Login problems after setup nodebb

Sobo85

Sry that I bother you, but I didn't find a solution for my problem via search.
When I try to login on my nodebb forum (as admin or other registed user) I'll always get returned to the login-page without any hint.
After several login attempts the admin account get's locked.

Do you have any advice for me, how to unlock the admin and fix the problem with login?

Setup:

Raspberry Pi with Raspbian (NOOBS)
Redis-Server v2.8.17
NodeBB v0.5.4

julian

Oh, a Raspberry Pi, eh?

Can you try the following:

1. npm i bcrypt
2. Go into bcrypt.js and changing require('bcryptjs') to read require('bcrypt')

Sobo85

The file is located in three different places.
I edited /var/opt/nodeBB/nodebb/bcrypt.js, restarted nodebb. The problem still exists.

/home/pi/node_modules/bcrypt/bcrypt.js
/var/opt/nodeBB/nodebb/node_modules/bcrypt/bcrypt.js
/var/opt/nodeBB/nodebb/bcrypt.js

When i tried to login as a registed user:

Invalid Csrf token

julian

@Sobo85 Does it happen all of the time? Or only sometimes?

Sobo85

Hi,

we added two new testusers. They can login without problems. The Admin and the first account we set up are still unable to login. :S Normally we don't see any hint why we couldn't log in so that we are redirected to the login-Page.

baris

Can you check the database to see if they are locked out?

If you are on redis

redis-cli
get lockout:1 //for uid 1
get loginAttempts:1

Ralkage

@Sobo85 said:

Invalid Csrf token

I always seem to get Invalid Csrf token when I log into my account (1st main account/admin account) on a new machine lol it's weird as heck lol.

Raspberry Pi huh? I feel the need to look into this myself.

Sobo85

Did a new install and had the same problem.

But could fix it. On raspbian you have to replace bcyptjs with bcrypt and I guess that this was the reason for the problem (different hashes?!).

So be aware of the correct install routine.
In the rootpath of nodebb do the following:

1. "npm install"
2. "npm unlink bcryptjs && npm i bcrypt" and change <require("bcryptjs")> into <require("bcrypt")> in the bcrypt.js file (adapted from https://community.nodebb.org/topic/1591/login-not-possible)
3. "./nodebb setup"
4. "./nodebb start"

baris

bcrpytjs is a lot slower than bcrpyt so on the raspbian hashing the password was probably taking too long, I think it was taking up to minutes with bcryptjs.

Sobo85

Yes it took up to 10 minutes.

If bcryptjs is a lot slower, why are you using it as the default hashing module? What are its advantages in comparison to bcrypt?

baris

The reason we use bcrpytjs is because it requires no compilation and the speed is acceptable on modern hardware. You don't want your password hashing to be super fast either due to security reasons.

You can still use bcrpytjs on raspbian but you would need to lower the bcrpyt_rounds setting from the default 12.

julian

@baris said:

You can still use bcrpytjs on raspbian but you would need to lower the bcrpyt_rounds setting from the default 12.

Yeah, either lower the rounds, or if you don't mind compiling it (npm does it automatically), use bcrypt instead.