Multiple HTTP 500 errors from server for a new user

[kamil-mrzyglod]

Recently I installed ES 3.5.0 on my VPS(previously I had 3.2.0 I believe). To be honest, I am still facing strage issues when trying to create a new user/login using its credentials/posting events for its stream.

When I create a user and try to login using its credentials, I always get a notification, that "Server does not exist or invalid credentials supplied". After that, when I log in using e.g. admin and go to the "Users" section, I don't see my user - instead there is a blank row. I can access user data by specifying URL manually, still I cannot post to its stream. Note that using admin's credential it is possible. I set ACL properly.

Sometimes after I log out and try to log in user new user's credentials, ES goes crazy - all requests return 401 Unauthorized or 500 Internal Server Error, though I see nothing in logs.

Is this some problem with my config? Yesterday I collected over 70k events from multiple devices correctly, after restarting a server nothing seems to work.

[gregoryyoung]

Maybe you could tell us some information like how you are creating a user?

"When I create a user and try to login using its credentials, I always get a notification, that "Server does not exist or invalid credentials supplied". After that, when I log in using e.g. admin and go to the "Users" section, I don't see my user - instead there is a blank row. I can access user data by specifying URL manually, still I cannot post to its stream. Note that using admin's credential it is possible."

Usually system streams by default require admin rights to access unless you have updated the default ACL.

"I set ACL properly." You set what ACL properly to what?

[kamil-mrzyglod]

@gregoryyoung I am using UI. It is pretty straightforward:

• I am logging in as admin
• I am going to 'Users' section
• There I am using 'New user' button
• After providing all necessary data I am saving this user

After all above steps I see this new user on the list, but after trying to log in, this new user "disappears" from the list.

According to ACL settings for user's stream - in the "Edit ACL" functionality I set "Writer" to "$admins, my-user".

I tried to set ACL "Writer" property to e.g. "$ops" and attaching user to this group - still no result.

[gregoryyoung]

Are you only measuring through the UI? I am guessing this is a dev environment where you have brought up a db brought down a db etc etc?

[kamil-mrzyglod]

@gregoryyoung I will check HTTP API to ensure that problem is only UI related.

Yes, this is a dev env and I have restarted ES multiple times. I made a clean install, I will see whether it helps somehow.

[gregoryyoung]

When I say restart I mean fresh dbs ... are you running with DISABLE HTTP CACHING? If not you may be hitting http cache issues with the UI and data you see (its on by default on you want this in a production environment but in a dev environment where you start over with a new db it can cause issues in the UI)

Saves should still go through but the data you "see" may be stale due to caching

[pgermishuys]

@kamil-mrzyglod there are some changes from 3.2.0 to 3.5.0 that would've affected non-admin users logging into the admin UI (They are being addressed).

That said, you say that you are "still" facing strange issues which would indicate that you had similar issues on 3.2.0?

The issues mentioned in this issue should strictly be UI related and non of the functionality underneath it should've changed. e.g. ACLs and their behaviour.

For example not using the UI.

• Create 2 new users via the HTTP Api

curl -d@testuser-data.json http://localhost:2113/users/ -u "admin:changeit" -H "Content-Type:application/json"
{
  "loginName": "testuser",
  "success": true,
  "error": "Success",
  "msgTypeId": 50
}%

curl -d@nontestuser-data.json http://localhost:2113/users/ -u "admin:changeit" -H "Content-Type:application/json"
{
  "loginName": "nontestuser",
  "success": true,
  "error": "Success",
  "msgTypeId": 50
}%

• Setting the stream ACL for a new stream

{
  "$acl": {
    "$r": "testuser",
    "$w": "testuser"
  }
}

curl -i -d@stream-acl.json "http://127.0.0.1:2113/streams/newstream/metadata" -H "Content-Type:application/json" -H "ES-EventId: C322E299-CB73-4B47-97C5-6054F920746E"
HTTP/1.1 201 Created

• Attempting to write or read from the newstream with a user that's not in the ACL

curl -i -d@stream-data.json "http://127.0.0.1:2113/streams/newstream" -H "Content-Type:application/json" -H "ES-EventType: SomeEvent" -H "ES-EventId: C322E299-CB73-4B47-97C5-6054F920746E" -u "nontestuser:test"
HTTP/1.1 401 Unauthorized

curl -i "http://127.0.0.1:2113/streams/newstream" -H "accept:application/json" -u "nontestuser:test"
HTTP/1.1 401 Unauthorized

• Attempting to write or read from the newstream with an allowed user in the ACL

curl -i -d@stream-data.json "http://127.0.0.1:2113/streams/newstream" -H "Content-Type:application/json" -H "ES-EventType: SomeEvent" -H "ES-EventId: C322E299-CB73-4B47-97C5-6054F920746E" -u "testuser:test"
HTTP/1.1 201 Created

url -i "http://127.0.0.1:2113/streams/newstream" -H "accept:application/json" -u "testuser:test"
HTTP/1.1 200 OK
{
  "title": "Event stream 'newstream'",
  "id": "http://127.0.0.1:2113/streams/newstream",
  "updated": "2016-04-04T04:00:32.395348Z",
  "streamId": "newstream",
  "author": {
    "name": "EventStore"
  },

[kamil-mrzyglod]

@pgermishuys - to be honest all those strange behaviours of ES affected me after upgrading my dev instance from 3.2.0 to 3.5.0. Previously it wasn't the case.

I didn't have time to check it once more during weekend, I believe I will recheck it all in a day or two.

[pgermishuys]

@kamil-mrzyglod these issues are being addressed and currently only affect non-admin users logging into the UI.

[kamil-mrzyglod]

Okay, after starting whole instance all over again and trying not to use UI it seems, that all works seamlessly.

@pgermishuys I'd say that even changing admin's password from the UI has some issues, if I reproduce that, I will post an issue.