User or password incorrect

Hi,

Since the 0.8.7.3 I was not able to login to OSP.
I try to upgarde or install from scratch, but I always get the same result. I’m not able any more to login. And when I try to use the forget password form, osp did nothing… No error in logs, no error on displayed, just osp does nothing (or seems doing nothing).
(when the first screen ask for the SMTP informations, I performed the test, and I got an email, so the config should be ok!).
I also activated the debug mode, and I’ve no error too.
This issue came with the change for login, when an email was request rather than a username, to login.
I also try to register a new user, and I was able to register, and the mail I received works fine for connect, but when I disconnect and want to login again, I’ve got the same result. username or password incorrect…
I’ve really searched to understanding what’s going wrong, but right now, I do not have any more direction to search forward…

Best regards, and thanks anyway for this great tools!

First thing might be to check the DB and make sure the users are there.

use osp;
select * from User where username = "USERNAMEHERE";

First, thanks for answering so quickly!
I checked in the DB, and my user is there, with username and email filled with the same thing, my email .

No problem. So then the only thin I can think of being the cause would be some kind of change in the hash. Now what you could do is delete the account, recreate it and set the roles_users flag for the user database id # and the role ID 2 for admin.

Hi Deamos,

I’ve done what you suggested. I re-register a user, and before login, I granted the 5 roles to this new user, so when I followed the link in the eMail, I was log with an admin account. Everything went fine. But as soons as I logout, I was not able to login again.
In my opinion, your code is not involve. I rather thinks for problem version of a library… It’s look like, osp was not able to interpret proprely an email address.
For information, I have a Vm with a 8.0.3, where everything is running fine. If I try to upgrade, I’ve got the same problem…

Does the email address contain special characters or anything out of the ordinary? Login processes are pretty straight forward - Email address and hashed passwords are compared. If both match everything should work fine.

Sorry for the bump, but I think I should point out I had the same issue a few weeks ago. I couldn’t log in either with my username or email, but I could log in with another user just fine with his email. The only difference between the two accounts (other than the email of course) is the severity of our passwords.

I managed to fix it by changing my password manually to something simpler. Hashed it to sha512, if memory serve, and updated it through SQL. I think my password had troublesome characters, but honestly after fixing it I was too lazy & upset to test it out. :sweat_smile:

Even though the hashed password doesn’t have any weird characters, could it be somewhere between the HTML form and the SQL check that something isn’t escaped correctly ?

EDIT : You know what, I’m in the mood to do some testing. Will update this answer if I confirm that.

EDIT 2 : Still in the middle of testing, but whan I can confirm is this just broke my account. Just changed my password to what I’m going to paste below, and right after I couldn’t log in anymore. :smiley: I’ll try to pinpoint if this is a length issue or what character is messing it up. @olive do you have a similar password ? :grin:
¡xW¢9{SsÞMî0:Ħ@}cB¡9!lE0:i2SrÝ^].7þZ9[iO3°}K40IÞ{Ë.Hmx];\8f\izh0gg>@[N7¾o?15I0lzÂ,AFmO(2ÖJNz~1^D}]l5Á(7b<9lòO9X'OO4>'o-}G]´>UqN

Hi Tangeek,

As far I understood your issue, I think we’re not facing to the same thing… First to answer your question, my password is far simpler than your. My problem is that I think, the email was not properly interpreted. Even if I use the recorver password form form, my osp server does nothing. No error, but no action neither… And to simplify things, nothing in the log…

Oh, too bad. Sorry for the useless bump then. I’d still advice to test with a simpler password just in case.

No problem, you’re welcome.
Just in case, when I run osp for the first time, the fisttime page is well displayed , but in the log I found thoses issues :slight_smile:
Traceback (most recent call last):
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1950, in full_dispatch_request
rv = self.dispatch_request()
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1926, in dispatch_request
self.raise_routing_exception(req)
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1908, in raise_routing_exception
raise request.routing_exception
File “/usr/local/lib/python3.8/dist-packages/flask/ctx.py”, line 350, in match_request
result = self.url_adapter.match(return_rule=True)
File “/usr/local/lib/python3.8/dist-packages/werkzeug/routing.py”, line 1799, in match
raise NotFound()
werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 2447, in wsgi_app
response = self.full_dispatch_request()
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/local/lib/python3.8/dist-packages/flask_restplus/api.py”, line 584, in error_router
return original_handler(e)
File “/usr/local/lib/python3.8/dist-packages/flask_cors/extension.py”, line 161, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1816, in handle_user_exception
return self.handle_http_exception(e)
File “/usr/local/lib/python3.8/dist-packages/flask/app.py”, line 1744, in handle_http_exception
return handler(e)
File “/opt/osp/blueprints/errorhandler.py”, line 14, in page_not_found
return render_template(themes.checkOverride(‘404.html’), sysSetting=sysSettings, previous=request.referrer), 404
File “/opt/osp/functions/themes.py”, line 16, in checkOverride
if sysSettings.maintenanceMode is True:
AttributeError: ‘NoneType’ object has no attribute ‘maintenanceMode’

Any idea of what’s going bad ? (I’m totally newbie in python… It is not familiar to me!)

I’ve had this issue many times, actually, I’m going through it right now.

Most times, i fixed it by adjusting the number of max queries the osp user can do to the MySQL database per hour.

Right now, I have no idea what could be causing it. Everything seems to be working fine, except for that.

Let me know any other solution you may have thought of that worked

Hi Yorch,
Everythings is running fine now. The issue came frome the fact my fqdn I use for my osp was the same than my those used by mail to create the diffent account. I do not search to understand why that is problem, but since I use a fqdn for my osp server, and email who do not have the same there is no more issue…

You mean that your osp was at:

osp.example.com

And your admin mail was:

[email protected]?

Cause I’m still facing this issue, and maybe that’s the reason why

Appreciate your help

Hi Yorch,
That is exactly a case that should not running fine. Try with another email : [email protected], and let me know that’s append.
I was noty able to debug that but may be if a future release…

Well,

I have my osp at osp.example.com

And my admin email is [email protected],

So different domains, now…

It’s back online now. I think the reason it fails sometimes is bc it can’t reach the DNS or the email server (i have those in another server, which is off sometimes). I’ll let you know if something else happens.

Thank you for your feedback.

By the way, I created a new discussion on the “Mods and Customisation” Category, regarding the maximum number of simultaneous logins per user. Give it a look sometime and let me know if you think of any solution.

Regards