starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🐛 Bug Report: Unable to upload oidc-clients images in distroless image #6

New Issue
Closed
opened 2025-10-06 23:58:00 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2025-10-06 23:58:00 +03:00
Owner
Copy Link

Originally created by @Skaronator on GitHub.

Reproduction steps

  1. Start pocket-id with distroless image with host mount
  2. Try to create oidc-clients with an image (e.g. https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/immich.svg)
  3. Get error in Frontend + Log.

The log says:

pocket-id Oct  3 14:58:22 ERR Request with errors: Error #01: failed to download logo: failed to open file 'data/uploads/oidc-client-images/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0.svg.cd547ae7-7904-4f9b-8075-4937e89a6775-tmp' for writing: open data/uploads/oidc-client-images/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0.svg.cd547ae7-7904-4f9b-8075-4937e89a6775-tmp: no such file or directory
pocket-id  app=pocket-id version=1.12.0 status=500 method=PUT path=/api/oidc/clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 query="" route=/api/oidc/clients/:id ip=192.168.0.171 latency=96.004079ms referer=https://id.example.com/settings/admin/oidc-clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" body_size=32

Expected behavior

I should be able to create application with images.

Actual Behavior

Looking at the files on my system, I can see that they use UID/GID 65532.

(Sidenote: PUID/PGID env variable doesn't work with the distroless image, but this has nothing to do with this issue)

root@matrix:/srv/nvme/container-data/pocket-id# ls -lsah
total 120K
8.5K drwxrwxrwx  4 65532 65532    7 Oct  3 14:41 .
8.5K drwxr-xr-x 41 root  root    41 Oct  3 14:41 ..
8.5K drwx------  2 65532 65532    3 Oct  3 14:41 keys
4.5K -rw-r--r--  1 65532 65532 4.0K Oct  3 14:41 pocket-id.db
4.5K -rw-r--r--  1 65532 65532  32K Oct  3 14:54 pocket-id.db-shm
 77K -rw-r--r--  1 65532 65532 1.7M Oct  3 14:52 pocket-id.db-wal
8.5K drwxr-xr-x  4 65532 65532    4 Oct  3 14:41 uploads

Digging deeper, I can see that the oidc-client-images folder is missing.

root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah
total 34K
8.5K drwxr-xr-x 4 65532 65532 4 Oct  3 14:41 .
8.5K drwxrwxrwx 4 65532 65532 7 Oct  3 14:41 ..
8.5K drwxr-xr-x 2 65532 65532 7 Oct  3 14:41 application-images
8.5K drwxr-xr-x 3 65532 65532 3 Oct  3 14:41 profile-pictures

After creating that folder manually, everything works as expected.

root@matrix:/srv/nvme/container-data/pocket-id/uploads# mkdir oidc-client-images
root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah
total 35K
8.5K drwxr-xr-x 5 65532 65532 5 Oct  3 14:58 .
8.5K drwxrwxrwx 4 65532 65532 7 Oct  3 14:41 ..
8.5K drwxr-xr-x 2 65532 65532 7 Oct  3 14:41 application-images
 512 drwxr-xr-x 2 root  root  2 Oct  3 14:58 oidc-client-images
8.5K drwxr-xr-x 3 65532 65532 3 Oct  3 14:41 profile-pictures
root@matrix:/srv/nvme/container-data/pocket-id/uploads# chown 65532:65532 oidc-client-images
root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah
total 59K
8.5K drwxr-xr-x 5 65532 65532 5 Oct  3 14:58 .
8.5K drwxrwxrwx 4 65532 65532 8 Oct  3 15:28 ..
8.5K drwxr-xr-x 2 65532 65532 7 Oct  3 14:41 application-images
 25K drwxr-xr-x 2 65532 65532 3 Oct  3 15:44 oidc-client-images
8.5K drwxr-xr-x 3 65532 65532 3 Oct  3 14:41 profile-pictures


pocket-id Oct  3 14:58:53 INF Request app=pocket-id version=1.12.0 status=200 method=PUT path=/api/oidc/clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 query="" route=/api/oidc/clients/:id ip=192.168.0.171 latency=38.797463ms referer=https://id.example.com/settings/admin/oidc-clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" body_size=3242

Pocket ID Version

ghcr.io/pocket-id/pocket-id:v1.12.0-distroless@sha256:0c1ae051060157fdb05d71bca2a28efab5417fb6e0631898b7cdaa1745b3fe6d

Database

SQLite

OS and Environment

Kubernetes 1.33 (k0s) on Debian 13 host with Envoy Gateway as Proxy.

