github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 11:37:49 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

Unauthorized on login/create new accounts #553

New Issue
Closed
opened 2025-11-01 20:58:55 -05:00 by GiteaMirror · 15 comments
GiteaMirror commented 2025-11-01 20:58:55 -05:00
Owner
Copy Link

Originally created by @graphixillusion on GitHub (Aug 18, 2025).

Description

As the title says i'm getting Unauthorized when i try to login or create new accounts with version 1.0.0-rc1. Exact same config works well in the previous version. I'm using sqlite backend

Vikunja Version

1.0.0-rc1

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @graphixillusion on GitHub (Aug 18, 2025). ### Description As the title says i'm getting Unauthorized when i try to login or create new accounts with version 1.0.0-rc1. Exact same config works well in the previous version. I'm using sqlite backend ### Vikunja Version 1.0.0-rc1 ### Browser and version _No response_ ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_
GiteaMirror commented 2025-11-01 20:58:55 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

Duplicate of https://github.com/go-vikunja/vikunja/issues/1303

@kolaente commented on GitHub (Aug 18, 2025): Duplicate of https://github.com/go-vikunja/vikunja/issues/1303
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

The public URL is correctly setup but i'm still getting unauthorize

@graphixillusion commented on GitHub (Aug 18, 2025): The public URL is correctly setup but i'm still getting unauthorize
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

Did you change any cors settings?

@kolaente commented on GitHub (Aug 18, 2025): Did you change any cors settings?
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

No, i didn't touch anything. This is the docker compose file i'm using (works with previous version, doesn't with current rc)

services:
  vikunja:
    image: vikunja/vikunja
    environment:
      VIKUNJA_SERVICE_JWTSECRET: SECRETSTRING
      VIKUNJA_SERVICE_PUBLICURL: http://domain/
      VIKUNJA_DATABASE_PATH: /db/vikunja.db
      VIKUNJA_SERVICE_ENABLEREGISTRATION: true
      VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
      VIKUNJA_SERVICE_TIMEZONE: Europe/Rome
      VIKUNJA_MAILER_ENABLED: 1
      VIKUNJA_MAILER_FORCESSL: 1
      VIKUNJA_MAILER_HOST: smtp.mail.server
      VIKUNJA_MAILER_PORT: port
      VIKUNJA_MAILER_USERNAME: username
      VIKUNJA_MAILER_PASSWORD: password
      VIKUNJA_MAILER_FROMEMAIL: email
    ports:
      - 3456:3456
    volumes:
      - ./files:/app/vikunja/files
      - ./db:/db
    restart: unless-stopped
@graphixillusion commented on GitHub (Aug 18, 2025): No, i didn't touch anything. This is the docker compose file i'm using (works with previous version, doesn't with current rc) ``` services: vikunja: image: vikunja/vikunja environment: VIKUNJA_SERVICE_JWTSECRET: SECRETSTRING VIKUNJA_SERVICE_PUBLICURL: http://domain/ VIKUNJA_DATABASE_PATH: /db/vikunja.db VIKUNJA_SERVICE_ENABLEREGISTRATION: true VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1 VIKUNJA_SERVICE_TIMEZONE: Europe/Rome VIKUNJA_MAILER_ENABLED: 1 VIKUNJA_MAILER_FORCESSL: 1 VIKUNJA_MAILER_HOST: smtp.mail.server VIKUNJA_MAILER_PORT: port VIKUNJA_MAILER_USERNAME: username VIKUNJA_MAILER_PASSWORD: password VIKUNJA_MAILER_FROMEMAIL: email ports: - 3456:3456 volumes: - ./files:/app/vikunja/files - ./db:/db restart: unless-stopped ```
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

Can you enable debug logs and look for a message on startup about cors?

@kolaente commented on GitHub (Aug 18, 2025): Can you enable debug logs and look for a message on startup about cors?
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

