading nelmio/cors-bundle (1.5.6 => 2.3.1): Extracting archive
  - Installing pagerfanta/doctrine-orm-adapter (v3.8.0): Extracting archive
  - Installing pagerfanta/twig (v3.8.0): Extracting archive
  - Upgrading phpseclib/phpseclib (3.0.18 => 3.0.19): Extracting archive
  - Upgrading php-amqplib/php-amqplib (v2.12.3 => v3.5.3): Extracting archive
  - Upgrading php-amqplib/rabbitmq-bundle (v1.15.1 => 2.11.0): Extracting archive
  - Upgrading php-http/httplug-bundle (1.24.0 => 1.29.1): Extracting archive
  - Upgrading predis/predis (v1.1.10 => v2.2.0): Extracting archive
  - Installing scheb/2fa-bundle (v5.13.2): Extracting archive
  - Installing scheb/2fa-backup-code (v5.13.2): Extracting archive
  - Installing scheb/2fa-email (v5.13.2): Extracting archive
  - Installing scheb/2fa-google-authenticator (v5.13.2): Extracting archive
  - Installing endroid/qr-code (3.9.7): Extracting archive
  - Installing scheb/2fa-qr-code (v5.13.2): Extracting archive
  - Upgrading lcobucci/jwt (3.4.6 => 4.1.5): Extracting archive
  - Installing scheb/2fa-trusted-device (v5.13.2): Extracting archive
  - Upgrading sensio/framework-extra-bundle (v5.4.1 => v6.2.10): Extracting archive
  - Installing symfony/psr-http-message-bridge (v2.1.4): Extracting archive
  - Upgrading jean85/pretty-package-versions (1.6.0 => 2.0.5): Extracting archive
  - Upgrading sentry/sentry (2.5.2 => 3.19.1): Extracting archive
  - Upgrading sentry/sdk (2.2.0 => 3.5.0)
  - Upgrading sentry/sentry-symfony (3.5.3 => 4.9.2): Extracting archive
  - Upgrading gedmo/doctrine-extensions (v2.4.42 => v3.11.1): Extracting archive
  - Upgrading stof/doctrine-extensions-bundle (v1.3.0 => v1.7.1): Extracting archive
  - Upgrading symfony/monolog-bundle (v3.6.0 => v3.8.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.27.0): Extracting archive
  - Installing twig/extra-bundle (v3.6.1): Extracting archive
  - Installing symfony/string (v5.4.22): Extracting archive
  - Installing twig/string-extra (v3.6.0): Extracting archive
  - Upgrading willdurand/hateoas (3.8.0 => 3.9.0): Extracting archive
  - Upgrading jms/serializer-bundle (3.10.0 => 5.3.1): Extracting archive
 44/81 [===============>------------]  54%  - Installing nelmio/api-doc-bundle (v4.11.1): Extracting archive
Package guzzlehttp/ringphp is abandoned, you should avoid using it. No replacement was suggested.
Package guzzlehttp/streams is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/compiler is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/consistency is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/event is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/exception is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/file is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/iterator is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/math is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/protocol is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/regex is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/ruler is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/stream is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/ustring is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/visitor is abandoned, you should avoid using it. No replacement was suggested.
Package hoa/zformat is abandoned, you should avoid using it. No replacement was suggested.
Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead.
Package sensio/framework-extra-bundle is abandoned, you should avoid using it. Use Symfony instead.
Package true/punycode is abandoned, you should avoid using it. No replacement was suggested.
Package php-cs-fixer/diff is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
Class SimpleHtmlDom\simple_html_dom_node located in ./vendor/mgargano/simplehtmldom/src/simple_html_dom.php does not comply with psr-0 autoloading standard. Skipping.
Class SimpleHtmlDom\simple_html_dom located in ./vendor/mgargano/simplehtmldom/src/simple_html_dom.php does not comply with psr-0 autoloading standard. Skipping.
54 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> Incenteev\ParameterHandler\ScriptHandler::buildParameters
Updating the "app/config/parameters.yml" file
Some parameters are missing. Please provide them.
mailer_dsn ('smtp://127.0.0.1'): smtp://127.0.0.1
> bin/console cache:clear --no-warmup

In ContainerBuilder.php line 1030:

  You have requested a non-existent service "scheb_two_factor.security.google_authenticator".


