Several bugs and inconsistencies in 0.5.0 beta

[jbd7]

🐞 Bug Description

I edited the manage-users.sh file as the script didn't run on my server (Ubuntu). There was a double use of function and parentheses (). The password encryption step failed. I corrected this script with LLMs until managing to create a user.json file with 1 user and 3 attributes (name, pwd, role).

Yet, on the UI, a login attempt results in 'Login failed'.

My server shows an error:

Got error 'PHP message: PHP Warning:  file_get_contents(/opt/Fail2Ban-Report/Settings/users.json): Failed to open stream: Permission denied in /home/mydomain/public_html/fail2ban-report/includes/auth.php on line 65

I changed the ownership of the files in /opt to www-data and to the webserver owner, but it still wouldn't lead to a successful login. Could you document the expected file ownership and file permissions for both FE and BE files?

Not sure if it's related or not: Despite not logging in, the WebUI page displays similar content to v 0.4.0, so v0.5.0 is partially usable. I tried the 'Info' button, which worked with v0.4.0, but now shows [REPORT] Reporting not enabled or invalid IP(s).

🔄 Steps to Reproduce

TBH I really struggled to update from v0.4.0 to v0.5.0.

I followed instructions in both update-existing-installation.md and Setup-Instructions.md but none are complete, so I git cloned the repo, deleted the unnecessary files like screenshots, and moved files in /opt and in my webserver, and deleted most of 0.4.0 files.

💭 Expected Behavior

• It would help to standardize the filenames: it is currently a mix of lower case and camel case. Dashes are also more prone to issues with executing bash scripts, creating and fetching files. The UI is capitalising my server name that I manually added in the config file as lowercase which is a strange unexpected behavior.

• Is it possible to not use the newly introduced user/login feature? And the newly introduced multi-server feature? They both add UI components taking the top third of the webpage for no added value in case the user is in a single-server single-user setup.

• In the UI, Blocklist timestamps appear as MM/DD/YYYY, more common in the US, while all my logs are ISO. Is it possible to keep the timestamp format of the table everywhere, e.g. YYYY-MM-DD HH:MM:ss ?

• The yellow, grey and red circles could have a tooltip on mouseover to describe what they mean. Given grey and yellow+red circles appear for both Ban and Unban actions, it could be useful to inform what they refer to. For example, the dropdown menu says "Warn" and "Crit", but it's not straightforward to understand Unban events that are Crit.

💻 Environment Details

• OS: [e.g. Ubuntu 22.04, Debian 11] : Ubuntu 24

• Fail2Ban-Report version: 0.5.0

• Browser: Chrome latest

Additional info

• The bug with parsing 'Increased Ban' seems fixed!
• Updating the crontab towards the new 0.5.0 scripts worked flawlessly in reusing the archive files, no stats were lost during the upgrade from 0.4.0.
• The abuseip/ipinfo integration was very nice and I hope it works again. As a suggestion for future iterations, UX-wise, I think it would make it faster to add a hyperlink to the IPs, or a link/emoji in the same cell of the IP (that is wide enough), instead of having to click a checkbox and then click the button 'Info'.