Laravel chmod(/var/dev/project/storage/oauth-public.key): Operation failed: Operation not permitted

php laravel-5 oauth permissions laravel-passport
Ilario Engler picture Ilario Engler · Jul 3, 2017 · Viewed 9.7k times · Source

After I updated the following packages I got an error that the oauth-public.key file couldn't be found.

Package operations: 1 install, 2 updates, 0 removals

Updating laravel/framework (v5.4.27 => v5.4.28): Downloading (100%)
Installing defuse/php-encryption (v2.1.0): Downloading (100%)
Updating league/oauth2-server (5.1.3 => 5.1.4): Downloading (100%)

Firstly I deleted the two oauth- files in project/storage and then executed this command: php artisan passport:install to generate new oauth- files.

Now I get the following error when trying to access an api route.

(1/1) ErrorException chmod(/var/dev/project/storage/oauth-public.key): Operation failed: Operation not permitted

Stack trace

in CryptKey.php (line 51)

at HandleExceptions->handleError(2, 'chmod(/var/dev/project/storage/oauth-public.key): Operation failed: Operation not permitted', '/var/dev/project/vendor/league/oauth2-server/src/CryptKey.php', 51, array('keyPath' => 'file:///var/dev/project/storage/oauth-public.key', 'passPhrase' => null, 'keyPathPerms' => '644'))

at chmod('file:///var/dev/project/storage/oauth-public.key', 384) in CryptKey.php (line 51)

at CryptKey->__construct('file:///var/dev/project/storage/oauth-public.key') in ResourceServer.php (line 50)

File permissions

-rw-r--r-- user:user oauth-private.key
-rw-r--r-- user:user oauth-public.key

Update 1

I found out that oauth Libaray introduced a security fix. Oauth V5 Security Improvements

Version 5.1.4 is a backwards compatbile with other 5.1.x releases.

You will notice in your server logs a message like this:

You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/

To supress this notice once you have instantiated an instance of \League\OAuth2\Server\AuthorizationServer you should call the setEncryptionKey() method passing in at least 32 bytes of random data.

You can generate this using base64_encode(random_bytes(32)). Alternatively if you’re using a framework such as Laravel which has a encryption key already generated you can pass in that (in the case of Laravel use env('APP_KEY')).

Problem is that the maintainer of Laravel Passport has to fix this.

Update 2

After I removed the vendor folder and executed composer install again I get still the same error.

Answer

Brooky Yen picture Brooky Yen · Jul 3, 2017

Try:

sudo chown www-data:www-data storage/oauth-*.key
sudo chmod 600 storage/oauth-*.key

It solves my problem.

Related questions

Laravel Passport Print Personal Access Token

I am using Laravel's passport package to provide token based authentication to my rest api. Right now, I am using personal access token concept to generate the access token. To generate an access token for a single user, I am …

Read More
Laravel Checking If a Record Exists

I am new to Laravel. Please excuse the newbie question but how do I find if a record exists? $user = User::where('email', '=', Input::get('email')); What can I do here to see if $user has a record?

Read More
Laravel 5 Failed opening required bootstrap/../vendor/autoload.php

I have recently installed Laravel 5 via composer. I tried creating a new controller using artisan and I get the following error: bootstrap/../vendor/autoload.php. Failed to open stream: No such file or directory. The "vendor" folder does not exist. …

Read More