Log Output

No response

Originally created by @Skaronator on GitHub. ### Reproduction steps 1. Start pocket-id with distroless image with host mount 2. Try to create oidc-clients with an image (e.g. `https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/immich.svg`) 3. Get error in Frontend + Log. The log says: ``` pocket-id Oct 3 14:58:22 ERR Request with errors: Error #01: failed to download logo: failed to open file 'data/uploads/oidc-client-images/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0.svg.cd547ae7-7904-4f9b-8075-4937e89a6775-tmp' for writing: open data/uploads/oidc-client-images/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0.svg.cd547ae7-7904-4f9b-8075-4937e89a6775-tmp: no such file or directory pocket-id app=pocket-id version=1.12.0 status=500 method=PUT path=/api/oidc/clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 query="" route=/api/oidc/clients/:id ip=192.168.0.171 latency=96.004079ms referer=https://id.example.com/settings/admin/oidc-clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" body_size=32 ``` ### Expected behavior I should be able to create application with images. ### Actual Behavior Looking at the files on my system, I can see that they use UID/GID 65532. (Sidenote: PUID/PGID env variable doesn't work with the distroless image, but this has nothing to do with this issue) ```bash root@matrix:/srv/nvme/container-data/pocket-id# ls -lsah total 120K 8.5K drwxrwxrwx 4 65532 65532 7 Oct 3 14:41 . 8.5K drwxr-xr-x 41 root root 41 Oct 3 14:41 .. 8.5K drwx------ 2 65532 65532 3 Oct 3 14:41 keys 4.5K -rw-r--r-- 1 65532 65532 4.0K Oct 3 14:41 pocket-id.db 4.5K -rw-r--r-- 1 65532 65532 32K Oct 3 14:54 pocket-id.db-shm 77K -rw-r--r-- 1 65532 65532 1.7M Oct 3 14:52 pocket-id.db-wal 8.5K drwxr-xr-x 4 65532 65532 4 Oct 3 14:41 uploads ``` Digging deeper, I can see that the `oidc-client-images` folder is missing. ```bash root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah total 34K 8.5K drwxr-xr-x 4 65532 65532 4 Oct 3 14:41 . 8.5K drwxrwxrwx 4 65532 65532 7 Oct 3 14:41 .. 8.5K drwxr-xr-x 2 65532 65532 7 Oct 3 14:41 application-images 8.5K drwxr-xr-x 3 65532 65532 3 Oct 3 14:41 profile-pictures ``` After creating that folder manually, everything works as expected. ```bash root@matrix:/srv/nvme/container-data/pocket-id/uploads# mkdir oidc-client-images root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah total 35K 8.5K drwxr-xr-x 5 65532 65532 5 Oct 3 14:58 . 8.5K drwxrwxrwx 4 65532 65532 7 Oct 3 14:41 .. 8.5K drwxr-xr-x 2 65532 65532 7 Oct 3 14:41 application-images 512 drwxr-xr-x 2 root root 2 Oct 3 14:58 oidc-client-images 8.5K drwxr-xr-x 3 65532 65532 3 Oct 3 14:41 profile-pictures root@matrix:/srv/nvme/container-data/pocket-id/uploads# chown 65532:65532 oidc-client-images root@matrix:/srv/nvme/container-data/pocket-id/uploads# ls -lsah total 59K 8.5K drwxr-xr-x 5 65532 65532 5 Oct 3 14:58 . 8.5K drwxrwxrwx 4 65532 65532 8 Oct 3 15:28 .. 8.5K drwxr-xr-x 2 65532 65532 7 Oct 3 14:41 application-images 25K drwxr-xr-x 2 65532 65532 3 Oct 3 15:44 oidc-client-images 8.5K drwxr-xr-x 3 65532 65532 3 Oct 3 14:41 profile-pictures ``` ```txt pocket-id Oct 3 14:58:53 INF Request app=pocket-id version=1.12.0 status=200 method=PUT path=/api/oidc/clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 query="" route=/api/oidc/clients/:id ip=192.168.0.171 latency=38.797463ms referer=https://id.example.com/settings/admin/oidc-clients/ddf9d1f8-ae17-4a24-91c0-f1942a7f78d0 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" body_size=3242 ``` ### Pocket ID Version ghcr.io/pocket-id/pocket-id:v1.12.0-distroless@sha256:0c1ae051060157fdb05d71bca2a28efab5417fb6e0631898b7cdaa1745b3fe6d ### Database SQLite ### OS and Environment Kubernetes 1.33 (k0s) on Debian 13 host with Envoy Gateway as Proxy. ### Log Output _No response_
OVERLORD commented 2025-10-06 23:58:02 +03:00
Author
Owner
Copy Link

