This repository has been archived by the owner. It is now read-only.

Can't login using 2.1.7 #6641

Closed
svallory opened this Issue Nov 4, 2014 · 13 comments

Comments

Projects
None yet
7 participants
@svallory

svallory commented Nov 4, 2014

username: theblacksmith

After upgrading to 2.1.7 I was getting the following error. But it was solved after updating my password on the site and deleting ~/.npmrc

npm verb adduser before first PUT { _id: 'org.couchdb.user:theblacksmith',
npm verb adduser   name: 'theblacksmith',
npm verb adduser   password: 'XXXXX',
npm verb adduser   email: 'me@saulovallory.com',
npm verb adduser   type: 'user',
npm verb adduser   roles: [],
npm verb adduser   date: '2014-11-04T21:05:00.553Z' }
npm verb request uri https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith
npm verb request new user, so can't send auth
npm info attempt registry request try #1 at 19:05:00
npm verb request id 36456cf5290507dd
npm http request PUT https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith
npm http 409 https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith
npm verb headers { date: 'Tue, 04 Nov 2014 21:05:01 GMT',
npm verb headers   server: 'CouchDB/1.5.0 (Erlang OTP/R16B03)',
npm verb headers   'content-type': 'application/json',
npm verb headers   'cache-control': 'max-age=60',
npm verb headers   'content-length': '58',
npm verb headers   'accept-ranges': 'bytes',
npm verb headers   via: '1.1 varnish',
npm verb headers   'x-served-by': 'cache-jfk1026-JFK',
npm verb headers   'x-cache': 'MISS',
npm verb headers   'x-cache-hits': '0',
npm verb headers   'x-timer': 'S1415135101.195851,VS0,VE343',
npm verb headers   'keep-alive': 'timeout=10, max=50',
npm verb headers   connection: 'Keep-Alive' }
npm verb request invalidating /Users/svallory/.npm/registry.npmjs.org/-/user/org.couchdb.user_3Atheblacksmith on PUT
npm verb adduser update existing user
npm verb request uri https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith?write=true
npm verb request sending authorization for write operation
npm info attempt registry request try #1 at 19:05:01
npm http request GET https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith?write=true
npm http 200 https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith?write=true
npm verb adduser userobj { _id: 'org.couchdb.user:theblacksmith',
npm verb adduser   name: 'theblacksmith',
npm verb adduser   password: 'XXXXX',
npm verb adduser   email: 'me@saulovallory.com',
npm verb adduser   type: 'user',
npm verb adduser   roles: [],
npm verb adduser   date: '2014-11-04T21:05:00.553Z' }
npm verb request uri https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad
npm verb request updating existing user; sending authorization
npm info attempt registry request try #1 at 19:05:02
npm http request PUT https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad
npm http 403 https://registry.npmjs.org/-/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad
npm verb headers { date: 'Tue, 04 Nov 2014 21:05:03 GMT',
npm verb headers   server: 'CouchDB/1.5.0 (Erlang OTP/R16B03)',
npm verb headers   'content-type': 'application/json',
npm verb headers   'cache-control': 'max-age=60',
npm verb headers   'content-length': '203',
npm verb headers   'accept-ranges': 'bytes',
npm verb headers   via: '1.1 varnish',
npm verb headers   'x-served-by': 'cache-atl6221-ATL',
npm verb headers   'x-cache': 'MISS',
npm verb headers   'x-cache-hits': '0',
npm verb headers   'x-timer': 'S1415135103.017817,VS0,VE281',
npm verb headers   'keep-alive': 'timeout=10, max=50',
npm verb headers   connection: 'Keep-Alive' }
npm verb request invalidating /Users/svallory/.npm/registry.npmjs.org/-/user/org.couchdb.user_3Atheblacksmith on PUT
npm verb adduser back [ { [Error: forbidden may not mix password_sha and pbkdf2
npm verb adduser   You may need to upgrade your version of npm:
npm verb adduser     npm install npm -g
npm verb adduser   Note that this may need to be run as root/admin (sudo, etc.)
npm verb adduser   
npm verb adduser   : -/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad] statusCode: 403, code: 'E403' },
npm verb adduser   { error: 'forbidden',
npm verb adduser     reason: 'may not mix password_sha and pbkdf2\nYou may need to upgrade your version of npm:\n  npm install npm -g\nNote that this may need to be run as root/admin (sudo, etc.)\n\n' },
npm verb adduser   '{"error":"forbidden","reason":"may not mix password_sha and pbkdf2\\nYou may need to upgrade your version of npm:\\n  npm install npm -g\\nNote that this may need to be run as root/admin (sudo, etc.)\\n\\n"}' ]
npm WARN adduser Incorrect username or password
npm WARN adduser You can reset your account by visiting:
npm WARN adduser 
npm WARN adduser     https://npmjs.org/forgot
npm WARN adduser 
npm verb stack Error: forbidden may not mix password_sha and pbkdf2
npm verb stack You may need to upgrade your version of npm:
npm verb stack   npm install npm -g
npm verb stack Note that this may need to be run as root/admin (sudo, etc.)
npm verb stack 
npm verb stack : -/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad
npm verb stack     at CachingRegistryClient.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:234:14)
npm verb stack     at Request._callback (/usr/local/lib/node_modules/npm/node_modules/npm-registry-client/lib/request.js:172:14)
npm verb stack     at Request.self.callback (/usr/local/lib/node_modules/npm/node_modules/request/request.js:372:22)
npm verb stack     at Request.emit (events.js:98:17)
npm verb stack     at Request.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/request/request.js:1310:14)
npm verb stack     at Request.emit (events.js:117:20)
npm verb stack     at IncomingMessage.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/request/request.js:1258:12)
npm verb stack     at IncomingMessage.emit (events.js:117:20)
npm verb stack     at _stream_readable.js:943:16
npm verb stack     at process._tickCallback (node.js:419:13)
npm verb statusCode 403
npm verb cwd /Users/svallory/projects/theblacksmith/typescript-compiler
npm ERR! Darwin 14.0.0
npm ERR! argv "node" "/usr/local/bin/npm" "login"
npm ERR! node v0.10.33
npm ERR! npm  v2.1.7
npm ERR! code E403

