Cannot login (at least two different instances) - complex and long passwords an issue?

[redpola]

Filing here because I don't know if this is a core hang up or a UI problem. If the former then there is a further UI bug that core failures can leave the UI hanging.

Quite simply, I can't login to two lemmy instances I've recently signed up to.

Signups were fine and I was logged in automatically but after logging out I cannot regain access to the accounts.

Repro:

Try to login.

I am left staring at a login form with a spinning graphic on the button forever.

Technical details:

I've not delved into this but one thing of note is that I have a complex and long password from a password manager. An example is "92MN@NYzpA@!yg$QXxT7szjz7".

Could an overly-long or complex password cause this? Notably when I tried to change my password I saw exactly the same behaviour - I entered my old and new passwords, hit the button, and got the perpetual spinner.

I should be able to log in. I should be able to change my password. Lemmy should work with a password like "92MN@NYzpA@!yg$QXxT7szjz7".

I further should be given feedback at the UI if something deep within goes wrong, especially if it results in a hung experience.

UI: v0.17.3
BE: 0.17.3

[cereal7802]

Unless you are running the instance, it is going to be hard to find the cause of the issue. The UI does not seem to output an error when there is a login issue. For example, i setup a new instance and on first login it asks you to create an admin user, then configure the instance. I did this and set the instance to require email verification. Once i logout of the admin user, i can not login again because the admin user does not have a verified email. No error is displayed, the login button just sits there spinning as you noted. If however i check the log on docker for the instance, i get this error

lemmy_1 | 2023-06-12T08:53:51.661183Z ERROR HTTP request{http.method=GET http.scheme="http" http.host=lemmy.game-files.net http.target=/api/v3/ws otel.kind="server" request_id=96e8e86b-df11-461d-8d4d-406c6743b563 http.status_code=101 otel.status_code="OK"}: lemmy_server::api_routes_websocket: email_not_verified: email_not_verified

So as you can see, it is rejecting my login as the admin user because there i no verified email. Nothing in the web browser indicates this is an issue.

[redpola]

Well now I'm super confused. I'm just a user and as you have discerned, my email addresses are not verified, so the instance is behaving correctly in that sense.

The login emails are not verified however because I didn't receive emails asking me to verify them (no, not even in my spam folder).

So here we have two defects: A huge bug in the user experience because I didn't get emails requesting verification; and the UI feedback if anything went wrong bug.

Since this report is nothing to do with long or complex passwords should I just shut it down?

[RayBB]

At least one issue is that if you don't enter the right password it seems the site is loading forever. See LemmyNet/lemmy-ui#1154

However, it could also be if the site is overloaded and you entered the right password it's just taking a long time to respond (or failing to respond at all).

[kuwuwin]

Unless you are running the instance, it is going to be hard to find the cause of the issue. The UI does not seem to output an error when there is a login issue. For example, i setup a new instance and on first login it asks you to create an admin user, then configure the instance. I did this and set the instance to require email verification. Once i logout of the admin user, i can not login again because the admin user does not have a verified email. No error is displayed, the login button just sits there spinning as you noted. If however i check the log on docker for the instance, i get this error

lemmy_1 | 2023-06-12T08:53:51.661183Z ERROR HTTP request{http.method=GET http.scheme="http" http.host=lemmy.game-files.net http.target=/api/v3/ws otel.kind="server" request_id=96e8e86b-df11-461d-8d4d-406c6743b563 http.status_code=101 otel.status_code="OK"}: lemmy_server::api_routes_websocket: email_not_verified: email_not_verified

So as you can see, it is rejecting my login as the admin user because there i no verified email. Nothing in the web browser indicates this is an issue.

The way to fix this is described here https://lemmy.click/comment/973

[cereal7802]

Unless you are running the instance, it is going to be hard to find the cause of the issue. The UI does not seem to output an error when there is a login issue. For example, i setup a new instance and on first login it asks you to create an admin user, then configure the instance. I did this and set the instance to require email verification. Once i logout of the admin user, i can not login again because the admin user does not have a verified email. No error is displayed, the login button just sits there spinning as you noted. If however i check the log on docker for the instance, i get this error
lemmy_1 | 2023-06-12T08:53:51.661183Z ERROR HTTP request{http.method=GET http.scheme="http" http.host=lemmy.game-files.net http.target=/api/v3/ws otel.kind="server" request_id=96e8e86b-df11-461d-8d4d-406c6743b563 http.status_code=101 otel.status_code="OK"}: lemmy_server::api_routes_websocket: email_not_verified: email_not_verified
So as you can see, it is rejecting my login as the admin user because there i no verified email. Nothing in the web browser indicates this is an issue.

