12.7.12 Upgrade issues with authentication

Howdy all, 

It looks like something changed in 12.7.12 from .11 in how credentials are salted/hashed in the database.  First indication of this is that is would not use the existing .whd.properties file and presented the initial configuration dialog in the browser rather than directing to upgrade the DB as usual.  

I put the same info back into the setup using the existing MSSQL DB and it recreated the .whd.properties file with the only difference being the password was hashed differently. 

Upgrade proceeded as typical, but upon testing, anything that had a stored credential for:

  • AD connectors
  • Incoming Email
  • Outgoing Email 

Failed to authenticate.  The creds had to be reapplied to restore.

Additionally came across an AES error in the log that I tracked down to an AES string that had a decryption error and turned out it was a password in an email config that was set to anonymous, but had that string for a password.  Set that to null and errors stopped.

Still lots of issues with HTML special characters.  Cases open on that, but the encryption issues were unexpected.

  • This is interesting as the Release Notes only highlight this when using "external" PostgreSQL Database types

     If this applies to any external database types then this will be MS-SQL & MySQL as well.

    Will be interested what feedback you get as we have only tested against a test internal PostgreSQL system so far.

  • Well it looks like this applies to anything external given the impact to other stored accounts.  I did see that in the notes, but skimmed it since it was PostgreSQL, but that 100% makes sense for the .whd.properties file update.

  • Obviously crucial if so, do you have a case open for that point already?

    I am going to spin up a MS-SQL test anyhow to try and reproduce.

  • no case on this as I was able to resolve. Made the post here to assist if others ran into the problem. If I opened a case for every upgrade issue in WHD that is all I would be doing....

    I still have a case open for HTML special characters though.  At least in 12.7.11, special characters (&'<, etc) were being input as the character, but when saved were displayed as their html encoded value.  That was fixed in .12, but they flipped the problem.  Now it displays correctly when saved, but if you edit one of those fields they show as they their encoded characters.  This isn't the end of the world, but thing like non-html emails won't render the characters and sends the encoding instead. 

    Additionally, anything in a between '<' '>' that don't have a space between the character and the rest of the text are basically purged when the field is saved.  That's fun.

  • Hi James, Do you have an example string I can test?

    I assume you mean text on Ticket Notes here?

  • Request Detail, subject, ticket notes, client fields, locations, etc.  Try:

    <test>    <-- that will be deleted

    < test >   <-- that will remain, but if viewed/edited after Input you will get:  &lt; test &gt; 

    <test     <-- anything after and including this string will be deleted.

  • Thank you for your post - I just tried to upgrade from 12.7.10 to 12.7.12 tonight and had problems with my Mysql database. I'm used to it just 'finding' the database after an upgrade (if I've copied the mysql connector jar file in the correct place), but no luck with my upgrade tonight. My server is running on a VM so a restored my entire server back to the way it was before my install attempt (12.7.10) and I'll attempt 12.7.12 again another night. Glad to know that I'll need to re-enter the credentials for AD/email stuff, thanks!

  • 12.7.12 upgrade worked tonight once I re-entered all the correct information to the remote mysql db, by retyping the data already in the .whd.properties file (and typing the password), it reconnected this time. Thanks for the reminder to re-enter the password/auth info for AD connections and OAuth secret. Thanks!