[GH-ISSUE #2859] Unable to Login since upgrade to 1.17.1 (Enterprise Edition) #11020

New Issue

Closed

opened 2026-05-06 15:42:56 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-05-06 15:42:56 -05:00

Owner

Copy Link

Originally created by @Blacks-Army on GitHub (Apr 14, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2859

Describe the Bug

Hi,

since upgrading Pangolin from 1.17.0 to 1.17.1, I am no longer able to log in. The same setup worked without any issues on version 1.17.0.

What happens:

1. I open the login page
2. I enter my username and password (Or Login with Passkey)
3. I am prompted for my TOTP/Passkey
4. After successful verification, instead of being logged in, I am redirected back to the login page
5. This loop repeats indefinitely

Environment:

• Edition: Enterprise
• Previous version: 1.17.0 (working)
• Current version: 1.17.1 (issue started)
• Deployment method: Docker
• Authentication method: Passkey and username/password with TOTP

Logs:

pangolin  | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start
pangolin  | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify
pangolin  | Making login request to: http://localhost:3000/api/v1/auth/login
pangolin  | Making login request to: http://localhost:3000/api/v1/auth/login
pangolin  | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start
pangolin  | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify

Observed behavior:

• Authentication appears to succeed
• The system repeatedly initiates authentication again
• No session is established
• User is redirected back to the login page

Expected behavior:
After successful authentication, the user should be logged in and redirected to the dashboard.

Environment

• OS Type & Version: Docker
• Pangolin Version: Latest
• Gerbil Version: Latest
• Traefik Version: Latest
• Newt Version: Latest
• Olm Version: (if applicable)

Originally created by @Blacks-Army on GitHub (Apr 14, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2859 ### Describe the Bug Hi, since upgrading Pangolin from 1.17.0 to 1.17.1, I am no longer able to log in. The same setup worked without any issues on version 1.17.0. **What happens:** 1. I open the login page 2. I enter my username and password (Or Login with Passkey) 3. I am prompted for my TOTP/Passkey 4. After successful verification, instead of being logged in, I am redirected back to the login page 5. This loop repeats indefinitely Environment: - Edition: Enterprise - Previous version: 1.17.0 (working) - Current version: 1.17.1 (issue started) - Deployment method: Docker - Authentication method: Passkey and username/password with TOTP **Logs:** ```yaml pangolin | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start pangolin | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify pangolin | Making login request to: http://localhost:3000/api/v1/auth/login pangolin | Making login request to: http://localhost:3000/api/v1/auth/login pangolin | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start pangolin | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify ``` **Observed behavior:** - Authentication appears to succeed - The system repeatedly initiates authentication again - No session is established - User is redirected back to the login page **Expected behavior:** After successful authentication, the user should be logged in and redirected to the dashboard. ### Environment - OS Type & Version: Docker - Pangolin Version: Latest - Gerbil Version: Latest - Traefik Version: Latest - Newt Version: Latest - Olm Version: (if applicable)

GiteaMirror closed this issue 2026-05-06 15:42:56 -05:00

GiteaMirror commented 2026-05-06 15:42:57 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Apr 14, 2026):

Interesting... If you try in a incognito window or after clearing browser data does it change? Could you put the server into debug mode and send some logs both with the key and the user/pass? https://docs.pangolin.net/self-host/advanced/config-file#param-log-level

<!-- gh-comment-id:4247308254 --> @oschwartz10612 commented on GitHub (Apr 14, 2026): Interesting... If you try in a incognito window or after clearing browser data does it change? Could you put the server into debug mode and send some logs both with the key and the user/pass? https://docs.pangolin.net/self-host/advanced/config-file#param-log-level

GiteaMirror commented 2026-05-06 15:42:58 -05:00

Author

Owner

Copy Link

@Blacks-Army commented on GitHub (Apr 15, 2026):

Okay, the logs do not reveal much, they mainly show that Pangolin is verifying the session Badger sent. However, I was able to narrow the issue down to Badger.

With Badger v1.3.1, login works as expected, while with v1.4.0 it does not.

One interesting observation is that even when running Badger v1.4.0, the logs from badger/pangolin still report the version as v1.3.1.

There is a significant amount of sensitive data in the logs, so I would prefer not to share them publicly.

This issue can be closed on my side, I will open a dedicated issue in the Badger repository.

As a general suggestion, it would be very helpful to have a toggle or option to anonymize logs automatically, so they can be shared safely for debugging purposes.

<!-- gh-comment-id:4252763235 --> @Blacks-Army commented on GitHub (Apr 15, 2026): Okay, the logs do not reveal much, they mainly show that Pangolin is verifying the session Badger sent. However, I was able to narrow the issue down to Badger. With Badger v1.3.1, login works as expected, while with v1.4.0 it does not. One interesting observation is that even when running Badger v1.4.0, the logs from badger/pangolin still report the version as v1.3.1. There is a significant amount of sensitive data in the logs, so I would prefer not to share them publicly. This issue can be closed on my side, I will open a dedicated issue in the Badger repository. As a general suggestion, it would be very helpful to have a toggle or option to anonymize logs automatically, so they can be shared safely for debugging purposes.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#11020