Upgrade from v4.5.19 to v4.5.20 breaks site (self-hosted)

Hi @david I will have to ask my host, if it is enabled is there a solution/workaround that will help?

Thanks

i think some exceptions in modsecurity rulelist may need to be included to solve the issue.

Here’s what my host said in response:

“Mod Security is enabled on our shared hosting servers, including yours.”

@kieranmccarthy

I would ask them to disable for this site so that when can exclude whether mod_security is the issue.

Host response to turning off mod_security:

I’m afraid we will not disable Mod Security on any shared hosting account for any reason. If someone is experiencing a problem and they believe it’s related to Mod Security have them go to http://whatsmyip.ie and tell us the IP address they see there. We’ll check the Mod Security logs for any errors triggered from that IP and whitelist any Mod Security Rules that are being triggered.

When I submitted my own IP address they checked and confirmed:

Your IP address hasn’t triggered any Mod Security rules on the server today. It’s not related to this issue anyway as Mod Security wouldn’t generate a 401 error:

ok, i think this may be a path issue

Does your APP_URL in your .env file contain the full path

/invoice/public ?

If it does not, you may need to set an additional .env var

ASSETS_URL=https://your.url.com/invoice/public/

Hi @david

I followed your instruction and added: ASSETS_URL=https://www.mydomain.com/invoice/public/ to the .env file then cleared cache via Health Check from dashboard, then logged in to a client dashboard but I still get the same error when trying to add a payment method:

{“message”:“You are not authorized to view or perform this action”}

These are the two entries in my .env file currently:

APP_URL=https://www.mydomain.com/invoice/public
ASSETS_URL=https://www.mydomain.com/invoice/public

When logged into dashboard my default url is: https://www.mydomain.com/invoice/public/#/

Open to suggestions, thanks.

I’m not sure, i can’t recreate this locally.

Thank’s David,

I’m not sure what to do at this stage. I’ve had new and old clients not able to add payment options the past week, I’m aware every server setup is different and I appreciate all the support you guys give here but for me now Invoice Ninja V5 is not 100% usable to me.

I’m more than willing to pay for support or export my data to the hosted version of Invoice Ninja. Would this be a solution?

Thanks

Kieran

@kieranmccarthy

You should be able to export your data in Settings > Import | Export

This should import directly into our hosted version - and vice versa.

Thanks @david I think transferring to the hosted platform is my best option from here.

Hi @david I’m just about to transfer over to the hosted version of Invoice Ninja, I’ve ran into way too many issues with self-hosted V5 and haven’t the time or resources at this stage to keep fixing or applying workarounds, thanks for all your help up to now and not forgetting @hillel at my earlier support requests.

Just to add I get the same error message when trying to add a payment method and now also when trying to access a recurring invoice:

{“message”:“You are not authorized to view or perform this action”}

I’ve tried all advice from the following thread but no luck: View recurring invoice -> You are not authorized to view or perform this action - #7 by david

Hi @kieranmccarthy

Moving over should be as simple as exporting your data from (v5) Settings > Import | Export

And then importing it into our hosted platform

Thanks @david assuming all goes well in the export/import to the hosted platform is there anything I will need to know from there on? Will cron jobs work or do they need to be setup? will recurring invoices resume (someone mentioned in the forum that they all default to draft)

Update: I’ve just done an export and got an email to dowload my company data file but also got this error in browser.

Should I be concerned?

You’ll want to inspect the logs for the output of the error.

When you do import the data into the hosted platform, you’ll want to reupload your company logo - otherwise everything should just work

Thanks @david

For what it’s worth this was the entry in the log file from yesterday:

[2021-09-07 13:58:19] production.ERROR: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8392704 bytes) {“userId”:2,“exception”:"[object] (Symfony\Component\ErrorHandler\Error\FatalError(code: 0): Allowed memory size of 134217728 bytes exhausted (tried to allocate 8392704 bytes) at /home/mydirectory/public_html/invoice/vendor/laravel/framework/src/Illuminate/Queue/Queue.php:105)
[stacktrace]
#0 {main}
"}

Either way I’m transferring to the hosted platform today.

Thanks again.

Kieran

PART-SOLVED: {“message”:“You are not authorized to view or perform this action”}

Having upgraded to hosted Invoice Ninja (Enterprise Plan) this morning it quickly became apparent there was an problem as I was getting the same error while trying to add a payment method as a client:

It was throwing the same error as self-hosted:

What was discovered through email support was a new setting under Limits/Fees “Min/Max Limit” to payment gateways was added in V5 which wasn’t in V4.

gateways

By default Enable Min & Enable Max were box ticked however no default value was in Min Limit or Max Limit this is the key issue. We discovered that adding a value of eg. $1 Min and $1000 Max or disabling (un-ticking both boxes) fixed the issues of a client not being able to add a payment method.

These Enable Min & Enable Max settings are set/ticked by default for all payments gateways so be sure to check others eg, PayPal, Stripe etc.

I replicated the solution on my still installed V5 self hosted installion and it fixed the issue for me however it still throws the same error if a client clicks on “View” a Recurring Invoice.

Hope this may help some other self-hosted users.

@hillel @david

Thanks for this info! I’ll try to replicate it.

You’re welcome @hillel hope it helps.