Not able to log in anymore

[griefie]

I have a self hosted V2 and it seems that i am not able to log in anymore. Already logged in clients have no issues.

Only when i try to log in i get an error on the web client that states: "Unfortunately, we couldn't handle your request. Please try again or contact our support if the error persists." On the desktop client it says: "Invalid authentication, please try again."

the only place where somethig is stated is in the log file:

==> logs/auth.log <==
query: SELECT `session`.`uuid` AS `session_uuid`, `session`.`user_uuid` AS `session_user_uuid`, `session`.`hashed_access_token` AS `session_hashed_access_token`, `session`.`hashed_refresh_token` AS `session_hashed_refresh_token`, `session`.`access_expiration` AS `session_access_expiration`, `session`.`refresh_expiration` AS `session_refresh_expiration`, `session`.`api_version` AS `session_api_version`, `session`.`user_agent` AS `session_user_agent`, `session`.`created_at` AS `session_created_at`, `session`.`updated_at` AS `session_updated_at`, `session`.`readonly_access` AS `session_readonly_access` FROM `sessions` `session` WHERE `session`.`uuid` = ? -- PARAMETERS: ["beb28ebe-6c64-4d3e-a6ec-7140ff3c0286"]
query: SELECT `user`.`uuid` AS `user_uuid`, `user`.`version` AS `user_version`, `user`.`email` AS `user_email`, `user`.`pw_nonce` AS `user_pw_nonce`, `user`.`encrypted_server_key` AS `user_encrypted_server_key`, `user`.`server_encryption_version` AS `user_server_encryption_version`, `user`.`kp_created` AS `user_kp_created`, `user`.`kp_origination` AS `user_kp_origination`, `user`.`pw_cost` AS `user_pw_cost`, `user`.`pw_key_size` AS `user_pw_key_size`, `user`.`pw_salt` AS `user_pw_salt`, `user`.`pw_alg` AS `user_pw_alg`, `user`.`pw_func` AS `user_pw_func`, `user`.`encrypted_password` AS `user_encrypted_password`, `user`.`created_at` AS `user_created_at`, `user`.`updated_at` AS `user_updated_at`, `user`.`locked_until` AS `user_locked_until`, `user`.`num_failed_attempts` AS `user_num_failed_attempts` FROM `users` `user` WHERE `user`.`uuid` = ? -- PARAMETERS: ["098fc60c-828b-4d0c-9f35-6c550e28462a"]
query: SELECT `user`.`uuid` AS `user_uuid`, `user`.`version` AS `user_version`, `user`.`email` AS `user_email`, `user`.`pw_nonce` AS `user_pw_nonce`, `user`.`encrypted_server_key` AS `user_encrypted_server_key`, `user`.`server_encryption_version` AS `user_server_encryption_version`, `user`.`kp_created` AS `user_kp_created`, `user`.`kp_origination` AS `user_kp_origination`, `user`.`pw_cost` AS `user_pw_cost`, `user`.`pw_key_size` AS `user_pw_key_size`, `user`.`pw_salt` AS `user_pw_salt`, `user`.`pw_alg` AS `user_pw_alg`, `user`.`pw_func` AS `user_pw_func`, `user`.`encrypted_password` AS `user_encrypted_password`, `user`.`created_at` AS `user_created_at`, `user`.`updated_at` AS `user_updated_at`, `user`.`locked_until` AS `user_locked_until`, `user`.`num_failed_attempts` AS `user_num_failed_attempts` FROM `users` `user` WHERE `user`.`email` = ? -- PARAMETERS: ["e@egi.io"]
query: SELECT `authenticator`.`uuid` AS `authenticator_uuid`, `authenticator`.`user_uuid` AS `authenticator_user_uuid`, `authenticator`.`credential_id` AS `authenticator_credential_id`, `authenticator`.`credential_public_key` AS `authenticator_credential_public_key`, `authenticator`.`counter` AS `authenticator_counter`, `authenticator`.`credential_device_type` AS `authenticator_credential_device_type`, `authenticator`.`credential_backed_up` AS `authenticator_credential_backed_up`, `authenticator`.`transports` AS `authenticator_transports`, `authenticator`.`created_at` AS `authenticator_created_at`, `authenticator`.`updated_at` AS `authenticator_updated_at` FROM `authenticators` `authenticator` WHERE `authenticator`.`user_uuid` = ? -- PARAMETERS: ["098fc60c-828b-4d0c-9f35-6c550e28462a"]
query: SELECT `setting`.`uuid` AS `setting_uuid`, `setting`.`name` AS `setting_name`, `setting`.`value` AS `setting_value`, `setting`.`server_encryption_version` AS `setting_server_encryption_version`, `setting`.`created_at` AS `setting_created_at`, `setting`.`updated_at` AS `setting_updated_at`, `setting`.`sensitive` AS `setting_sensitive`, `setting`.`user_uuid` AS `setting_user_uuid` FROM `settings` `setting` WHERE `setting`.`name` = ? AND `setting`.`user_uuid` = ? ORDER BY updated_at DESC LIMIT 1 -- PARAMETERS: ["MFA_SECRET","098fc60c-828b-4d0c-9f35-6c550e28462a"]
query: SELECT `user`.`uuid` AS `user_uuid`, `user`.`version` AS `user_version`, `user`.`email` AS `user_email`, `user`.`pw_nonce` AS `user_pw_nonce`, `user`.`encrypted_server_key` AS `user_encrypted_server_key`, `user`.`server_encryption_version` AS `user_server_encryption_version`, `user`.`kp_created` AS `user_kp_created`, `user`.`kp_origination` AS `user_kp_origination`, `user`.`pw_cost` AS `user_pw_cost`, `user`.`pw_key_size` AS `user_pw_key_size`, `user`.`pw_salt` AS `user_pw_salt`, `user`.`pw_alg` AS `user_pw_alg`, `user`.`pw_func` AS `user_pw_func`, `user`.`encrypted_password` AS `user_encrypted_password`, `user`.`created_at` AS `user_created_at`, `user`.`updated_at` AS `user_updated_at`, `user`.`locked_until` AS `user_locked_until`, `user`.`num_failed_attempts` AS `user_num_failed_attempts` FROM `users` `user` WHERE `user`.`uuid` = ? -- PARAMETERS: ["098fc60c-828b-4d0c-9f35-6c550e28462a"]
{"level":"error","message":"Error: Unsupported state or unable to authenticate data\n    at Decipheriv.final (node:internal/crypto/cipher:199:29)\n    at CryptoNode.aes256GcmDecrypt (/opt/bundled/auth/packages/sncrypto-node/dist/src/CryptoNode.js:23:103)\n    at CrypterNode.decryptUserServerKey (/opt/bundled/auth/packages/auth/dist/src/Domain/Encryption/CrypterNode.js:71:32)\n    at CrypterNode.decryptForUser (/opt/bundled/auth/packages/auth/dist/src/Domain/Encryption/CrypterNode.js:53:51)\n    at SettingDecrypter.decryptSettingValue (/opt/bundled/auth/packages/auth/dist/src/Domain/Setting/SettingDecrypter.js:32:33)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async SettingService.findSettingWithDecryptedValue (/opt/bundled/auth/packages/auth/dist/src/Domain/Setting/SettingService.js:65:25)\n    at async VerifyMFA.execute (/opt/bundled/auth/packages/auth/dist/src/Domain/UseCase/VerifyMFA.js:100:31)\n    at async InversifyExpressAuthController.pkceParams (/opt/bundled/auth/packages/auth/dist/src/Infra/InversifyExpressUtils/HomeServer/HomeServerAuthController.js:136:35)","service":"auth"}