@TheoDurr commented on GitHub:

Seems like a check of the directory existence is missing in oidc_service.go.

Similar to the check made for users profile pictures, it is required to create the directory if it's not already present.

See user_service.go

f9839a978c/backend/internal/service/user_service.go (L173-L178)

Hope my fast analysis can help !

@TheoDurr commented on GitHub: Seems like a check of the directory existence is missing in [oidc_service.go](https://github.com/pocket-id/pocket-id/blob/f9839a978cce181847f7f25828746165e1df4672/backend/internal/service/oidc_service.go#L1885). Similar to the check made for users profile pictures, it is required to create the directory if it's not already present. See [user_service.go](https://github.com/pocket-id/pocket-id/blob/f9839a978cce181847f7f25828746165e1df4672/backend/internal/service/user_service.go#L173-L178) https://github.com/pocket-id/pocket-id/blob/f9839a978cce181847f7f25828746165e1df4672/backend/internal/service/user_service.go#L173-L178 Hope my fast analysis can help !
OVERLORD commented 2025-10-06 23:58:02 +03:00
Author
Owner
Copy Link

@Skaronator commented on GitHub:

Thanks for the quick fix! @stonith404

Really like Pocket ID so far. I tested a few other OIDC providers, and they require so much other stuff (redis, db, several microservices, lots of configuration) which seems way overkill for my homelab.

@Skaronator commented on GitHub: Thanks for the quick fix! @stonith404 Really like Pocket ID so far. I tested a few other OIDC providers, and they require so much other stuff (redis, db, several microservices, lots of configuration) which seems way overkill for my homelab.
OVERLORD commented 2025-10-06 23:58:03 +03:00
Author
Owner
Copy Link

@janreinhardt commented on GitHub:

Unfortunately,its still not working for me on 1.13.0
This is the log:

Oct 6 11:51:31 ERR Request with errors: Error #01: failed to download logo: failed to rename file 'data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg': rename data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg.58518fdc-2cf5-4a4f-a88f-6288440462e4-tmp data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg: file exists

@janreinhardt commented on GitHub: Unfortunately,its still not working for me on 1.13.0 This is the log: `Oct 6 11:51:31 ERR Request with errors: Error #01: failed to download logo: failed to rename file 'data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg': rename data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg.58518fdc-2cf5-4a4f-a88f-6288440462e4-tmp data/uploads/oidc-client-images/77b8e886-c8f3-4147-acb4-7a09223b675e.svg: file exists`
OVERLORD commented 2025-10-06 23:58:03 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Thanks for your detailed report, I really appreciate that. This should be fixed with ad8a90c839 and will be available in the next release.

@stonith404 commented on GitHub: Thanks for your detailed report, I really appreciate that. This should be fixed with ad8a90c839cc79b542b60ae66c7eb9254fa5f3e4 and will be available in the next release.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#6
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?