Login Failed with invalid_request after clean installation

Hi,

I am trying to spin up a pydio instance with docker-compose.
I used the template from the docks:

version: '3.7'
services:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports: ["8080:8080"]
    environment:
      - CELLS_LOG_LEVEL=production
      - CELLS_BIND=0.0.0.0:8080
      - CELLS_EXTERNAL=0.0.0.0:8080
      - CELLS_NO_TLS=1
    volumes:
      - data:/var/cells/data
      - cellsdir:/var/cells

  mariadb:
    image: mariadb:10.3
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 1nLUOGtfhojfyzZPfrsc
      MYSQL_DATABASE: cells
      MYSQL_USER: pydio
      MYSQL_PASSWORD: CxWe86c52htaHWaJjCaH
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
    volumes:
      - mysqldir:/var/lib/mysql

volumes:
    data: {}
    cellsdir: {}
    mysqldir: {}

Everything works well during the setup on the web ui.

Though, I am not able to Login after Installation with the admin user!

I tried multiple Database versions of MySQL and MariaDB.
Here ist the log:

2021-03-06T13:45:13.999Z	INFO	pydio.grpc.role	 - ACLS set for role Administrators,
2021-03-06T13:45:14.009Z	INFO	pydio.grpc.role	Created default role External Users,
2021-03-06T13:45:14.013Z	INFO	pydio.grpc.role	 - Policies added for role External Users,
2021-03-06T13:45:14.065Z	INFO	pydio.grpc.user	started,
2021-03-06T13:45:14.074Z	INFO	pydio.grpc.user	Initialization: creating admin user: admin,
2021-03-06T13:45:14.385Z	INFO	pydio.grpc.role	Role [adminrole] has been created	{"MsgId": "51", "RoleUuid": "e0925a62-b7c9-4992-86f9-9a9262e553a6"},
2021-03-06T13:45:14.386Z	INFO	pydio.grpc.user	Initialization: creating s3 anonymous user,
2021-03-06T13:45:14.396Z	INFO	pydio.grpc.role	 - ACLS set for role External Users,
2021-03-06T13:45:14.403Z	INFO	pydio.grpc.role	Created default role Minisite Permissions,
2021-03-06T13:45:14.414Z	INFO	pydio.grpc.data.index.pydiods1	2021-03-06T13:45:14.414Z	INFO	Creating root node in index ,
2021-03-06T13:45:14.417Z	INFO	pydio.grpc.data.index.pydiods1	started,
2021-03-06T13:45:14.421Z	INFO	pydio.grpc.role	 - Policies added for role Minisite Permissions,
2021-03-06T13:45:14.454Z	INFO	pydio.grpc.role	 - ACLS set for role Minisite Permissions,
2021-03-06T13:45:14.459Z	INFO	pydio.grpc.role	Created default role Minisite (Download Disabled),
2021-03-06T13:45:14.465Z	INFO	pydio.grpc.role	 - Policies added for role Minisite (Download Disabled),
2021-03-06T13:45:14.467Z	INFO	pydio.grpc.role	Role [pydio.anon.user role] has been created	{"MsgId": "51", "RoleUuid": "3aa7215a-0003-4df0-b031-b2d417da5537"},
2021-03-06T13:45:14.471Z	INFO	pydio.rest.jobs	started,
2021-03-06T13:45:14.472Z	INFO	pydio.rest.activity	started,
2021-03-06T13:45:14.487Z	INFO	pydio.grpc.data.index.cellsdata	2021-03-06T13:45:14.479Z	INFO	Creating root node in index ,
2021-03-06T13:45:14.482Z	INFO	pydio.grpc.data.index.cellsdata	started,
2021-03-06T13:45:14.494Z	INFO	pydio.grpc.data.index.personal	2021-03-06T13:45:14.487Z	INFO	Creating root node in index ,
2021-03-06T13:45:14.491Z	INFO	pydio.grpc.data.index.personal	started,
2021-03-06T13:45:14.499Z	INFO	pydio.rest.workspace	started,
2021-03-06T13:45:14.499Z	INFO	pydio.rest.user-meta	started,
2021-03-06T13:45:14.499Z	INFO	pydio.rest.mailer	started,
2021-03-06T13:45:14.503Z	INFO	pydio.rest.meta	started,
2021-03-06T13:45:14.503Z	INFO	pydio.rest.acl	started,
2021-03-06T13:45:14.503Z	INFO	pydio.rest.role	started,