==> logs/api-gateway.log <==
{"level":"error","message":"Could not pass the request to http://localhost:3103/auth/pkce_params on underlying service: {\"error\":{\"message\":\"Unfortunately, we couldn't handle your request. Please try again or contact our support if the error persists.\"}}","service":"api-gateway"}

there is nothing in the error log and docker compose logs does not help either.

would be able to tell me what to do?

[moughxyz]

Likely missing some env var. Double check with the latest documentation to make sure you have all the necessary variables. cc @karolsojko in case you know the exact env var related to this error.

[karolsojko]

@griefie is it possible you don't have your keys set up as in the last 3 variables in here? https://raw.githubusercontent.com/standardnotes/server/main/.env.sample

[griefie]

Thanks for the replies @moughxyz and @karolsojko!

I have the keys set. However with a different value. I am not sure if this makes a difference.

Here are all variables that are configured:

######
# DB #
######

DB_HOST=db
DB_PORT=3306
DB_USERNAME=*************
DB_PASSWORD=*************
DB_DATABASE=*************
DB_TYPE=mysql

#########
# CACHE #
#########

REDIS_PORT=6379
REDIS_HOST=cache
CACHE_TYPE=redis

########
# KEYS #
########

AUTH_JWT_SECRET=*************
AUTH_SERVER_ENCRYPTION_SERVER_KEY=*************
VALET_TOKEN_SECRET=*************

[karolsojko]

any chance you changed the AUTH_JWT_SECRET, AUTH_SERVER_ENCRYPTION_SERVER_KEY after your registered?

[griefie]

it seems that i did while migrating to v2... any idea how i could solve that?

[karolsojko]

Do you have your previous keys? Otherwise maybe re-registering and importing a backup?

[griefie]

thanks! I will try it out!

[griefie]

It seems that replacing the current Auth secrets with the old ones has worked and i can log in again now. Thanls for the support!