Can no longer log in #1912

New Issue

GiteaMirror · 2026-03-22T13:45:54-05:00

GiteaMirror commented

2026-03-22 13:45:54 -05:00

Originally created by @ozuzo on GitHub (Feb 1, 2024).

Description

Updated our 0.22 version to 0.22.1, to check out the fix for the subprojects not always being correctly displayed in the menu on the left. After updating I no longer seem to be able to login using (previously working) credentials stored in the browser. On the network tab, I see

{"code":1011,"message":"Wrong username or password."}
as response.

Side note: running Vikunja on a shared host which does not expose user-defined ports to the internet, so I've added a proxy rule to the .htaccess file of the frontend:

RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule ^\/?(index\.html|favicon\.ico|assets|audio|fonts|images|manifest\.webmanifest|robots\.txt|sw\.js|workbox-.*|dav|\.well-known) - [L]
RewriteRule ^api/(.*[^/])/?$ http://localhost:3456/api/$1 [P,L]
RewriteRule ^(.*)$ index.html [QSA,L]

-- this worked fine until this morning.

One other note (don't ask ;-) -- passwords are not set via Vikunja itself, but are synced with another tool we're using (Bookstack), so users only have one set of logins to worry about. This also has also worked before (the password hashes are all of the 2$... form)

So two questions: any changes to the login flow, or the way passwords are checked, before I need to start debugging what I might've broken during the update?

Vikunja Frontend Version

0.22.1

Vikunja API Version

0.22.1

Browser and version

Both up-to-date Edge and Firefox

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @ozuzo on GitHub (Feb 1, 2024). ### Description Updated our 0.22 version to 0.22.1, to check out the fix for the subprojects not always being correctly displayed in the menu on the left. After updating I no longer seem to be able to login using (previously working) credentials stored in the browser. On the network tab, I see ``{"code":1011,"message":"Wrong username or password."} `` as response. Side note: running Vikunja on a shared host which does not expose user-defined ports to the internet, so I've added a proxy rule to the .htaccess file of the frontend: ``` RewriteEngine On RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^\/?(index\.html|favicon\.ico|assets|audio|fonts|images|manifest\.webmanifest|robots\.txt|sw\.js|workbox-.*|dav|\.well-known) - [L] RewriteRule ^api/(.*[^/])/?$ http://localhost:3456/api/$1 [P,L] RewriteRule ^(.*)$ index.html [QSA,L] ``` -- this worked fine until this morning. One other note (don't ask ;-) -- passwords are not set via Vikunja itself, but are synced with another tool we're using (Bookstack), so users only have one set of logins to worry about. This also has also worked before (the password hashes are all of the 2$... form) So two questions: any changes to the login flow, or the way passwords are checked, before I need to start debugging what I might've broken during the update? ### Vikunja Frontend Version 0.22.1 ### Vikunja API Version 0.22.1 ### Browser and version Both up-to-date Edge and Firefox ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_

GiteaMirror closed this issue

2026-03-22 13:45:55 -05:00

GiteaMirror commented

2026-03-22 13:45:56 -05:00

@kolaente commented on GitHub (Feb 1, 2024):

passwords are not set via Vikunja itself, but are synced with another tool we're using (Bookstack), so users only have one set of logins to worry about. This also has also worked before (the password hashes are all of the 2$... form)

You really should use openid for that.

To debug this, you could enable database logging to see if the queries work and if the password hash is the problem here.

any changes to the login flow, or the way passwords are checked, before I need to start debugging what I might've broken during the update?

There have not been any explicit changes to that. However, we don't implement the password hashing ourselves but use the Go standard library for that, which may have been updated in a way that it no longer works with the Hashes from Bookstack.

Unfortunately, it does not look like this is a problem Vikunja should solve, because what you're doing is not really intended and there are better alternatives available.

@kolaente commented on GitHub (Feb 1, 2024): > passwords are not set via Vikunja itself, but are synced with another tool we're using (Bookstack), so users only have one set of logins to worry about. This also has also worked before (the password hashes are all of the 2$... form) You really should use openid for that. To debug this, you could enable [database logging](https://vikunja.io/docs/config-options/#database-2) to see if the queries work and if the password hash is the problem here. > any changes to the login flow, or the way passwords are checked, before I need to start debugging what I might've broken during the update? There have not been any explicit changes to that. However, we don't implement the password hashing ourselves but use the Go standard library for that, which may have been updated in a way that it no longer works with the Hashes from Bookstack. Unfortunately, it does not look like this is a problem Vikunja should solve, because what you're doing is not really intended and there are better alternatives available.

GiteaMirror commented

2026-03-22 13:45:56 -05:00

@ozuzo commented on GitHub (Feb 1, 2024):

Fully understand. Given the limitations on the shared host this was the easiest solution, it is only for a very small group of users.

Where there any database migration steps for .22 -> .22.1? So I know if I should restore a backup if I want to rollback to .22

@ozuzo commented on GitHub (Feb 1, 2024): Fully understand. Given the limitations on the shared host this was the easiest solution, it is only for a very small group of users. Where there any database migration steps for .22 -> .22.1? So I know if I should restore a backup if I want to rollback to .22

GiteaMirror commented

2026-03-22 13:45:57 -05:00

@ozuzo commented on GitHub (Feb 2, 2024):

Please ignore my stupidity :-) During the upgrade I managed to remove the config.yml file, so that Vikunja was now using a sqlite database instead of the MySQL one....

@ozuzo commented on GitHub (Feb 2, 2024): Please ignore my stupidity :-) During the upgrade I managed to remove the config.yml file, so that Vikunja was now using a sqlite database instead of the MySQL one....

GiteaMirror referenced this issue

2026-03-22 14:53:57 -05:00

[PR #1912] [MERGED] chore(deps): update pnpm to v10.24.0 #3779

GiteaMirror referenced this issue

2026-04-16 13:34:03 -05:00

[PR #1912] [MERGED] chore(deps): update pnpm to v10.24.0 #5320

GiteaMirror referenced this issue

2026-04-20 17:55:52 -05:00

[PR #1912] [MERGED] chore(deps): update pnpm to v10.24.0 #7904

GiteaMirror referenced this issue

2026-04-23 09:06:57 -05:00

[PR #1912] [MERGED] chore(deps): update pnpm to v10.24.0 #9620

Sign in to join this conversation.

Branches Tags

main

feat-huma-api-v2-migration

fix-list-sort-resets

feat-mcp

feat-v2-foundation

spike-huma-openapi3

claude/investigate-swagger3-support-nyyUa

feat-list-view-buckets

ci-mysql-8-test

codex/analyze-codebase-for-email-task-feature

feat-project-templates

csv-import-feature

claude/email-reply-comments-wpdcQ

fix-oidc-pkce-support

fix/overview-subtasks-expand

feat/bucket-select-task-detail

feat-soft-delete-projects

claude/review-bot-design-plan-cf5C3

claude/project-scoped-api-tokens-KTqR3

claude/explore-openclaw-integration-KQEzg

claude/project-scoped-api-tokens-yv5KS

fix-duplicate-close-button

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#1912