Login problems after setup nodebb



  • Sry that I bother you, but I didn't find a solution for my problem via search.
    When I try to login on my nodebb forum (as admin or other registed user) I'll always get returned to the login-page without any hint.
    After several login attempts the admin account get's locked.

    Do you have any advice for me, how to unlock the admin and fix the problem with login?

    Setup:

    Raspberry Pi with Raspbian (NOOBS)
    Redis-Server v2.8.17
    NodeBB v0.5.4


  • Admin

    Oh, a Raspberry Pi, eh?

    Can you try the following:

    1. npm i bcrypt
    2. Go into bcrypt.js and changing require('bcryptjs') to read require('bcrypt')


  • The file is located in three different places.
    I edited /var/opt/nodeBB/nodebb/bcrypt.js, restarted nodebb. The problem still exists.

    /home/pi/node_modules/bcrypt/bcrypt.js
    /var/opt/nodeBB/nodebb/node_modules/bcrypt/bcrypt.js
    /var/opt/nodeBB/nodebb/bcrypt.js

    When i tried to login as a registed user:

    Invalid Csrf token


  • Admin

    @Sobo85 Does it happen all of the time? Or only sometimes?



  • Hi,

    we added two new testusers. They can login without problems. The Admin and the first account we set up are still unable to login. :S Normally we don't see any hint why we couldn't log in so that we are redirected to the login-Page.


  • Admin

    Can you check the database to see if they are locked out?

    If you are on redis

    redis-cli
    get lockout:1 //for uid 1
    get loginAttempts:1
    


  • @Sobo85 said:

    Invalid Csrf token

    I always seem to get Invalid Csrf token when I log into my account (1st main account/admin account) on a new machine lol it's weird as heck lol.

    Raspberry Pi huh? I feel the need to look into this myself. :open_mouth:



  • Did a new install and had the same problem.

    But could fix it. On raspbian you have to replace bcyptjs with bcrypt and I guess that this was the reason for the problem (different hashes?!).

    So be aware of the correct install routine.
    In the rootpath of nodebb do the following:

    1. "npm install"
    2. "npm unlink bcryptjs && npm i bcrypt" and change <require("bcryptjs")> into <require("bcrypt")> in the bcrypt.js file (adapted from https://community.nodebb.org/topic/1591/login-not-possible)
    3. "./nodebb setup"
    4. "./nodebb start"

  • Admin

    bcrpytjs is a lot slower than bcrpyt so on the raspbian hashing the password was probably taking too long, I think it was taking up to minutes with bcryptjs.



  • Yes it took up to 10 minutes. ;)

    If bcryptjs is a lot slower, why are you using it as the default hashing module? What are its advantages in comparison to bcrypt?


  • Admin

    The reason we use bcrpytjs is because it requires no compilation and the speed is acceptable on modern hardware. You don't want your password hashing to be super fast either due to security reasons.

    You can still use bcrpytjs on raspbian but you would need to lower the bcrpyt_rounds setting from the default 12.


  • Admin

    @baris said:

    You can still use bcrpytjs on raspbian but you would need to lower the bcrpyt_rounds setting from the default 12.

    Yeah, either lower the rounds, or if you don't mind compiling it (npm does it automatically), use bcrypt instead.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.