Can't login with 2.37.3, works fine with 2.36.4 (sodiumDecrypt(): invalid $data or $key)

[Massedil]

Describe the bug
A clear and concise description of what the bug is.

To Reproduce

Just try to log and obtain InvalidInputArgument[903] error.

Please complete the following information:

• PHP version: 7.4.33
• SnappyMail Version: 2.37.3 (same with 2.37.2)
• Mode: standalone

Debug/logging information

[2024-08-28 10:50:32.158][b2da5728] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
#0 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/snappymail/crypt.php(96): SnappyMail\Crypt::Decrypt()
#1 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/snappymail/cookies.php(46): SnappyMail\Crypt::DecryptFromJSON()
#2 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Actions/UserAuth.php(267): SnappyMail\Cookies::getSecure()
#3 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Actions/UserAuth.php(239): RainLoop\Actions->getMainAccountFromToken()
#4 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Utils.php(72): RainLoop\Actions->getAccountFromToken()
#5 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Utils.php(90): RainLoop\Utils::GetConnectionToken()
#6 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/ServiceActions.php(98): RainLoop\Utils::GetCsrfToken()
#7 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#8 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#9 /var/www/snappymail/snappymail/v/2.37.3/include.php(137): RainLoop\Service::Handle()
#10 /var/www/snappymail/index.php(11): include('/var/www/snappy...')
#11 {main}
[2024-08-28 10:50:37.109][b2da5728] SERVICE[WARNING]: InvalidInputArgument[903]
/var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Actions/UserAuth.php#147
#0 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Actions/User.php(41): RainLoop\Actions->LoginProcess()
#1 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/ServiceActions.php(141): RainLoop\Actions->DoLogin()
#2 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#3 /var/www/snappymail/snappymail/v/2.37.3/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#4 /var/www/snappymail/snappymail/v/2.37.3/include.php(137): RainLoop\Service::Handle()
#5 /var/www/snappymail/index.php(11): include('/var/www/snappy...')
#6 {main}

Additional context
Add any other context about the problem here.

[the-djmaze]

It seems your smaccount cookie gets broken.

To know how, you can maybe:

1. catch the cookie value
2. base64 decode the cookie value
3. decode the JSON data into an array
4. base64 decode each array entry

NOTE: there could be multiple smaccount cookies that makes things corrupt.
They are like smaccount~1.
Do you have them?

[Massedil]

Only one smaccount cookie.
Array of 3 parts :

• First value is c29kaXVt => sodium
• Second value is string(32), can't be base64 decoded to something readable.
• Third value is string(168), can't be base64 decoded to something readable.

Are those value (2 & 3) private or I can share it with you ? Do you need them to debug ?

[the-djmaze]

Values 2&3 are binary.

2&3 are used to decrypt the binary data (account data).

It seems your cookie is correct but something else gets screwed along the way.
I will look into it as there are more issues reported.

[t0rik]

and where to find this smaccount cookie ?

[Massedil]

Do you know if this issue is solved by latest update ? Can I try something for you ?

[t0rik]

Simply deleting the folder with the required account at the path data/data/default/storage/domain helped me. User just relogin, and all fine

[Massedil]

Thanks @t0rik !

I will try your advice if @the-djmaze do not need me to debug the problem which can also occurs for other people.