(This has already been posted on GitHub, but remained unnoticed. That’s why I’m trying it here.)
We use OAuth via Keycloak to log in to our server. It worked well up to version 0.74. Then we upgraded to version 1.02 / 1.03 (and now 1.1.1) and the login fails, usually once. If you hit reload on the error page and try to login again, it’s usually successful.
The first login attempt does not generate any logs whatsoever. Do you guys know if it’s an issue with a cached token? I could not find anything in regard to this.
Additionally some of our users are logged out randomly, although the sessions should only be terminated after 72h (end session on window close is OFF). This happens especially if you’re logged in on a desktop client / browser and a mobile device simultaneously.
Some users report that they’re getting notifications about a new message, but the message is not shown in the chat history.
All these issues arose with the upgrade to v. 1.02 which we installed to fix the XSS vulnerability.
(Additionally the mobile Clients received another update at exactly the same time and now the app constantly complains that “you have to be logged in to do” … anything. Clearing the app cache fixes this for a few hours until the bug occurs again. The app is now more or less unusable).
I’ve read about most of these issues (except maybe the issue with OAuth) and I thought that they had already been fixed in '17 / '18.
Server Setup Information
- Version of Rocket.Chat Server: 1.1.1
- Operating System: Centos 7 x64
- Deployment Method: normal install on the system
- Number of Running Instances: 1
- DB Replicaset Oplog: ON (Had to be enabled after the upgrade for some reason, even if no replicaset is active. Could this cause an issue?)
- NodeJS Version: 8.11.3
- MongoDB Version: 3.6.13
- Proxy: nginx
- Firewalls involved: -
Any help is very much appreciated