2021-03-06T13:45:14.503Z	INFO	pydio.gateway.dav	started,
2021-03-06T13:45:14.504Z	INFO	pydio.test.objects	started,
2021-03-06T13:45:14.504Z	INFO	pydio.rest.log	started,
2021-03-06T13:45:14.504Z	INFO	pydio.rest.config	started,
2021-03-06T13:45:14.504Z	INFO	pydio.rest.graph	started,
2021-03-06T13:45:14.505Z	INFO	pydio.rest.templates	started,
2021-03-06T13:45:14.505Z	INFO	pydio.rest.share	started,
2021-03-06T13:45:14.505Z	INFO	pydio.rest.tree	started,
2021-03-06T13:45:14.506Z	INFO	pydio.rest.search	started,
2021-03-06T13:45:14.511Z	INFO	pydio.web.statics	started,
2021-03-06T13:45:14.512Z	INFO	pydio.rest.policy	started,
2021-03-06T13:45:14.513Z	INFO	pydio.rest.user	started,
2021-03-06T13:45:14.515Z	INFO	pydio.rest.auth	started,
2021-03-06T13:45:14.516Z	INFO	pydio.gateway.wopi	started,
2021-03-06T13:45:14.517Z	INFO	pydio.rest.update	started,
2021-03-06T13:45:14.522Z	INFO	pydio.grpc.role	 - ACLS set for role Minisite (Download Disabled),
2021-03-06T13:45:15.493Z	INFO	pydio.grpc.data.sync.personal	started,
2021-03-06T13:45:15.529Z	INFO	pydio.grpc.data.sync.pydiods1	started,
2021-03-06T13:45:15.542Z	INFO	pydio.grpc.data.sync.cellsdata	started,
2021-03-06T13:45:15.595Z	INFO	pydio.grpc.data.sync.personal	Creating job in scheduler to trigger re-indexation,
2021-03-06T13:45:15.601Z	INFO	pydio.grpc.tasks	Run Job resync-ds-personal on demand,
2021-03-06T13:45:15.631Z	INFO	pydio.grpc.data.sync.pydiods1	Creating job in scheduler to trigger re-indexation,
2021-03-06T13:45:15.635Z	INFO	pydio.grpc.tasks	Run Job resync-ds-pydiods1 on demand,
2021-03-06T13:45:15.644Z	INFO	pydio.grpc.data.sync.cellsdata	Creating job in scheduler to trigger re-indexation,
2021-03-06T13:45:15.720Z	INFO	pydio.grpc.data.sync.personal	Create Hidden File for folder	{"path": ".pydio"},
2021-03-06T13:45:15.724Z	INFO	pydio.grpc.data.sync.personal	Got Stats for s3://172.25.0.2:42855/personal	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.730Z	INFO	pydio.grpc.data.sync.personal	Got Stats for index://personal	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.731Z	INFO	pydio.grpc.data.sync.personal	Listing all S3 objects for path	{"bucket": "personal", "path": ""},
2021-03-06T13:45:15.732Z	INFO	pydio.grpc.data.sync.personal	S3 Walk Operation + Stats took	{"d": "1.335314ms"},
2021-03-06T13:45:15.738Z	INFO	pydio.grpc.data.sync.personal	Diff Stats	{"s": {"EndpointLeft":"s3://172.25.0.2:42855/personal","EndpointRight":"index://personal","conflicts":0,"missingLeft":0,"missingRight":0}},
2021-03-06T13:45:15.738Z	INFO	pydio.grpc.data.sync.personal	Finished analyzing nodes	{"i": 4},
2021-03-06T13:45:15.739Z	INFO	pydio.grpc.data.sync.personal	Sending unidirectional patch	{"patch": {"Source":"s3://172.25.0.2:42855/personal","Target":"index://personal","Type":"TreePatch"}},
2021-03-06T13:45:15.739Z	INFO	pydio.grpc.data.sync.personal	Filtering TreePatch took 2.35µs	{"duration": "2.35µs", "source": "s3://172.25.0.2:42855/personal", "target": "index://personal"},
2021-03-06T13:45:15.739Z	INFO	pydio.grpc.data.sync.personal	Empty Patch : nothing to do,
2021-03-06T13:45:15.804Z	INFO	pydio.grpc.tasks	Run Job resync-ds-cellsdata on demand,
2021-03-06T13:45:15.811Z	INFO	pydio.grpc.data.sync.pydiods1	Create Hidden File for folder	{"path": ".pydio"},
