Shared Keys are not generated for new Users and after Password reset

[SAENachtmann]

Steps to reproduce

1. Login as Admin user
2. Manually create a completely new user, assigning roles which grant access to existing folders
3. Wait for the task to finish and login as the new user
4. Try to open an existing item, which was created before the user

Steps to reproduce scenario 2

1. Login as Admin user
2. Manually reset the password of an existing user
3. Wait for the task to finish and login as the existing user
4. Try to open an existing item from a shared folder

Expected behaviour

The new user should be able to access passwords of items, which have been created before the user.
Scenario 2: The existing user should be able to access passwords of items he was able to access before the password reset.

Actual behaviour

• New users and existing users after password reset are not able to access any password of items, which have been created before the user or the user had access to before password reset.
  All items display this green no access icon. When trying to display the password an error message pops up saying "Element does not have a password".
  
• After creating the user or resetting a password of an existing user, the database table teampass_sharekeys_items is empty for the user id.
  After trying to generate new keys using the UI the database table teampass_sharekeys_items is also empty for the user id. The task is getting started properly though.
  
• When creating new items the user is able to access the new items, there also is an entry in teampass_sharekeys_items for the user id.
• At the moment it is not possible to use Teampass with this version, because newly created users or users with password reset are not able to access pre existing items.

I create a new ticket to indicate the importance of this error. Identical issues found but not solved yet:

• Existing passwords blank for new users #4459
• Item has no password #4458

Server configuration

Operating system: Debian GNU/Linux 11 (bullseye)
Web server: Apache/2.4.62 (Debian)
Database: 10.5.26-MariaDB-0+deb11u2
PHP version: 8.2.26
Teampass version: 3.1.3.8
LDAP authentication is enabled.

Teampass configuration file:

<?php
// DATABASE connexion parameters
define("DB_HOST", "127.0.0.1");
define("DB_USER", "teampass");
define("DB_PASSWD", "");
define("DB_NAME", "teampass");
define("DB_PREFIX", "teampass_");
define("DB_PORT", "3306");
define("DB_ENCODING", "utf8mb4");
define("DB_SSL", false); // if DB over SSL then comment this line
// if DB over SSL then uncomment the following lines
// define("DB_SSL", array(
//     "key" => "",
//     "cert" => "",
//     "ca_cert" => "",
//     "ca_path" => "",
//     "cipher" => ""
// ));
define("DB_CONNECT_OPTIONS", array(
    MYSQLI_OPT_CONNECT_TIMEOUT => 10
));
define("SECUREPATH", "/var/teampass");
define("SECUREFILE", "teampass-seckey.txt");
define("IKEY", "");
define("SKEY", "");
define("HOST", "");

if (isset($_SESSION['settings']['timezone']) === true) {
    date_default_timezone_set($_SESSION['settings']['timezone']);
}

Updated from an older Teampass or fresh install:
Updated, instance has been active since 2.xx version. No "tp.config.php" file available.
The last installed version was 3.0.0.21, the issue did not occur with this version.

Client configuration

Browser: Any browser, tested on Chrome and Edge

Operating system: Windows 11

Logs

Web server error log

No errors logged in apache error log

Log from the web-browser developer console (CTRL + SHIFT + i)

No errors in developer console

[SAENachtmann]

Migrated to another password vault, no further support required.

[aroussel62]

Hello
we are experiencing the exact same issue, can this be re-opened?
This issue also occurs with : teampass 3.1.3.9
I'm available if logs are needed to investiguate further

[SAENachtmann]

Hello we are experiencing the exact same issue, can this be re-opened? This issue also occurs with : teampass 3.1.3.9 I'm available if logs are needed to investiguate further

@aroussel62
Have a look at the referenced issues in the description.

• Existing passwords blank for new users #4459
• Item has no password #4458

[nilsteampassnet]

@aroussel62
I had added in a previous release a small tool you can access from : http://<your instance to Teampass>/index.php?page=tools
You must be admin user;
For any reason I don't know why it is not visible in the menu (I will check).
It could be usefull in such context, I already used it successfully.
Be carrefull, do a backup of the DB before running it.
I would be interested in the feedback.

Edit: this will not solve the issue here.
Please take look to next message

[nilsteampassnet]

@aroussel62
I've tried to reproduce on test environment and this works correctly.
There must be some kind of errors in the log, have you checked?
Can you check if in the "Done tasks", you have 3 entries for the user on which you have changed the password?

You can also check how many keys you have for this user directly in DB:

SELECT COUNT(s.object_id) 
FROM `teampass_sharekeys_items` as s 
inner join teampass_users as u
WHERE u.login = "<YOUR_USER_LOGIN";

[futureweb]

@nilsteampassnet - we got excactly the same problem - I just changed the Password of one of our Users - now no Password is accessible anymore for this Login. (version 3.1.3.9)
"Done Log" is only showing 1 Item for this Action:

Your Query would return lot's ob Objects:

Apache Logs not showing any Errors. Are there any other Logs we should check?

Also after I reset the Password not from Admin - but from User Login itself - it's the same - Passwords are not accessible :-(

I hope we can narrow down this Problem is multiple Accounts can't access any Password anymore ... which is a major problem! :-(

thx
Andreas

[nilsteampassnet]

@futureweb
Well what you provide here is not what I would have expected.
Things seem to be normal.
You confirm that the user you changed is a local Teampass user?
Can you do this please:

• Change the user password from admin
• As quick as possible, run from your terminal the script (instead of being launched by cron): php scripts/background_tasks___userKeysCreation.php
  See if some errors occur

[futureweb]

@nilsteampassnet - Confirming that we only have local Teampass users.

I followed the suggested steps, no error occurs when executing the script, the password reset email is not being sent, and no passwords are available. Tested this twice.

Let me please know if you need any additional details for troubleshooting.

html# php -d display_errors=1 -d error_reporting=E_ALL scripts/background_tasks___userKeysCreation.php
html# 

[futureweb]

@nilsteampassnet Do you have any other ideas on how to identify the issue? It's becoming critical since we already have several accounts that can't access any passwords, causing significant problems.
Thanks in advance!