npm ERR! forbidden may not mix password_sha and pbkdf2
npm ERR! You may need to upgrade your version of npm:
npm ERR!   npm install npm -g
npm ERR! Note that this may need to be run as root/admin (sudo, etc.)
npm ERR! 
npm ERR! : -/user/org.couchdb.user:theblacksmith/-rev/3-f18a79c01312290049758eabb2649dad
npm ERR! 
npm ERR! If you need help, you may report this error at:
npm ERR!     <http://github.com/npm/npm/issues>
npm verb exit [ 1, true ]

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/svallory/projects/theblacksmith/typescript-compiler/npm-debug.log

@svallory svallory referenced this issue Nov 4, 2014

Closed

I can't login #6530

@timoxley timoxley changed the title from Can't login using 1.2.7 to Can't login using 2.1.7 Nov 5, 2014

@smikes

This comment has been minimized.

Show comment
Hide comment
@smikes

smikes Nov 5, 2014

Contributor

Just to confirm: you couldn't login (after upgrading to 2.1.7), but

after updating my password on the site and deleting ~/.npmrc

Then you were able to log in?

Contributor

smikes commented Nov 5, 2014

Just to confirm: you couldn't login (after upgrading to 2.1.7), but

after updating my password on the site and deleting ~/.npmrc

Then you were able to log in?

@svallory

This comment has been minimized.

Show comment
Hide comment
@svallory

svallory Nov 5, 2014

exactly! Well, I couldn't login before the upgrade either, but because of the error shown in #6530

svallory commented Nov 5, 2014

exactly! Well, I couldn't login before the upgrade either, but because of the error shown in #6530

@mohsen1

This comment has been minimized.

