After upgrading lemmy and lemmy-ui to v0.18.0 on an instance of mine, I'm unable to login with one of two users on the instance.
On login attempt an alert slides up with content:
SyntaxError: Unexpected token 'R', "Record not found" is not valid JSON
Anyone else?
I see in lemmy server logs :
LemmyError {
message: None,
inner: Record not found,
context: SpanTrace [
{
target: "lemmy_api::local_user::login",
name: "perform",
fields: "self=Login { username_or_email: Sensitive, password: Sensitive, totp_2fa_token: None }",
file: "crates/api/src/local_user/login.rs",
line: 16
},
{
target: "lemmy_server::root_span_builder",
name: "HTTP request",
fields: "http.method=POST http.scheme=\"https\" http.host=my.lemmy.tld:443 http.target=/api/v3/user/login otel.kind=\"server\" request_id=06adb55b-6568-4435-96eb-c620904db0f6",
file: "src/root_span_builder.rs",
line: 16
}
]
}
I see in postgres logs that the user is fetched
SELECT "local_user"."id", "local_user"."person_id", "local_user"."password_encrypted", "local_user"."email", "local_user"."show_nsfw", "local_user"."theme", "local_user"."default_sort_type", "local_user"."default_listing_type", "local_user"."interface_language", "local_user"."show_avatars", "local_user"."send_notifications_to_email", "local_user"."validator_time", "local_user"."show_scores", "local_user"."show_bot_accounts", "local_user"."show_read_posts", "local_user"."show_new_post_notifs", "local_user"."email_verified", "local_user"."accepted_application", "local_user"."totp_2fa_secret", "local_user"."totp_2fa_url", "person"."id", "person"."name", "person"."display_name", "person"."avatar", "person"."banned", "person"."published", "person"."updated", "person"."actor_id", "person"."bio", "person"."local", "person"."private_key", "person"."public_key", "person"."last_refreshed_at", "person"."banner", "person"."deleted", "person"."inbox_url", "person"."shared_inbox_url", "person"."matrix_user_id", "person"."admin", "person"."bot_account", "person"."ban_expires", "person"."instance_id", "person_aggregates"."id", "person_aggregates"."person_id", "person_aggregates"."post_count", "person_aggregates"."post_score", "person_aggregates"."comment_count", "person_aggregates"."comment_score"
FROM (("local_user" INNER JOIN "person" ON ("local_user"."person_id" = "person"."id")) INNER JOIN "person_aggregates" ON ("person"."id" = "person_aggregates"."person_id"))
WHERE ((lower("person"."name") = lower('MyUserName')) OR ("local_user"."email" = 'MyUserName')) LIMIT 1;
I verified that the query returns a record.
EDIT: I can login via the password reset flow. Subsequent login attempts still fails though.
EDIT 2: I'm fairly certain my issue was introduced here: https://github.com/LemmyNet/lemmy/commit/5af831c6fad0cd462f6abe3645d8c26b3481bab7
The affected account was created when registration was open and no application was necessary.
I then switched the instance to closed registration. After upgrading to v0.18.0 I saw the error above.
I toggled the site to open with application required and I was able to log in.
I toggled it back to closed..and I can still login. I'm not sure what was triggered but now I can't repro the issue. π€·ββοΈ
Yeah they're stealing jwt tokens and noting when they're admins.
https://lemmy.sdf.org/comment/850269