Failed to authenticate via the WebUI (Authelia)

[m0rphed]

• [x] I've read the FAQ and my problem isn't described there.
• [x] I've also searched through the existing issues, and my problem hasn't been brought up

Describe the issue and since then, authorization on the site no longer works

VPN WireGurad server itself is working, but a couple of days ago, I was unable to log in to the WebUI and since then, TOTP authorization no longer works.

I've been using Aegis for TOTP since the day 1 of my server going online (~ month of stable work); doesn't seem to be a problem with the aegis.

I've tried restarting docker containers, but it did nothing 😕

Here is the logs (of authelia docker container)

time="2023-06-12T16:02:37Z" level=info msg="Shutting down"
time="2023-06-12T16:02:39Z" level=info msg="Authelia v4.36.9 is starting"
time="2023-06-12T16:02:39Z" level=info msg="Log severity set to debug"
time="2023-06-12T16:02:39Z" level=info msg="Storage schema is being checked for updates"
time="2023-06-12T16:02:39Z" level=info msg="Storage schema is already up to date"
time="2023-06-12T16:02:44Z" level=warning msg="Could not read from the NTP server socket to validate the system time is properly synchronized: read udp 10.8.2.4:37807->162.159.200.1:123: i/o timeout"
time="2023-06-12T16:02:44Z" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/'"
time="2023-06-12T16:03:41Z" level=warning msg="Session destroyed for user 'morph' after exceeding configured session inactivity and not being marked as remembered" method=GET path=/api/verify remote_ip=*.*.*.*
time="2023-06-12T16:03:41Z" level=debug msg="Check authorization of subject username= groups= ip=*.*.*.* and object https://wg.the-vpn-domain-I-come-up-with.duckdns.org/ (method )."
time="2023-06-12T16:03:41Z" level=info msg="Access to https://wg.the-vpn-domain-I-come-up-with.duckdns.org/ (method unknown) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=*.*.*.*
time="2023-06-12T16:03:45Z" level=debug msg="Mark 1FA authentication attempt made by user 'morph'" method=POST path=/api/firstfactor remote_ip=*.*.*.*
time="2023-06-12T16:03:45Z" level=debug msg="Successful 1FA authentication attempt made by user 'morph'" method=POST path=/api/firstfactor remote_ip=*.*.*.*
time="2023-06-12T16:03:45Z" level=debug msg="Check authorization of subject username=morph groups=admins,dev ip=*.*.*.* and object https://wg.the-vpn-domain-I-come-up-with.duckdns.org/ (method )."
time="2023-06-12T16:03:45Z" level=debug msg="Required level for the URL https://wg.the-vpn-domain-I-come-up-with.duckdns.org/ is 2" method=POST path=/api/firstfactor remote_ip=*.*.*.*
time="2023-06-12T16:03:45Z" level=warning msg="https://wg.the-vpn-domain-I-come-up-with.duckdns.org/ requires 2FA, cannot be redirected yet" method=POST path=/api/firstfactor remote_ip=*.*.*.*
time="2023-06-12T16:04:40Z" level=debug msg="Mark TOTP authentication attempt made by user 'morph'" method=POST path=/api/secondfactor/totp remote_ip=*.*.*.*
time="2023-06-12T16:04:40Z" level=error msg="Unsuccessful TOTP authentication attempt by user 'morph'" method=POST path=/api/secondfactor/totp remote_ip=*.*.*.* stack="github.com/authelia/authelia/v4/internal/handlers/response.go:201               markAuthenticationAttempt\ngithub.com/authelia/authelia/v4/internal/handlers/handler_sign_totp.go:41       TimeBasedOneTimePasswordPOST\ngithub.com/authelia/authelia/v4/internal/middlewares/require_first_factor.go:15 Require1FA.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/bridge.go:54               (*BridgeBuilder).Build.func1.1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:25              SecurityHeadersCSPNone.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:35              SecurityHeadersNoStore.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:16              SecurityHeaders.func1\ngithub.com/fasthttp/router@v1.4.12/router.go:414                                (*Router).Handler\ngithub.com/valyala/fasthttp@v1.40.0/http.go:154
                      (*Response).StatusCode\ngithub.com/valyala/fasthttp@v1.40.0/server.go:2311
      (*Server).serveConn\ngithub.com/valyala/fasthttp@v1.40.0/workerpool.go:224                           (*workerPool).workerFunc\ngithub.com/valyala/fasthttp@v1.40.0/workerpool.go:196                           (*workerPool).getCh.func1\nruntime/asm_amd64.s:1594                                                        goexit"

• other functionality not affected, but I really like your playbook specifically because of this nice WebUI packed, it's a bummer that it stopped working.

Maybe related I've noticed that there is a message "could not read from the NTP server socket server" in logs - so, since the version of containerized Authelia is 4.36.9 - this could be related.

Environment:

• Client OS: tried all - Windows, Linux, Android Chrome browser
• VPS OS: Ubuntu 22.04
• VPS Provider: timeweb.cloud (just a regular VPS provider)

[m0rphed]

I've failed to identify the cause of the issue. But resetting 2FA device solved this

from docs:

docker stop authelia && docker rm authelia
sudo rm -rf /opt/docker/authelia
cd $HOME/ansible-easy-vpn
bash bootstrap.sh

[m0rphed]

could be closed