Hello, I’m having issues with my instance. Everything is working fine, except when I try to log in in these few instances:

  • Using a password manager (I have to clear out and type in my username, some sort of validation logic?)
  • Mobile Web, haven’t been able to log in at all here. Again I paste in my password
  • Jerboa, haven’t been able to log in once here.

Each time I get a nice HTTP WARN message in my logs that doesn’t give me much info except for “password incorrect” - but I use the same password on desktop.

lemmy-lemmy-1  | 2023-06-05T18:46:41.807868Z  WARN Error encountered while processing the incoming HTTP request: lemmy_server::root_span_builder: password_incorrect: password_incorrect
lemmy-lemmy-1  |    0: lemmy_api::local_user::login::perform
lemmy-lemmy-1  |            with self=Login { username_or_email: Sensitive, password: Sensitive }
lemmy-lemmy-1  |              at crates/api/src/local_user/login.rs:17
lemmy-lemmy-1  |    1: lemmy_server::root_span_builder::HTTP request
lemmy-lemmy-1  |            with http.method=POST http.scheme="http" http.host=poptalk.scrubbles.tech http.target=/api/v3/user/login otel.kind="server" request_id=d4af82df-c108-4f70-93e6-aec712735499 http.status_code=400 otel.status_code="OK"
lemmy-lemmy-1  |              at src/root_span_builder.rs:16
lemmy-lemmy-1  | LemmyError { message: Some("password_incorrect"), inner: password_incorrect, context: "SpanTrace" }
lemmy-lemmy-1  | 2023-06-05T18:46:41.807905Z  INFO actix_web::middleware::logger: 172.31.0.6 "POST /api/v3/user/login HTTP/1.1" 400 30 "-" "okhttp/5.0.0-alpha.11" 0.281977    

Any ideas what may be causing this?

Edit: As @PirateSaysAye@sh.itjust.works says, login will fail if you have too long of a password. I was using a 64 character random password, I brought it down to a shorter password and everything started working perfectly

  • Scrubbles@poptalk.scrubbles.techOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It is my admin user, hjson matches admin_username: "scrubbles" I hate to give up my user…

    Oh the password in there has changed though to a new password, is it comparing the json stored password instead of the new one I set? I thought it’d be more secure that way

    • Grouchy@lemmy.grouchysysadmin.com
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I think the admin_username, admin_password stuff in lemmy.hjson is only for the initial setup. It’s not needed after that. I don’t have those entries in my lemmy.hjson.

    • pe1uca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That I’m not sure, I just updated the password and have been using that one, not sure if it can be changed in the UI.

        • PirateSaysAye@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I’m not sure if this applies in your case, but I was having trouble signing up and logging in. The mobile web version just hung as if it was thinking and never progressed to success or failure. I was able to complete both functions successfully using a password manager on the desktop website (show as desktop site on mobile browser), but was unable to login in Jerboa on Android. I was using a 63 character password.

          I changed my password on the desktop site to a temporary 12 character one and everything worked fine. I went looking for what the maximum password length is and got a hint that it may be 60 characters in the Jerboa app. I changed my password to 61 characters and had the same problem, but then 60 characters worked fine everywhere, confirming that to be the problem.

          If your password is over 60 characters, try a shorter one and see if that solves your problems too? Let us know how it goes.

          • Scrubbles@poptalk.scrubbles.techOP
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            That’s actually what happened! I should update this so other people know, but yeah it was too long of a password! I use a password manager and obviously chose the longest one that would fit in there. I brought mine down to 16-20 characters and it works perfectly now