Invalid Login with right credentials

Maurice · January 26, 2023, 10:12am

Hello,

some users are unable to log in and get a “invalid login” alert.
The entered password and username are definitely right.
Admin(default blueprint) seem not to be affected only the users with the role Mitarbeiter.

about the setup:
Version: 3.8.4
PHP8
Apache 2.4

I have setup a internal Homepage for our employees.
The site is only accessible when logged in.
The regular employees are only allowed to view the frontend and edit their password (conifgured in user blueprint):

title: Mitarbeiter
permissions:
access:
settings: false
system: false
users: false
site: false
languages: false
user:
*: false
changePassword: true

There are about 15 users at the moment. Most of the user log in from 2 pcs.
The password is hashed in the .htpasswd file.

What i have done so far:

reset passwords
deleted cookies in browser
deleted the sessions
deleted all accounts, rerun install and added in the users
did the update to 3.8.4 from 3.8.1

When I change the role of a user that us unable to login to admin he is able to log in.

I have no clue where to look next.

pixelijn · January 26, 2023, 10:57am

Does this happen just sometimes or can’t they log in at all?

Maurice · January 26, 2023, 11:03am

after some time (mulitple hours) they get the error message and then they aren’t able to login. No one was able to log in again after the error. but not all are affected at the same time.
Only when i change their role to admin, they are able to log in again, but when I change them back to “Mitarbeiter” they are again locked out.
I hope this makes sense to you.

pixelijn · January 26, 2023, 11:13am

And it doesn’t help if they clear the browser cache? Can you reproduce it locally?

And what about installed plugins?

Maurice · January 26, 2023, 11:19am

No it does not help to clear the cache.
Yes I can reproduce it.
I have one plugin, in wich I store three small site wide functions. For example for converting decimal hours in h:min, no role specific functions.
Wouldn’t plugins affect all users?

Maurice · January 26, 2023, 11:22am

Is there a way to check what is causing it to be invalid.
Like Kirby thinks the username is incorrect or something like that.

pixelijn · January 26, 2023, 12:06pm

Is this reproducible in a fresh Starterkit?

Maurice · January 26, 2023, 12:10pm

I haven’t tried that.
I will setup a test server and try it out.

nthdegree · February 8, 2023, 4:09pm

also happened to me right now, 403 response showing “invalid login” in the panel with correct credentials. Seems to have gone away now after waiting for some time?

Happened in different browsers, also incognito mode, so shouldn’t not be a cache issue.

Is there some kind of blocking when you’re switching accounts a lot?

Maurice · February 9, 2023, 8:59am

I wasn’t able to recreate the issue on my test-setup.
But the issue didn’t come up on the live system anymore.
Unfortunately I didn’t find the cause.