vikunja-1  | time=2025-08-18T19:08:26.349Z level=INFO msg="No config file found, using default or config from environment variables."
vikunja-1  | time=2025-08-18T19:08:26.351Z level=INFO msg="Running migrations…"
vikunja-1  | time=2025-08-18T19:08:30.995Z level=INFO msg="Ran all migrations successfully."
vikunja-1  | time=2025-08-18T19:08:31.002Z level=DEBUG msg="[Task Reminder Cron] Timezone is Europe/Rome"
vikunja-1  | time=2025-08-18T19:08:31.002Z level=INFO msg="Vikunja version v1.0.0-rc1"
vikunja-1  | time=2025-08-18T19:08:31.007Z level=DEBUG msg="CORS enabled with origins: http://127.0.0.1:*, http://localhost:*, http://domain"
vikunja-1  | ⇨ http server started on [::]:3456
vikunja-1  | time=2025-08-18T19:09:00.001Z level=DEBUG msg="[Task Reminder Cron] Looking for reminders between 2025-08-18 21:09:00 +0200 CEST and 2025-08-18 21:10:00 +0200 CEST to send..."
vikunja-1  | time=2025-08-18T19:09:00.003Z level=DEBUG msg="[Undone Overdue Tasks Reminder] Sending reminders to 0 users"
vikunja-1  | time=2025-08-18T19:09:00.007Z level=DEBUG msg="[Task Reminder Cron] Found 0 reminders"
vikunja-1  | time=2025-08-18T19:09:06.592Z level=INFO msg="GET /" component=http status=200 remote_ip=xxx.xxx.xxx.xxx latency=1.589214ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:06.698Z level=INFO msg="GET /assets/index-E9iI11Ft.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=18.92513ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:06.711Z level=INFO msg="GET /assets/index-DZd056YX.css" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=5.978934ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:06.971Z level=INFO msg="GET /assets/it-IT-Dn7IDiz-.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=1.616696ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:07.053Z level=INFO msg="GET /assets/it-TtPQqK9z.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=543.812µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:07.114Z level=INFO msg="GET /api/v1/info" component=http status=200 remote_ip=xxx.xxx.xxx.xxx latency=579.553µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
vikunja-1  | time=2025-08-18T19:09:21.364Z level=INFO msg="POST /api/v1/register" component=http status=401 remote_ip=xxx.xxx.xxx.xxx latency=102.48µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"

Now i'm seeing that despite the current timezone is setup, the log datetime is incorrect

@graphixillusion commented on GitHub (Aug 18, 2025): ``` vikunja-1 | time=2025-08-18T19:08:26.349Z level=INFO msg="No config file found, using default or config from environment variables." vikunja-1 | time=2025-08-18T19:08:26.351Z level=INFO msg="Running migrations…" vikunja-1 | time=2025-08-18T19:08:30.995Z level=INFO msg="Ran all migrations successfully." vikunja-1 | time=2025-08-18T19:08:31.002Z level=DEBUG msg="[Task Reminder Cron] Timezone is Europe/Rome" vikunja-1 | time=2025-08-18T19:08:31.002Z level=INFO msg="Vikunja version v1.0.0-rc1" vikunja-1 | time=2025-08-18T19:08:31.007Z level=DEBUG msg="CORS enabled with origins: http://127.0.0.1:*, http://localhost:*, http://domain" vikunja-1 | ⇨ http server started on [::]:3456 vikunja-1 | time=2025-08-18T19:09:00.001Z level=DEBUG msg="[Task Reminder Cron] Looking for reminders between 2025-08-18 21:09:00 +0200 CEST and 2025-08-18 21:10:00 +0200 CEST to send..." vikunja-1 | time=2025-08-18T19:09:00.003Z level=DEBUG msg="[Undone Overdue Tasks Reminder] Sending reminders to 0 users" vikunja-1 | time=2025-08-18T19:09:00.007Z level=DEBUG msg="[Task Reminder Cron] Found 0 reminders" vikunja-1 | time=2025-08-18T19:09:06.592Z level=INFO msg="GET /" component=http status=200 remote_ip=xxx.xxx.xxx.xxx latency=1.589214ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:06.698Z level=INFO msg="GET /assets/index-E9iI11Ft.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=18.92513ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:06.711Z level=INFO msg="GET /assets/index-DZd056YX.css" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=5.978934ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:06.971Z level=INFO msg="GET /assets/it-IT-Dn7IDiz-.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=1.616696ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:07.053Z level=INFO msg="GET /assets/it-TtPQqK9z.js" component=http status=304 remote_ip=xxx.xxx.xxx.xxx latency=543.812µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:07.114Z level=INFO msg="GET /api/v1/info" component=http status=200 remote_ip=xxx.xxx.xxx.xxx latency=579.553µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" vikunja-1 | time=2025-08-18T19:09:21.364Z level=INFO msg="POST /api/v1/register" component=http status=401 remote_ip=xxx.xxx.xxx.xxx latency=102.48µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" ``` Now i'm seeing that despite the current timezone is setup, the log datetime is incorrect
GiteaMirror commented 2025-11-01 20:58:56 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

Ok, i have found the issue: this env => VIKUNJA_SERVICE_PUBLICURL: http://domain/ needs to include the port too, so the right way to set it is => VIKUNJA_SERVICE_PUBLICURL: http://domain:port/

Do you know something about the mismatch of the log datetime?

