Support

Akeeba Backup for Joomla!

#35307 Error 403 when updating

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by on Sunday, 27 June 2021 20:17 CDT

Thursday, 27 May 2021 14:20 CDT

thalueng

While 403 related problems have been posted before, I believe my findings deserve it's own ticket.

 

My setup

I'm operating 10+ sites with a nearly identical setup and extensions apart from the user data. The sites serve billiard leagues and all come with Akeeba Backup Pro and my league code which I wrote and maintain since more than 10 years. All sites are hosted on the same server and get updated at the same time to current versions, but I usually update extensions including Akeeba when updating the Joomla version. I use Akeeba with front-end backups since years on all my sites.

 

Error description

8 out of my 12 sites with identical setup and extensions do not update Akeeba from 8.0.3 to 8.0.6. Same behavior, whether first updating Joomla from 3.9.26 to 27, or first updating Akeeba. The other 4 sites would update without problem.

 

Analyzing table #__update_sites

Some sites have 1 entry for field name="Akeeba Backup Professional" (as it should be), some have 2, and some have 3 entries. All sites have an entry with field location="https://cdn.akeeba.com/updates/pkgakeebapro.xml", plus 0, 1, or 2 entries with field location="https://cdn.akeebabackup.com/updates/pkgakeebapro.xml". Both xml file locations serve valid update instructions and can be accessed from the sites.

I could not find a pattern for which entry will be picked if there is more than one, but I observed the following. When there is an entry with field extra_query="dlid=<my Akeeba download ID>" then the update sometimes works. Sometimes, because it only seems to work if the Joomla Updater picks that entry (not always the first, not always the last). 

When adding "dlid=<my Akeeba download ID>" to the extra_query field of all "Akeeba Backup Professional" entries of a site the update always works.


Further comments

All sites have the Download ID set in Akeeba's options. All sites have plugin "Installer - Akeeba Backup Professional" enabled. All sites always updated successfully before, last to Akeeba version 8.0.3.

I guess there are some changes in the Joomla Updater which made the update break. My understanding is that the said plugin should always make sure the Download ID is transmitted, but that seems not to be the case. I'm unable to track down these errors in the code at the moment, but thought it can help others to describe what I found. If you have a lot of sites to admin and have access to the database executing a simple query could solve the problem.

Friday, 28 May 2021 01:15 CDT

nicholas

You have identified the problem correctly. It's closely related to one of the Joomla extensions updates bugs I have discussed in https://www.akeeba.com/news/1746-working-around-joomla-s-broken-extensions-updater.html Let me quote the exact passage:

Each extension can have one of more update sites. The update sites are XML files hosted publicly on the web. Their location is defined in the XML manifest file of each extension per https://docs.joomla.org/Manifest_files#Update_servers 

When you install or update an extension (note that installing an update and installing an extension afresh uses the same code in Joomla), Joomla inserts or replaces records in the #__update_sites table for the extension it is installing. This is done through the extension/joomla plugin’s (plgExtensionJoomla) onExtensionAfterInstall event handler, see https://github.com/joomla/joomla-cms/commit/05cdddafe2eccb335a757080c4035a4419090fa9 By the way this is why disabling this plugin breaks extension updates and the reason why have a workaround in our software to install missing update sites manually (i.e. in case you unpublished this critically important plugin!).

There a couple of problems with Joomla's approach.

If the Installer - Joomla plugin is unpublished the update sites records are not updated when you install or update an extension. If it' published, the lack or error handling may lead to the update sites being duplicated. Visiting the Control Panel of our software will address this issue since we are running some custom code. However, there was a bug between 8.0.1 and 8.0.3 (inclusive) which prevented that code from running in our software.

If you uninstall the extensions (components, plugins, modules, ...) of a package extension before you uninstall the package extension Joomla may fail to uninstall the package extension; trying to reinstall the package extension would give it a new extension ID which means that now you have two sets for update sites simultaneously active: the old one which can't be removed or replaced automatically and the new one. Since both update sites try to retrieve updates for the same extensions only one will "win". If it's the one with the empty extra_query or the one with the extra_query that contains an old / invalid Download ID your updates will fail. In the latter case since there is a dlid in the URL our own installer plugins won't kick in.

To cut a long story short, there is no "easy" fix. That said, the fix will be permanent.

Go to Extensions, Manage, Update Sites and delete all update sites which reference a URL in the cdn.akeebabackup.com domain. DO NOT delete the ones which reference the akeeba.com domain name.

ONLY FOR Akeeba Backup 8.0.1 TO 8.0.3: Then go to Akeeba Backup, Options and remove your Download ID (use cut to save it to your clipboard). Click on Save & Close. You'll now be asked to enter the Download ID. Paste it and click the button to apply it. This forces our custom code which handles the update sites to kick in and make sure the update site is correct and references the correct Download ID.

Make sure the Installer – Akeeba Backup plugin is enabled.

Now go to Extensions, Manage, Update. Click Clear All then click on Find Updates. The updates should be installable now.

This should be a permanent fix. The leftover update sites from older versions are removed. The only one remaining has the correct Download ID. The component's options also have the correct Download ID. Even if the update sites table "loses" the extra_query content again our installer plugin will see there's no dlid query string parameter in the download URL when Joomla tries to retrieve an update and add it.

Eventually, Joomla 4 will be released. With Joomla 4 you will no longer need to enter the download ID in the component itself (this option will be removed from Akeeba Backup 9 which will only be compatible with Joomla 4). Joomla 4 gives you the option to enter the Download ID directly in the update site management and handles the extra_query by itself using information we pass in our extension's XML manifest. The custom code we have will greatly be simplified into checking if the update site exists and is correct, as well as that you have entered a Download ID. The update site management and the download ID management will be handled by Joomla itself.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 27 June 2021 20:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2021-06-27 20:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!