The way to fix this is described here https://lemmy.click/comment/973

I was able to resolve it by relaunching my instance and not selecting the option requiring email validation and logging out. I then changed the email on the admin account and it automatically sent the validation email. Once I had done all validation i was able to login normally. I think the admin creation process should probably include the validation email, or just automatically set the user email to validated for the admin user that is setup after fresh install is completed.

[ismailghedamsi]

This should be fixed as soon as possible. Any problem should have an error message. Otherwise, people would simplu abandon registering and not use Lemmy

[davereeck]

I had the same issue as a user: I was able to create a long password (longer than 20 char), but not able to sign in with it.

I fixed this by performing forgot password.

For the fix: please make sure password creation filters out invalid password (e.g. longer than the login pw limit).

[RayBB]

@davereeck I can't reproduce this. I see the signup and sign in pages both have 60 character limits. So does the password length check function server side for account creation:

lemmy/crates/api_common/src/utils.rs

Line 307 in f3f95e5

pub fn password_length_check(pass: &str) -> Result<(), LemmyError> {

Can you tell me the steps to reproduce this?

[c0mmando]

I was able to resolve it by relaunching my instance and not selecting the option requiring email validation and logging out. I then changed the email on the admin account and it automatically sent the validation email. Once I had done all validation i was able to login normally. I think the admin creation process should probably include the validation email, or just automatically set the user email to validated for the admin user that is setup after fresh install is completed.

I resolved the admin account email verification issue by modifying the user verification boolean in postgres.

[crossmr]

I had the same issue as a user: I was able to create a long password (longer than 20 char), but not able to sign in with it.

I fixed this by performing forgot password.

For the fix: please make sure password creation filters out invalid password (e.g. longer than the login pw limit).

Interesting, however I've been running into this issue on multiple instances, and the forgot password option doesn't seem to function. Distinct lack of feedback here for the user. I entered a username or e-mail and pressed forgot password and nothing seems to happen.

[davereeck]

@davereeck I can't reproduce this. I see the signup and sign in pages both have 60 character limits. So does the password length check function server side for account creation:

lemmy/crates/api_common/src/utils.rs

Line 307 in f3f95e5

pub fn password_length_check(pass: &str) -> Result<(), LemmyError> {

Can you tell me the steps to reproduce this?

@davereeck I can't reproduce this. I see the signup and sign in pages both have 60 character limits. So does the password length check function server side for account creation:

lemmy/crates/api_common/src/utils.rs

Line 307 in f3f95e5

pub fn password_length_check(pass: &str) -> Result<(), LemmyError> {

Can you tell me the steps to reproduce this?

Well crap. I tried repro steps and cannot repro either.

[bmax329]

I ran into this as well and found that I am unable to login naturally. I've done "forgot password" about 6 times, and I have a password now that is 19 characters long with upper, lowercase, and numbers mixed in (no special characters).

However, I cannot log into my account with this password. When I try, the log in button spinner spins infinitely, and this line gets logged in my browser console over and over:

{op: 'CreatePostLike', data: {…}}

I also tried putting an intentionally incorrect password to see if it behaves differently, but that leads to the same behavior of the loading button spinning infinitely.

I also tried to manually change password, after going thru the forgot password flow, and going back into settings and changing it again. Still no dice.

It seems like the flow to set new passwords (either by forgot password or otherwise) does not work?

[JoshuaEN]

I want to note, I was seeing what I thought was a password length/complexity issue, as I could login via the forgot password system automatically logging me in, but never via the password input. It turned out my email validation had not been successful. I changed my email on my profile to force another verification email to be sent and that resolved the issue.

So, it might not actually be a password issue at all which is causing the login to fail.

[RayBB]

@redpola or anyone else here. Are you still seeing this happen with v0.18.0 which is out for lemmy.ml (and probably a few others by now)?
For me, it seems to have fixed the issue and I get a notification in the bottom left when the password is wrong.

If you don't see it lets close this issue.

[redpola]

I'll check in the morning. It seems to me that there were several issues here which weren't broken out into separate defect reports however...

[redpola]

So, on feddit.uk which is running 0.17.4 now I just could not login using chrome/iPad. I hit "forgot password" and reset my password to what it already was and was logged in automatically. I then logged out and successfully logged in again.

[bmax329]

Update for my issue now that my instance (lemmy.world) is on v0.18.1:

I followed the same forgot password steps to reset my password, but login still failed. However, on the new version I was able inspect the network request and see that error was my email needed to be verified. I retriggered the verification email by changing my email to something else and then changing it back. Got the email and verified my account.

However, regular login still doesn't work. Now, with a verified email and a correct password, the login request returns a 404 "Record not found".... ?

BE: 0.18.1-rc.4
UI: 0.18.1-rc.7

[bmax329]

Seems like it's fixed now, I was able to log in with no changes made on my side.