github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-06 12:55:03 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #2859] Unable to Login since upgrade to 1.17.1 (Enterprise Edition) #2259

New Issue
Closed
opened 2026-04-16 09:17:18 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-16 09:17:18 -05:00
Owner
Copy Link

Originally created by @Blacks-Army on GitHub (Apr 14, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2859

Describe the Bug

Hi,

since upgrading Pangolin from 1.17.0 to 1.17.1, I am no longer able to log in. The same setup worked without any issues on version 1.17.0.

What happens:

  1. I open the login page
  2. I enter my username and password (Or Login with Passkey)
  3. I am prompted for my TOTP/Passkey
  4. After successful verification, instead of being logged in, I am redirected back to the login page
  5. This loop repeats indefinitely

Environment:

  • Edition: Enterprise
  • Previous version: 1.17.0 (working)
  • Current version: 1.17.1 (issue started)
  • Deployment method: Docker
  • Authentication method: Passkey and username/password with TOTP

Logs:

pangolin  | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start
pangolin  | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify
pangolin  | Making login request to: http://localhost:3000/api/v1/auth/login
pangolin  | Making login request to: http://localhost:3000/api/v1/auth/login
pangolin  | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start
pangolin  | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify

Observed behavior:

  • Authentication appears to succeed
  • The system repeatedly initiates authentication again
  • No session is established
  • User is redirected back to the login page

Expected behavior:
After successful authentication, the user should be logged in and redirected to the dashboard.

Environment

  • OS Type & Version: Docker
  • Pangolin Version: Latest
  • Gerbil Version: Latest
  • Traefik Version: Latest
  • Newt Version: Latest
  • Olm Version: (if applicable)
Originally created by @Blacks-Army on GitHub (Apr 14, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2859 ### Describe the Bug Hi, since upgrading Pangolin from 1.17.0 to 1.17.1, I am no longer able to log in. The same setup worked without any issues on version 1.17.0. **What happens:** 1. I open the login page 2. I enter my username and password (Or Login with Passkey) 3. I am prompted for my TOTP/Passkey 4. After successful verification, instead of being logged in, I am redirected back to the login page 5. This loop repeats indefinitely Environment: - Edition: Enterprise - Previous version: 1.17.0 (working) - Current version: 1.17.1 (issue started) - Deployment method: Docker - Authentication method: Passkey and username/password with TOTP **Logs:** ```yaml pangolin | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start pangolin | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify pangolin | Making login request to: http://localhost:3000/api/v1/auth/login pangolin | Making login request to: http://localhost:3000/api/v1/auth/login pangolin | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/start pangolin | Making security key verify request to: http://localhost:3000/api/v1/auth/security-key/authenticate/verify ``` **Observed behavior:** - Authentication appears to succeed - The system repeatedly initiates authentication again - No session is established - User is redirected back to the login page **Expected behavior:** After successful authentication, the user should be logged in and redirected to the dashboard. ### Environment - OS Type & Version: Docker - Pangolin Version: Latest - Gerbil Version: Latest - Traefik Version: Latest - Newt Version: Latest - Olm Version: (if applicable)
GiteaMirror commented 2026-04-16 09:17:19 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Apr 14, 2026):

Interesting... If you try in a incognito window or after clearing browser data does it change? Could you put the server into debug mode and send some logs both with the key and the user/pass? https://docs.pangolin.net/self-host/advanced/config-file#param-log-level

<!-- gh-comment-id:4247308254 --> @oschwartz10612 commented on GitHub (Apr 14, 2026): Interesting... If you try in a incognito window or after clearing browser data does it change? Could you put the server into debug mode and send some logs both with the key and the user/pass? https://docs.pangolin.net/self-host/advanced/config-file#param-log-level
GiteaMirror commented 2026-04-16 09:17:20 -05:00
Author
Owner
Copy Link

@Blacks-Army commented on GitHub (Apr 15, 2026):

Okay, the logs do not reveal much, they mainly show that Pangolin is verifying the session Badger sent. However, I was able to narrow the issue down to Badger.

With Badger v1.3.1, login works as expected, while with v1.4.0 it does not.

One interesting observation is that even when running Badger v1.4.0, the logs from badger/pangolin still report the version as v1.3.1.

There is a significant amount of sensitive data in the logs, so I would prefer not to share them publicly.

This issue can be closed on my side, I will open a dedicated issue in the Badger repository.

As a general suggestion, it would be very helpful to have a toggle or option to anonymize logs automatically, so they can be shared safely for debugging purposes.

<!-- gh-comment-id:4252763235 --> @Blacks-Army commented on GitHub (Apr 15, 2026): Okay, the logs do not reveal much, they mainly show that Pangolin is verifying the session Badger sent. However, I was able to narrow the issue down to Badger. With Badger v1.3.1, login works as expected, while with v1.4.0 it does not. One interesting observation is that even when running Badger v1.4.0, the logs from badger/pangolin still report the version as v1.3.1. There is a significant amount of sensitive data in the logs, so I would prefer not to share them publicly. This issue can be closed on my side, I will open a dedicated issue in the Badger repository. As a general suggestion, it would be very helpful to have a toggle or option to anonymize logs automatically, so they can be shared safely for debugging purposes.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#2259
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?