Show comment
Hide comment
@mohsen1

mohsen1 Nov 5, 2014

FYI
With 2.1.6 I wasn't able to login. Got the same error in #6530 but with 2.1.7 I was able to login.

mohsen1 commented Nov 5, 2014

FYI
With 2.1.6 I wasn't able to login. Got the same error in #6530 but with 2.1.7 I was able to login.

@raoulmillais

This comment has been minimized.

Show comment
Hide comment
@raoulmillais

raoulmillais Nov 13, 2014

I also experienced this issue with npm 2.1.6 and 2.1.7 Following the suggestion of the OP and removing the hash from my npmrc and "Changing" (just re-entered it) on npmjs.org solved the issue for me. In case it's relevant I've had an npm account since pretty early on (node v0.4 days) so maybe it's only affecting older accounts?

I also experienced this issue with npm 2.1.6 and 2.1.7 Following the suggestion of the OP and removing the hash from my npmrc and "Changing" (just re-entered it) on npmjs.org solved the issue for me. In case it's relevant I've had an npm account since pretty early on (node v0.4 days) so maybe it's only affecting older accounts?

@smikes

This comment has been minimized.

Show comment
Hide comment
@smikes

smikes Nov 13, 2014

Contributor

The relevant line in the debug log seems to be:

npm ERR! forbidden may not mix password_sha and pbkdf2

I think the fix is to upgrade npm and login again:

$ npm install -g npm     # may need sudo
$ npm config del  //registry.npmjs.org/:_password
$ npm login
Username: (default) RET
Password: [enter password]
Email: (this IS public) (default) RET
$ 

And things will be fine. Note that you can hit RET to accept your previous username and e-mail address, provided they're still correct.

Does anybody still get the error after upgrading to >= 2.1.7 and clearing the password entry out of .npmrc? If so, please speak up, otherwise I will recommend this case be closed.

Contributor

smikes commented Nov 13, 2014

The relevant line in the debug log seems to be:

npm ERR! forbidden may not mix password_sha and pbkdf2

I think the fix is to upgrade npm and login again:

$ npm install -g npm     # may need sudo
$ npm config del  //registry.npmjs.org/:_password
$ npm login
Username: (default) RET
Password: [enter password]
Email: (this IS public) (default) RET
$ 

And things will be fine. Note that you can hit RET to accept your previous username and e-mail address, provided they're still correct.

Does anybody still get the error after upgrading to >= 2.1.7 and clearing the password entry out of .npmrc? If so, please speak up, otherwise I will recommend this case be closed.

@raoulmillais

This comment has been minimized.

Show comment
Hide comment
@raoulmillais

raoulmillais Nov 13, 2014

Me. I had to "change" my password on npmjs.org before it worked. The removal of the hash in .npmrc didn't work.

Me. I had to "change" my password on npmjs.org before it worked. The removal of the hash in .npmrc didn't work.

@smikes

This comment has been minimized.

Show comment
Hide comment
@smikes

smikes Nov 13, 2014

Contributor

Ah, OK. So that sounds like a change on the back end was needed. I'm guessing (since I haven't looked at node-registry-couchapp) that support for the password_sha auth was recently removed.

Then this would bite everyone who:

  1. had an old enough npm account (with password_sha) auth
  2. has never changed their password since pbkdf2 became the default
  3. now upgrades to a version of npm that no longer supports pbkdf2 password_sha

(fixed error)

Contributor

smikes commented Nov 13, 2014

Ah, OK. So that sounds like a change on the back end was needed. I'm guessing (since I haven't looked at node-registry-couchapp) that support for the password_sha auth was recently removed.

Then this would bite everyone who:

  1. had an old enough npm account (with password_sha) auth
  2. has never changed their password since pbkdf2 became the default
  3. now upgrades to a version of npm that no longer supports pbkdf2 password_sha

(fixed error)

@othiym23 othiym23 added the support label Nov 14, 2014

@jlukic jlukic referenced this issue in Semantic-Org/Semantic-UI Nov 28, 2014

Closed

Npm package didn't update #1090

@smikes

This comment has been minimized.