Script bin/console cache:clear --no-warmup handling the post-cmd event returned with error code 1
Script @post-cmd was called via post-install-cmd
make: *** [GNUmakefile:24: update] Error 1

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 33 (11 by maintainers)

Commits related to this issue

Most upvoted comments

See above: https://github.com/wallabag/wallabag/issues/6649#issuecomment-1605653946

My personal remediation notes:

Log onto docker machine (terminal, ssh, etc.).

docker exec -it wallabag sh

where “wallabag” in above command is container name

then

cd /var/www/wallabag/
php bin/console doctrine:migrations:migrate --no-interaction --env=prod
+15
TheBenMeadows on Jul 1, 2023

@needthisforctf for that problem, see https://github.com/wallabag/docker#upgrading

+10
j0k3r on Jun 22, 2023

I just fixed it. The last step before the error appeared was that the app/config/parameters.yml was updated.

So I did take a look into this file and the parameter twofactor_auth: false was set.

Which made sense to me, as - as I stated above - I never enabled 2FA for my wallabag installation.

I thought, that right now my instance is broken anyway, so “what could go wrong?” and changed it to : true, as the update-error at least has something to do with 2FA… So now I had the line twofactor_auth: true in the file.

Guess what?! make update did instantly work!

I’m now up and running wallabag 2.6.1, everyhting (first look, at least) seems to work.

And I could log in, I was not “forced” to use 2FA, just because this was enabled in the parameters.yml file.

So maybe for people like me, who (back in 2018 I guess 😉 ) “disabled” 2FA, are now running into this problem, if the parameters.yml still has twofactor_auth: false set…

edit: can confirm that for me everything works fine. Added content, used the web interface, used / synced the iOS app, no problems.

+10
Golem82 on Jun 21, 2023

I can confirm the fix.

+4
dertuxmalwieder on Jun 21, 2023

I can confirm that cherry-picking https://github.com/wallabag/wallabag/commit/679dc32885ab8458ff1425aee527a5d045e01d07 works for me though.

After manually upgrading to 2.6.0 w/ https://github.com/wallabag/wallabag/commit/679dc32885ab8458ff1425aee527a5d045e01d07, although I didn’t face the complaint about zip unzip etc. (which means I can successfully install the new version with the patch), I found that:

An exception occurred while executing a query: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘t20.display_thumbnails’ in ‘field list’

Moreover, I can’t login to my instance due to:

Authentication request could not be processed due to a system problem.

+3
emdoe on Jun 20, 2023

Setting twofactor_auth to true does indeed fix my problem. Many thanks @Golem82.

This works for me, running Wallabag in Docker. Also don’t be forced to 2FA using one user and sqlite.

@needthisforctf for that problem, see https://github.com/wallabag/docker#upgrading

Would be great to have a db schema check in the script and doing a migration before starting up Wallabag. An eyeblink slower startup doesn’t hurt.

+2
helmut72 on Jun 22, 2023

My €0,02, if twofactor_auth now has to be true it should be removed from the config file. Or not acting on the configured value.

+2
ovv on Jun 21, 2023

For Docker folks, this change to the command line in docker-compose.yaml should work:

services:
 wallabag:
  command: sh -c "/entrypoint.sh migrate && /entrypoint.sh wallabag"
  container_name: wallabag
  ...
+1
jcgoette on Jul 5, 2023

Using Docker version. Flipped SYMFONY__ENV__TWOFACTOR_AUTH to true. Now Wallabag starts, but I can’t auth (Authentication request could not be processed due to a system problem)

+1
needthisforctf on Jun 22, 2023

We’ll see how we can fix it automatically without editing manually the file.

As I see, the makefile just calls the scripts/update.sh when run using the “update” parameter…

So, shouldn’t it be enough to put a simple sed command let’s say right after the line git checkout $TAG --force which unconditionally replaces twofactor_auth: false with twofactor_auth: true? I don’t “speak” sed syntax and regex fluidly, and I’m at work right now, so no time to check the correct syntax, but if I remember correctly it should be something like sed -i 's/twofactor_auth:.*false/twofactor_auth:\ true/g' ../app/config/parameters.yml (the path should be double checked, as I don’t know out of my head what is the working directory of the update.sh when being called from the makefile, so it might be wrong starting with …/app …)

+1
Golem82 on Jun 21, 2023
Read more comments on GitHub
← wallabag: Cannot install wallbag on debian VPS
wallabag: Can't import over the web interface with PHP 8.1 →