Directus credentials no longer working

igaudette

Seeing this in the logs:

Dec 30 10:01:01 "message": "Invalid user credentials.",
Dec 30 10:01:01 "stack":
Dec 30 10:01:01 DirectusError: Invalid user credentials.
Dec 30 10:01:01 at AuthenticationService.login (file:///app/code/node_modules/@directus/api/dist/services/authentication.js:81:19)
Dec 30 10:01:01 at async file:///app/code/node_modules/@directus/api/dist/auth/drivers/local.js:70:56
Dec 30 10:01:01 "name": "DirectusError",
Dec 30 10:01:01 "code": "INVALID_CREDENTIALS",
Dec 30 10:01:01 "status": 401
Dec 30 10:01:01 }
Dec 30 10:03:11 [15:03:11.168] DEBUG: Invalid user credentials.
Dec 30 10:03:11 err: {
Dec 30 10:03:11 "type": "",
Dec 30 10:03:11 "message": "Invalid user credentials.",
Dec 30 10:03:11 "stack":
Dec 30 10:03:11 DirectusError: Invalid user credentials.
Dec 30 10:03:11 at AuthenticationService.login (file:///app/code/node_modules/@directus/api/dist/services/authentication.js:81:19)
Dec 30 10:03:11 at async file:///app/code/node_modules/@directus/api/dist/auth/drivers/local.js:70:56
Dec 30 10:03:11 "name": "DirectusError",
Dec 30 10:03:11 "code": "INVALID_CREDENTIALS",
Dec 30 10:03:11 "status": 401
Dec 30 10:03:11 }
Dec 30 10:03:11 [15:03:11] POST /auth/login 401 509ms
Dec 30 10:03:12 [15:03:12] GET /auth/login/cloudron?redirect=https%3A%2F%2F****.*********.com%2Fadmin%2Flogin%3Freason%3DSIGN_OUT%26continue%3D 302 11ms
Dec 30 10:03:13 [15:03:13.779] DEBUG: [OpenID] Configured group claim with name "groups" does not exist or is empty.
Dec 30 10:03:13 [15:03:13.805] WARN: [OpenID] Unknown OP error
Dec 30 10:03:13 err: {
Dec 30 10:03:13 "type": "OPError",
Dec 30 10:03:13 "message": "unauthorized_client (requested grant type is not allowed for this client)",
Dec 30 10:03:13 "stack":
Dec 30 10:03:13 OPError: unauthorized_client (requested grant type is not allowed for this client)
Dec 30 10:03:13 at processResponse (/app/code/node_modules/openid-client/lib/helpers/process_response.js:38:13)
Dec 30 10:03:13 at Client.grant (/app/code/node_modules/openid-client/lib/client.js:1381:22)
Dec 30 10:03:13 at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Dec 30 10:03:13 at async Client.refresh (/app/code/node_modules/openid-client/lib/client.js:1125:22)
Dec 30 10:03:13 at async OpenIDAuthDriver.refresh (file:///app/code/node_modules/@directus/api/dist/auth/drivers/openid.js:244:34)
Dec 30 10:03:13 at async AuthenticationService.login (file:///app/code/node_modules/@directus/api/dist/services/authentication.js:111:13)
Dec 30 10:03:13 at async file:///app/code/node_modules/@directus/api/dist/auth/drivers/openid.js:333:28
Dec 30 10:03:13 "error": "unauthorized_client",
Dec 30 10:03:13 "error_description": "requested grant type is not allowed for this client",
Dec 30 10:03:13 "name": "OPError"
Dec 30 10:03:13 }
Dec 30 10:03:14 [15:03:14.214] WARN: Service "openid" is unavailable. Service returned unexpected response: requested grant type is not allowed for this client.
Dec 30 10:03:14 err: {
Dec 30 10:03:14 "type": "",
Dec 30 10:03:14 "message": "Service \"openid\" is unavailable. Service returned unexpected response: requested grant type is not allowed for this client.",
Dec 30 10:03:14 "stack":
Dec 30 10:03:14 DirectusError: Service "openid" is unavailable. Service returned unexpected response: requested grant type is not allowed for this client.
Dec 30 10:03:14 at handleError (file:///app/code/node_modules/@directus/api/dist/auth/drivers/openid.js:268:16)
Dec 30 10:03:14 at OpenIDAuthDriver.refresh (file:///app/code/node_modules/@directus/api/dist/auth/drivers/openid.js:253:23)
Dec 30 10:03:14 at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Dec 30 10:03:14 at async AuthenticationService.login (file:///app/code/node_modules/@directus/api/dist/services/authentication.js:111:13)
Dec 30 10:03:14 at async file:///app/code/node_modules/@directus/api/dist/auth/drivers/openid.js:333:28
Dec 30 10:03:14 "name": "DirectusError",
Dec 30 10:03:14 "extensions": {
Dec 30 10:03:14 "service": "openid",
Dec 30 10:03:14 "reason": "Service returned unexpected response: requested grant type is not allowed for this client"
Dec 30 10:03:14 },
Dec 30 10:03:14 "code": "SERVICE_UNAVAILABLE",
Dec 30 10:03:14 "status": 503
Dec 30 10:03:14 }
Dec 30 10:03:14 [15:03:14] GET /auth/login/cloudron/callback?code=*************&state=*************&iss=https%3A%2F%2Fmy.*********.com%2Fopenid 302 510ms
Dec 30 10:03:14 [15:03:14] GET /admin/login?reason=SERVICE_UNAVAILABLE 200 2ms
Dec 30 10:03:14 [15:03:14.847] DEBUG: Invalid payload. The refresh token is required in either the payload or cookie.
Dec 30 10:03:14 err: {
Dec 30 10:03:14 "type": "",
Dec 30 10:03:14 "message": "Invalid payload. The refresh token is required in either the payload or cookie.",
Dec 30 10:03:14 "stack":
Dec 30 10:03:14 DirectusError: Invalid payload. The refresh token is required in either the payload or cookie.
Dec 30 10:03:14 at file:///app/code/node_modules/@directus/api/dist/controllers/auth.js:89:15
Dec 30 10:03:14 at file:///app/code/node_modules/@directus/api/dist/utils/async-handler.js:1:66
Dec 30 10:03:14 at Layer.handle [as handle_request] (/app/code/node_modules/express/lib/router/layer.js:95:5)
Dec 30 10:03:14 at next (/app/code/node_modules/express/lib/router/route.js:149:13)
Dec 30 10:03:14 at Route.dispatch (/app/code/node_modules/express/lib/router/route.js:119:3)
Dec 30 10:03:14 at Layer.handle [as handle_request] (/app/code/node_modules/express/lib/router/layer.js:95:5)
Dec 30 10:03:14 at /app/code/node_modules/express/lib/router/index.js:284:15
Dec 30 10:03:14 at Function.process_params (/app/code/node_modules/express/lib/router/index.js:346:12)
Dec 30 10:03:14 at next (/app/code/node_modules/express/lib/router/index.js:280:10)
Dec 30 10:03:14 at Function.handle (/app/code/node_modules/express/lib/router/index.js:175:3)
Dec 30 10:03:14 "name": "DirectusError",
Dec 30 10:03:14 "extensions": {
Dec 30 10:03:14 "reason": "The refresh token is required in either the payload or cookie"
Dec 30 10:03:14 },
Dec 30 10:03:14 "code": "INVALID_PAYLOAD",
Dec 30 10:03:14 "status": 400
Dec 30 10:03:14 }

igaudette

Quick update... I tried to reset the password via CLI using this command:

npx directus users passwd --email <user-email> --password <new-password>

But it return this error:
[16:29:48.570] ERROR: "DB_CLIENT" Environment Variable is missing.

Other CLI commands also return this error.

robi

@igaudette check the upper right of the terminal for the CL specific DB env vars

igaudette

@robi I see a green button "Postgres" and when I click on it, It pastes this in the terminal:

PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE}

But I know that Directus backend uses Postgres as database, but this env variable is hardcoded from what I've seen so even if I would like to change it, it's maintained by Cloudron directly.

I think my issue that I'm unable to log in is related to this environment variable that is missing somehow. Looking forward to the fix from the Cloudron support team.

robi

@igaudette I only suggested to try setting the env var to help you with your password reset from the CLI

igaudette

@robi I tried but this hasn't resolved my problem. Thanks for the suggestion tho.

nebulon

Were there any updates being made to Cloudron or the app between the working timeframe and not? At least there were no package updates from our side at that point. Last directus is from December 19.

I guess first thing would be to restore the superadmin login, just to rule out OpenID integration, but odd that both stopped working at the same time.

To run the cli tool for the user subcommand it appears that it requires the DB credentials in a specific way, so export those in the terminal first (just copy and paste them and hit enter) and then run the npx ...:

export DB_CLIENT="pg" 
export DB_HOST="$CLOUDRON_POSTGRESQL_HOST"
export DB_PORT="$CLOUDRON_POSTGRESQL_PORT"
export DB_DATABASE="$CLOUDRON_POSTGRESQL_DATABASE"
export DB_USER="$CLOUDRON_POSTGRESQL_USERNAME"
export DB_PASSWORD="$CLOUDRON_POSTGRESQL_PASSWORD"

igaudette

@nebulon

I've been able to change the password using CLI following your commands, however, I'm still unable to log into Directus. Still says wrong username or password.

I confirm no changes or updates have been made to Cloudron or Directus since the 20th December... and on 27th everything was still working fine.

igaudette

@nebulon I want to add that the problem only affects the superadmin user... my other users work great! Can we restore the OpenID integration so I can log in via Cloudron and then create a new administrator?

nebulon

seems like a directus issue itself then if the built-in usermanagement doesn't work. Have you tried to find something upstream or contact them?

For OpenID I am not sure I understand, what should be restored if it works great? You can probably set one of the cloudron users to be a superadmin in the app via the cli?

igaudette

@nebulon Okay I will check on Directus side for the connection issue.

For OpenID, for some reason I'm unable to log in with my Cloudron admin user.. when I choose "Log in via Cloudron", it says service unavailable.

I have seen in the Cloudron documentation for Directus that Cloudron users inherited automatically the administrator role.. so if I can make the Cloudron integration work, I could create a new administrator user and get my issue fixed quickly.

nebulon

Can you login via OpenID from other apps on the Cloudron? If that is the case, maybe something went off in directus itself, as I can't see what else would have changed in that timeframe....maybe you have a backup of that app to clone a new app instance?

igaudette

@nebulon Yes OpenAI works with other app.

I've been able to recover my admin account by creating a new admin account using the CLI (Thanks for the steps to follow!)

Then I realized my mistake.. in my account profile, I did set the provider to "Cloudron" instead of "Default". It's why I wasn't able to log in back into my account. I switched it back to Default with my new admin account and now I'm able to log in!

Thanks again for your support

nebulon

oh glad it worked out in the end.