Ran into an issue with Invoice Ninja v5. Is anyone else having this issue?
Opened a support ticket here at Can't log in after setting accent color with a limited user account with 2FA enabled · Issue #5917 · invoiceninja/invoiceninja · GitHub
What version of Invoice Ninja are you running? ie v4.5.25 / v5.0.30
Tested on versions 5.1.62 and current release of 5.1.70 from the precompiled ZIP files
What environment are you running?
Self hosted on a dedicated VM
Debian 10
Apache 2 v2.4.38
MariaDB Ver 15.1 Distrub 10.3.27
PHP v8.0.5
Have you checked log files (storage/logs/)
Yes
/invoiceninja/storage/logs/laravel.log
[2021-06-04 02:02:26] production.ERROR: The payload is invalid. {“userId”:2,“exception”:"[object] (Illuminate\Contracts\Encryption\DecryptException(code: 0): The payload is invalid. at /var/www/html/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:196)
Have you searched existing issues?
Yes, most seems to be related to
opened 10:27AM - 22 Mar 21 UTC
closed 10:48AM - 22 Mar 21 UTC
question
fixed
**What version of Invoice Ninja are you running? ie v4.5.25 / v5.0.30**
latest … v5-dev
**What environment are you running?**
Shared Hosting
**Have you checked log files (storage/logs/) Please provide redacted output**
```
[2021-03-22 09:16:59] production.ERROR: The payload is invalid. {"userId":1,"exception":"[object] (Illuminate\\Contracts\\Encryption\\DecryptException(code: 0): The payload is invalid. at /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:195)
[stacktrace]
#0 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(136): Illuminate\\Encryption\\Encrypter->getJsonPayload(NULL)
#1 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php(374): Illuminate\\Encryption\\Encrypter->decrypt('eyJpdiI6IjFPT0V...', true)
#2 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Controllers/Auth/LoginController.php(178): decrypt('eyJpdiI6IjFPT0V...')
#3 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\\Http\\Controllers\\Auth\\LoginController->apiLogin(Object(Illuminate\\Http\\Request))
#4 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction('apiLogin', Array)
#5 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Route.php(254): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(App\\Http\\Controllers\\Auth\\LoginController), 'apiLogin')
#6 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Route.php(197): Illuminate\\Routing\\Route->runController()
#7 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(693): Illuminate\\Routing\\Route->run()
#8 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#9 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Middleware/SetEmailDb.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#10 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetEmailDb->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#11 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Middleware/ApiSecretCheck.php(30): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#12 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\ApiSecretCheck->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#13 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Middleware/Cors.php(34): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#14 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\Cors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#15 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Middleware/QueryLogging.php(38): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#16 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\QueryLogging->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#17 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#18 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#19 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(127): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(63): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequest(Object(Illuminate\\Http\\Request), Object(Closure), Array)
#21 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle(Object(Illuminate\\Http\\Request), Object(Closure), '300', '1')
#22 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#23 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(695): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#24 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(670): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#25 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(636): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#26 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#27 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(166): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#28 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#29 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/sentry/sentry-laravel/src/Sentry/Laravel/Http/SetRequestIpMiddleware.php(36): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#30 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Sentry\\Laravel\\Http\\SetRequestIpMiddleware->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\\Debugbar\\Middleware\\InjectDebugbar->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#33 /home/steuerb2/domains/lars-kusch.de/invoiceninja/app/Http/Middleware/Cors.php(34): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#34 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\Cors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#35 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#36 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#37 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#38 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#39 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#40 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#42 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#43 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#44 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#45 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/sentry/sentry-laravel/src/Sentry/Laravel/Tracing/Middleware.php(46): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#46 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Sentry\\Laravel\\Tracing\\Middleware->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#47 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#48 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(141): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#49 /home/steuerb2/domains/lars-kusch.de/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#50 /home/steuerb2/domains/lars-kusch.de/invoiceninja/public/index.php(57): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#51 {main}
"}
```
**Describe the bug**
A clear and concise description of what the bug is.
Unable to login, after updating to the latest v5-dev. System want's a 2-factor-code, although none is set up. And when entering some random numbers, the error above happens.
**Steps To Reproduce**
Please list the steps to reproduce the issue
Go to login page, enter crediantials and try to login
Describe the bug
After changing the accent color for a limited user account with 2FA enabled, I cannot log in again with that user account.
OR
After editing or changing the phone number for a limited user account with 2FA enabled, (and acknowledging the expected warning that 2FA will be disabled), I cannot log in again with that user account.
Steps To Reproduce
Accent color change after 2FA is enabled
(Can reproduce issue on demand)
Created a user account with all permissions except Admin rights
Enabled the new account and can successfully log on and off
Successfully enable 2FA for the new user account.
Can log on and off of the new user account with 2FA
Change the accent color of the new user account with a custom color of #6EC1E4 with successful save and update of the accent color
Log off of the new user account
Attempt to log back in with the new user account and get an error “500: Server Error”
OR
Phone number change after 2FA is enabled
(Can reproduce issue on demand)
Created a user account with all permissions except Admin rights
Enabled the new account and can successfully log on and off
Successfully enable 2FA for the new user account.
Can log on and off of the new user account with 2FA
Edit the phone number of the new user account and receive an expected warning that changing the phone number will disable 2FA
Successfully save the edit (expected 2FA to be disabled)
Log off of the new user account
Attempt to log back in with the new user account and get an error “500: Server Error”
Other Notes: Get an expected “401: Invalid one time password” if not using the 2FA
Other Notes: Can log on with Admin account
Other Notes: If debugging mode is enabled, the error message is “500: The payload is invalid.”
Expected behavior
If changing the accent color for the new user account with 2FA enabled - Expect successful log in
If editing the phone number for the new user account with 2FA enabled - Expect 2FA to be disabled and the ability to login without error
Screenshots
Additional context
Issue was discovered during the configuration of my new production system that has not yet been rolled out. After identifying the issue, replicated the issue on a stock test VM system with only basic default configurations necessary for functionality on Invoice Ninja versions 5.1.62 and current release of 5.1.70. Both the test system and new production system use the Invoice Ninja ZIP file.
(v5) Can you replicate the issue on our demo site? https://demo.invoiceninja.com
No as it seems to restrict the creation of additional user accounts