search

inventree / InvenTree

Open Source Inventory Management System
https://docs.inventree.org
MIT License
4.34k stars 786 forks source link

Unable to logon - goes back to logon screen #8481

Closed StormTrooper closed 1 week ago

StormTrooper commented 1 week ago

Please verify that this bug has NOT been raised before.

Describe the bug*

When I try and logon I get taken back to the logon screen without any errors. (This is on the old GUI interface) I know the password is correct as if I enter the wrong password I get the correct response about password being incorrect.

This is happening across multiple machines/multiple browsers. (Latest Chrome and FF on Ubuntu 24.04)

I am however logged into a session from one machine and everything is working (Don't want to logout as I might not be able to get back in)

If I view the user under Admin I can see the last logon time is being updated so it's logging on but then kicking me out.

The issue looks similar to: https://github.com/inventree/InvenTree/issues/7127

I did try update the settings.py file but this didn't make any difference. I have also updated from 0.16.2 to 0.16.8 a few days ago so not sure if it's related.

Tried clearing cache on browsers, rebooting inventree server. Not sure where to go from here or what logs to check.

Steps to Reproduce

Try and logon to Inventree only to be taken back to the logon screen.

Expected behaviour

Should be able to logon

Deployment Method

Version Information

Version Information:

InvenTree-Version: 0.16.8 Django Version: 4.2.15

Database: mysql Debug-Mode: False Deployed using Docker: False Platform: Linux-5.4.0-200-generic-x86_64-with-glibc2.31 Installer: None

Active plugins: [{'name': 'InvenTreeBarcode', 'slug': 'inventreebarcode', 'version': '2.1.0'}, {'name': 'InvenTreeCoreNotificationsPlugin', 'slug': 'inventreecorenotificationsplugin', 'version': '1.0.0'}, {'name': 'InvenTreeCurrencyExchange', 'slug': 'inventreecurrencyexchange', 'version': '1.0.0'}, {'name': 'InvenTreeLabel', 'slug': 'inventreelabel', 'version': '1.1.0'}, {'name': 'InvenTreeLabelMachine', 'slug': 'inventreelabelmachine', 'version': '1.0.0'}, {'name': 'InvenTreeLabelSheet', 'slug': 'inventreelabelsheet', 'version': '1.0.0'}, {'name': 'DigiKeyPlugin', 'slug': 'digikeyplugin', 'version': '1.0.0'}, {'name': 'LCSCPlugin', 'slug': 'lcscplugin', 'version': '1.0.0'}, {'name': 'MouserPlugin', 'slug': 'mouserplugin', 'version': '1.0.0'}, {'name': 'TMEPlugin', 'slug': 'tmeplugin', 'version': '1.0.0'}, {'name': 'KiCadLibraryPlugin', 'slug': 'kicad-library-plugin', 'version': '1.4.3'}]

Please verify if you can reproduce this bug on the demo site.

Relevant log output

StormTrooper commented 1 week ago

Looking through various PRs I came across this:

https://github.com/inventree/InvenTree/pull/8390

For existing installs, the user should adjust the value of "cookie.samesite" (in "config.yaml" settings file) from "none" to "false"

The setting on my install was none. I've changed to false and this has fixed the issue.

Guess this issue only raised it's head as I'm always logged onto the session that was always working and one of the users had not logged in since the upgrade a few days ago.

Mattie112 commented 5 hours ago

I'll reply here as this seems to be the first issue mentioning this. We also had our InvenTree being broken (we auto-update everything) and this indeed fixes it.

My question however: why was this released as a MINOR version? It breaks all existing setups with the "default" configuration. That is a bit strange to me.

matmair commented 2 hours ago

I do not recommend autoupdating at this point. We are pre 1.0 so as per SemVer there can be and are breaking changes with releases. Not all default instances are broken, only a certain range. That is why there is no auto-mitigation. There are valid use cases for both settings. Pull requests to improve SRE aspects are always appreciated.

matmair commented 2 hours ago

https://github.com/inventree/InvenTree/issues/7847 Would be a simple first issue