-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.4.3-p2 breaks OAuth integrations, does not upgrade secrets and tries to decrypt them #35313
Comments
Hi @evolbug. Thank you for your report.
Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
For more details, review the Magento Contributor Assistant documentation. Add a comment to assign the issue: To learn more about issue processing workflow, refer to the Code Contributions.
🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket. ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
Hi @engcom-November. Thank you for working on this issue.
|
Verified the issue by upgrading Magento version from 2.3.7 to 2.4.3-p2 but could not able to reproduce the issue.
|
I encountered this problem as well. It looks to be an issue for older magento sites when the module.xml's setup_version was still in use. The last setup_version for the integration module looks to be 2.2.0, you can check the row for Magento_Integration in the setup_module table. In the patch files for UpgradeConsumerSecret.php and UpgradeOauthToken.php, the method for getVersion() is set to 2.0.0. I believe this should be 2.2.1 or greater -- or removed altogether.
You would also need to remove the rows in the table patch_list: Then rerun setup:upgrade |
@engcom-November You need to reauthorize the integration, also check the integration details for incorrectly displaying secrets. The migration we did was from 2.4.3 to 2.4.3-p2, perhaps check that |
We can confirm this updating 2.4.3-p1 to 2.4.3-p2 |
Verified the issue again by upgrading from 2.4.3-p1 to 2.4.3-p2
|
Reauthorize can be performed here too but entering the integration damaged in the upgrade |
Hi @engcom-Hotel. Thank you for working on this issue.
|
Hi @engcom-Dash. Thank you for working on this issue.
|
Hi @evolbug 1.Verified the issue again by upgrading from 2.4.3-p1 to 2.4.3-p2 Let us know in case we have missed anything. Thanks |
Can reproduce due to the hints of @kenseiatwork, thanks for that! @engcom-Dash: please try the following:
|
Hello @hostep, Thanks for the support! Hello @evolbug, We have tried to reproduce the issue by following this #35313 (comment). But for us, the issue is still not reproducible. We are able to reauthorize the integrations but we have observed that after the upgrade Also please refer to the screencast of reauthorizing after the upgrade: Integrations-Extensions-System-Magento-Admin.movThanks |
@engcom-Hotel the garbled consumer secret is a reproduction of the issue, this is due to the secret not being encrypted in the migration, so after it, it ends up trying to decrypt the plaintext value from the db |
I'm not sure that you realise it can break whole service using API integration: this should be a P1 ticket By launching a 2.4.3-p2 or 2.4.4 Magento on production you could break every API service. Guys you should at least create a quality patch for this issue. |
Upgraded to 2.4.4 over the weekend. This bug has broken all my Royal Mail Click and Connect integrations.
|
I think the fix /might/ be to ensure that: When the magento version is upgraded to the new secure version (>=2.4.3-p2):
The new version of Magento would then be able decrypt the keys successfully (rather than appearing garbled as in the screenshots in the above thread). Needs verification from someone else though to verify this thinking. Does Magento has a mechanism for one-time data manipulation scripts to be run on minor version upgrades? Here is a screenshot showing the garbled secrets: |
Hi I just want to add this issue is happening on Adobe Commerce 2.4.5-p1 too. I have also raised a ticket with Magento Support to see if they have anything for this. Bit surprised how long this has been open. Deleting and re-creating the integrations is not ideal for some systems Thanks |
Still waiting for a quality patch since July @magento. It's just my opinion but security patch SHOULD never include a The reason is simple: you may break Magento on a security patch, which is a total non-sense by doing this you are also breaking customer's confidence on security release. At least, you may warn everyone in your release patch notes when a database patch is included in your security release. |
Hello @zepgram @willbrammer, The related JIRA status is Thanks |
Hello @engcom-Hotel I am facing same issue on 2.4.4-p1 , i deleted the patch entries and still not able to fix the issue. Also when i try to active new key its giving me below error Below is the trace
|
Hello, As I can see this issue got fixed in the scope of the internal Jira ticket AC-3752 by the internal team Based on the Jira ticket, the target version is 2.4.6. Thanks |
Create two scripts in /path/to/magento/root runOauth.php:
try{
}catch(\Exception $e){die('||'.$e->getMessage());} and runConsumer.php: ` try{ $consumerCollection->addFieldToSelect('entity_id'); for ($currentPage = 1; $currentPage <= $pages; $currentPage++) {
}catch(\Exception $e){die('||'.$e->getMessage());} Then run:
Your existing secrets should be fixed afterwards. |
How is this issue closed? I just upgraded to 2.4.5-p3 and am still seeing this issue. |
@cfortin: according to a few comments earlier, you'll need to upgrade to at least Magento 2.4.6 to get it fixed. And based on the commit mentioned, it could be that the upgrade is not enough to fix it and you might need to make sure the |
Thank you very much @hostep. |
Preconditions (*)
Steps to reproduce (*)
Expected result (*)
Actual result (*)
The attempt to post data to consumer failed due to an unexpected error. Please try again later.
[2022-04-14 15:01:08] main.CRITICAL: Notice: iconv_strlen(): Detected an illegal character in input string in /var/www//data/releases/20220414144351/vendor/magento/zendframework1/library/Zend/Validate/StringLength.php on line 250 {"exception":"[object] (Exception(code: 0): Notice: iconv_strlen(): Detected an illegal character in input string in /var/www//data/releases/20220414144351/vendor/magento/zendframework1/library/Zend/Validate/StringLength.php on line 250 at /var/www//data/releases/20220414144351/vendor/magento/framework/App/ErrorHandler.php:61)"} []
Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.
The text was updated successfully, but these errors were encountered: