Altra control vm deployed locally but unable to Sign-Up - Alta API Back-End Crash

Hello,

I was able to deploy the control vm 1.0d locally as per https://help.alta.inc/hc/en-us/articles/25411696788507-Setting-Up-Alta-Control-With-Docker.

  • LCT container deployed with static IP
  • DNS entries for the .ddns.manage.alta.inc addresses added
  • Registration step done with the activation code

But now I cannot login:

  • I tried to use my cloud account but it’s failing (bad username/password even if they are 100% correct).
  • I tried to sign-up for a new account, it’s telling me " Check your email \ Your account is being created. Please check your email to confirm your account. If you don’t receive an email within the next few minutes, please check your spam folder." but when I click on the account activation link, I get “Failed to verify account. Token has expired, or has been used, or is invalid.”

What is interesting is I’m also getting this error message via email:
Subject: Alta API Back-End Crash
Content: POST /fe/oops
SyntaxError: Unexpected token u in JSON at position 0
at JSON.parse ()
at /usr/share/access/be/access.js:2:1959910
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async /usr/share/access/be/access.js:2:1947417
at async y.pgPool (/usr/share/access/be/access.js:2:2017501)
at async t.handler (/usr/share/access/be/access.js:2:1947399)

This is a blackbox so what’s going on ?

Thanks for your time and help

So after upgrade to the last version (thank you Matt Baer from Altra support), I was not getting the crash report email anymore but it was still not working. The activation link received by email was still leading to error message “Failed to verify account. Token has expired, or has been used, or is invalid.”

I did figure out what the bug is: the controller does not support the tag “+” character in the email address and hence does not respect IETF RFC 5322 standard. If I use an email address without the + tag, it works :expressionless_face:

1 Like

Not sanitizing inputs properly?

It’s not an issue with sanitizing inputs, as all data is sent via JSON. This only applies to the local controller, and not the cloud controller. Looks like an issue with activation link generation, where the plus needs to be encoded properly when generating the link. We’ll get this queued up for fixing.