Show comment
Hide comment
@smikes

smikes Feb 5, 2015

Contributor

Can this issue now be closed?

I have suggested this protocol for a number of people with login problems:

1. change password at https://npmjs.com/password
2. clear login-related fields from ~/.npmrc
3. npm login

and it generally seems to work.

We are trying to clean up older npm issues, so if we don't hear back from you within a week, we will close this issue. (Don't worry -- you can always come back again and open a new issue!)

Thanks!

Contributor

smikes commented Feb 5, 2015

Can this issue now be closed?

I have suggested this protocol for a number of people with login problems:

1. change password at https://npmjs.com/password
2. clear login-related fields from ~/.npmrc
3. npm login

and it generally seems to work.

We are trying to clean up older npm issues, so if we don't hear back from you within a week, we will close this issue. (Don't worry -- you can always come back again and open a new issue!)

Thanks!

@othiym23

This comment has been minimized.

Show comment
Hide comment
@othiym23

othiym23 Feb 21, 2015

Contributor

That is indeed a good protocol, and one of these days we will have worked all the old passwords out of the system. Closing as resolved.

Contributor

othiym23 commented Feb 21, 2015

That is indeed a good protocol, and one of these days we will have worked all the old passwords out of the system. Closing as resolved.

@othiym23 othiym23 closed this Feb 21, 2015

@ljharb

This comment has been minimized.

Show comment
Hide comment
@ljharb

ljharb Feb 24, 2015

Contributor

This just happened for me :-( I fixed it by changing my password to the exact same value.

Could this not just be automatically done, for everybody, upon any successful login to npmjs.com?

Contributor

ljharb commented Feb 24, 2015

This just happened for me :-( I fixed it by changing my password to the exact same value.

Could this not just be automatically done, for everybody, upon any successful login to npmjs.com?

@othiym23

This comment has been minimized.

Show comment
Hide comment
@othiym23

othiym23 Feb 26, 2015

Contributor

@ljharb I think that's probably a question for the registry team, and I imagine their answer is that all of the current login code is very close to being replaced, in which case everybody's going to have to log back in anyway (because we're all going to be using bearer token auth in the glorious future). I agree that this is a mystifying and frustrating error to encounter in practice, especially when you're running into it in the context of an erroneous 502 error.

Contributor

othiym23 commented Feb 26, 2015

@ljharb I think that's probably a question for the registry team, and I imagine their answer is that all of the current login code is very close to being replaced, in which case everybody's going to have to log back in anyway (because we're all going to be using bearer token auth in the glorious future). I agree that this is a mystifying and frustrating error to encounter in practice, especially when you're running into it in the context of an erroneous 502 error.

@ReinsBrain

This comment has been minimized.

Show comment
Hide comment
@ReinsBrain

ReinsBrain Mar 10, 2015

update: i had to kickstart the upgrade of NPM - once done properly I no longer had issues. So this is not an issue after all : end update
I'm a first-time user, tried the protocol with no luck (same error as others). I don't have a ~/.npmrc file (probably because npm adduser does not complete).

update: i had to kickstart the upgrade of NPM - once done properly I no longer had issues. So this is not an issue after all : end update
I'm a first-time user, tried the protocol with no luck (same error as others). I don't have a ~/.npmrc file (probably because npm adduser does not complete).

@smikes

This comment has been minimized.

Show comment
Hide comment
@smikes

smikes Mar 12, 2015

Contributor

@ReinsBrain , could you please open a new issue at https://github.com/npm/npm/issues so we can work on fixing the problem you're seeing without sending email to all the people above?

Contributor

smikes commented Mar 12, 2015

@ReinsBrain , could you please open a new issue at https://github.com/npm/npm/issues so we can work on fixing the problem you're seeing without sending email to all the people above?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.