@graphixillusion commented on GitHub (Aug 18, 2025): Ok, i have found the issue: this env => VIKUNJA_SERVICE_PUBLICURL: http://domain/ needs to include the port too, so the right way to set it is => VIKUNJA_SERVICE_PUBLICURL: http://domain:port/ Do you know something about the mismatch of the log datetime?
GiteaMirror commented 2025-11-01 20:58:57 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

oh are you using a non-standard port?

Do you know something about the mismatch of the log datetime?

The timezone in the container is probably utc 0 but your server is in a different time zone.

@kolaente commented on GitHub (Aug 18, 2025): oh are you using a non-standard port? > Do you know something about the mismatch of the log datetime? The timezone in the container is probably utc 0 but your server is in a different time zone.
GiteaMirror commented 2025-11-01 20:58:57 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

oh are you using a non-standard port?

I'm using the default one, but as this server is not exposed over internet, in the address i need to put http://domain:port to reach it. With the previous version of vikunja the publicurl just wants the domain, now without the port too in the url => Unauthorized. The Doc should specify this behaviour if you want to keep it like this...

The timezone in the container is probably utc 0 but your server is in a different time zone.

Any way to fix this?

@graphixillusion commented on GitHub (Aug 18, 2025): > oh are you using a non-standard port? I'm using the default one, but as this server is not exposed over internet, in the address i need to put http://domain:port to reach it. With the previous version of vikunja the publicurl just wants the domain, now without the port too in the url => Unauthorized. The Doc should specify this behaviour if you want to keep it like this... > The timezone in the container is probably utc 0 but your server is in a different time zone. Any way to fix this?
GiteaMirror commented 2025-11-01 20:58:57 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

Any way to fix this?

From the top of my head, mount /etc/timezone (or something like that) into the container at the same path as the host, then set TZ=Server/Timezone. This is not Vikunja specific, you should be able to find information about this with a search engine of choice.

@kolaente commented on GitHub (Aug 18, 2025): > Any way to fix this? From the top of my head, mount `/etc/timezone` (or something like that) into the container at the same path as the host, then set `TZ=Server/Timezone`. This is not Vikunja specific, you should be able to find information about this with a search engine of choice.
GiteaMirror commented 2025-11-01 20:58:57 -05:00
Author
Owner
Copy Link

@twooten commented on GitHub (Sep 21, 2025):

I sure wanted to like this, but it's impossible to get past the "Unauthorized" error on user creation.

@twooten commented on GitHub (Sep 21, 2025): I sure wanted to like this, but it's impossible to get past the "Unauthorized" error on user creation.
GiteaMirror commented 2025-11-01 20:58:57 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Sep 22, 2025):

I sure wanted to like this, but it's impossible to get past the "Unauthorized" error on user creation.

In this env, did you specify the port like this example?

VIKUNJA_SERVICE_PUBLICURL: http://domain:port/

@graphixillusion commented on GitHub (Sep 22, 2025): > I sure wanted to like this, but it's impossible to get past the "Unauthorized" error on user creation. In this env, did you specify the port like this example? VIKUNJA_SERVICE_PUBLICURL: http://domain:port/
GiteaMirror commented 2025-11-01 20:58:58 -05:00
Author
Owner
Copy Link

@auspex commented on GitHub (Sep 28, 2025):

I had a similar issue. In my case I don't want a port on my public URL as I'm behind a Traefik proxy. But I'd used http: instead of https: (and technically, http really should work, as it gets redirected in the proxy to https, but that's extra traffic for no reason). Getting a 401 error and no other information is a touch obscure.

@auspex commented on GitHub (Sep 28, 2025): I had a similar issue. In my case I don't want a port on my public URL as I'm behind a Traefik proxy. But I'd used `http:` instead of `https:` (and technically, `http` really should work, as it gets redirected in the proxy to `https`, but that's extra traffic for no reason). Getting a 401 error and no other information is a touch obscure.
GiteaMirror commented 2025-11-01 20:58:58 -05:00
Author
Owner
Copy Link

@auspex commented on GitHub (Sep 28, 2025):

oh, btw, I used http: because I copied from the example at https://vikunja.io/docs/full-docker-example/#example-with-traefik-2. Given that the example is already assuming you're coming in on https, the Public URL example really should be https.

@auspex commented on GitHub (Sep 28, 2025): oh, btw, I used `http:` because I copied from the example at https://vikunja.io/docs/full-docker-example/#example-with-traefik-2. Given that the example is already assuming you're coming in on `https`, the Public URL example really should be `https`.
GiteaMirror commented 2025-11-01 20:58:58 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Sep 29, 2025):

Thanks, adjusted in e1a41fa948

@kolaente commented on GitHub (Sep 29, 2025): Thanks, adjusted in https://github.com/go-vikunja/website/commit/e1a41fa948b1499f993e185cff2dc31a80768a21
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#553
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?