Invoice Ninja v5 - Log In Bug (Confirmed - Fixed by Devs and Pending Release)

Software & Web Applications
1

Ran into an issue with Invoice Ninja v5. Is anyone else having this issue?

Opened a support ticket here at Can't log in after setting accent color with a limited user account with 2FA enabled · Issue #5917 · invoiceninja/invoiceninja · GitHub

What version of Invoice Ninja are you running? ie v4.5.25 / v5.0.30
Tested on versions 5.1.62 and current release of 5.1.70 from the precompiled ZIP files

What environment are you running?
Self hosted on a dedicated VM
Debian 10
Apache 2 v2.4.38
MariaDB Ver 15.1 Distrub 10.3.27
PHP v8.0.5

Have you checked log files (storage/logs/)
Yes
/invoiceninja/storage/logs/laravel.log

[2021-06-04 02:02:26] production.ERROR: The payload is invalid. {“userId”:2,“exception”:"[object] (Illuminate\Contracts\Encryption\DecryptException(code: 0): The payload is invalid. at /var/www/html/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:196)

Have you searched existing issues?
Yes, most seems to be related to

Describe the bug
After changing the accent color for a limited user account with 2FA enabled, I cannot log in again with that user account.

OR

After editing or changing the phone number for a limited user account with 2FA enabled, (and acknowledging the expected warning that 2FA will be disabled), I cannot log in again with that user account.

Steps To Reproduce

Accent color change after 2FA is enabled
(Can reproduce issue on demand)

  1. Created a user account with all permissions except Admin rights
  2. Enabled the new account and can successfully log on and off
  3. Successfully enable 2FA for the new user account.
  4. Can log on and off of the new user account with 2FA
  5. Change the accent color of the new user account with a custom color of #6EC1E4 with successful save and update of the accent color
  6. Log off of the new user account
  7. Attempt to log back in with the new user account and get an error “500: Server Error”

OR

Phone number change after 2FA is enabled
(Can reproduce issue on demand)

  1. Created a user account with all permissions except Admin rights
  2. Enabled the new account and can successfully log on and off
  3. Successfully enable 2FA for the new user account.
  4. Can log on and off of the new user account with 2FA
  5. Edit the phone number of the new user account and receive an expected warning that changing the phone number will disable 2FA
  6. Successfully save the edit (expected 2FA to be disabled)
  7. Log off of the new user account
  8. Attempt to log back in with the new user account and get an error “500: Server Error”

Other Notes: Get an expected “401: Invalid one time password” if not using the 2FA
Other Notes: Can log on with Admin account
Other Notes: If debugging mode is enabled, the error message is “500: The payload is invalid.”

Expected behavior
If changing the accent color for the new user account with 2FA enabled - Expect successful log in
If editing the phone number for the new user account with 2FA enabled - Expect 2FA to be disabled and the ability to login without error

Screenshots
2FA Error

Additional context
Issue was discovered during the configuration of my new production system that has not yet been rolled out. After identifying the issue, replicated the issue on a stock test VM system with only basic default configurations necessary for functionality on Invoice Ninja versions 5.1.62 and current release of 5.1.70. Both the test system and new production system use the Invoice Ninja ZIP file.

(v5) Can you replicate the issue on our demo site? https://demo.invoiceninja.com
No as it seems to restrict the creation of additional user accounts

1 Like
2

Issue has been corrected and has been included for upcoming release.