2021-03-06T13:45:15.813Z	INFO	pydio.grpc.data.sync.pydiods1	Got Stats for index://pydiods1	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.816Z	INFO	pydio.grpc.data.sync.pydiods1	Got Stats for s3://172.25.0.2:42855/pydiods1	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.816Z	INFO	pydio.grpc.data.sync.pydiods1	Listing all S3 objects for path	{"bucket": "pydiods1", "path": ""},
2021-03-06T13:45:15.817Z	INFO	pydio.grpc.data.sync.pydiods1	S3 Walk Operation + Stats took	{"d": "1.468869ms"},
2021-03-06T13:45:15.832Z	INFO	pydio.grpc.data.sync.pydiods1	Diff Stats	{"s": {"EndpointLeft":"s3://172.25.0.2:42855/pydiods1","EndpointRight":"index://pydiods1","conflicts":0,"missingLeft":0,"missingRight":0}},
2021-03-06T13:45:15.832Z	INFO	pydio.grpc.data.sync.pydiods1	Finished analyzing nodes	{"i": 4},
2021-03-06T13:45:15.833Z	INFO	pydio.grpc.data.sync.pydiods1	Sending unidirectional patch	{"patch": {"Source":"s3://172.25.0.2:42855/pydiods1","Target":"index://pydiods1","Type":"TreePatch"}},
2021-03-06T13:45:15.833Z	INFO	pydio.grpc.data.sync.pydiods1	Filtering TreePatch took 3.08µs	{"duration": "3.08µs", "source": "s3://172.25.0.2:42855/pydiods1", "target": "index://pydiods1"},
2021-03-06T13:45:15.833Z	INFO	pydio.grpc.data.sync.pydiods1	Empty Patch : nothing to do,
2021-03-06T13:45:15.912Z	INFO	pydio.grpc.data.sync.cellsdata	Create Hidden File for folder	{"path": ".pydio"},
2021-03-06T13:45:15.916Z	INFO	pydio.grpc.data.sync.cellsdata	Got Stats for s3://172.25.0.2:42855/cellsdata	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.922Z	INFO	pydio.grpc.data.sync.cellsdata	Got Stats for index://cellsdata	{"stats": {"HasChildrenInfo":false,"HasSizeInfo":false,"Size":0,"Folders":0,"Files":0}},
2021-03-06T13:45:15.922Z	INFO	pydio.grpc.data.sync.cellsdata	Listing all S3 objects for path	{"bucket": "cellsdata", "path": ""},
2021-03-06T13:45:15.923Z	INFO	pydio.grpc.data.sync.cellsdata	S3 Walk Operation + Stats took	{"d": "1.355453ms"},
2021-03-06T13:45:15.925Z	INFO	pydio.grpc.data.sync.cellsdata	Diff Stats	{"s": {"EndpointLeft":"s3://172.25.0.2:42855/cellsdata","EndpointRight":"index://cellsdata","conflicts":0,"missingLeft":0,"missingRight":0}},
2021-03-06T13:45:15.925Z	INFO	pydio.grpc.data.sync.cellsdata	Finished analyzing nodes	{"i": 4},
2021-03-06T13:45:15.926Z	INFO	pydio.grpc.data.sync.cellsdata	Sending unidirectional patch	{"patch": {"Source":"s3://172.25.0.2:42855/cellsdata","Target":"index://cellsdata","Type":"TreePatch"}},
2021-03-06T13:45:15.926Z	INFO	pydio.grpc.data.sync.cellsdata	Filtering TreePatch took 2.2µs	{"duration": "2.2µs", "source": "s3://172.25.0.2:42855/cellsdata", "target": "index://cellsdata"},
2021-03-06T13:45:15.926Z	INFO	pydio.grpc.data.sync.cellsdata	Empty Patch : nothing to do,
2021-03-06T13:45:16.496Z	INFO	pydio.rest.frontend	started,
2021-03-06T13:45:16.830Z	INFO	pydio.grpc.tasks	Run Job flush-mailer-queue on timer event Iso8601Schedule:"R/2012-06-04T19:25:16.828696-07:00/PT5M" ,
2021-03-06T13:45:17.535Z	INFO	pydio.grpc.oauth	started,
2021-03-06T13:45:17.552Z	INFO	pydio.web.oauth	started,
2021-03-06T13:45:17.629Z	INFO	pydio.grpc.oauth	Inserting pruning job for revoked token and reset password tokens,
2021-03-06T13:45:22.499Z	INFO	pydio.rest.workspace	Creating a Personal workspace,
2021-03-06T13:45:22.514Z	INFO	pydio.rest.workspace	Settings ACLS for workspace,
2021-03-06T13:45:22.543Z	INFO	pydio.rest.workspace	Creating a Common Files workspace on pydiods1,
2021-03-06T13:45:22.550Z	INFO	pydio.rest.workspace	Settings ACLS for workspace,
2021-03-06T13:45:23.959Z	INFO	pydio.gateway.proxy	Restarting proxy	{"caddyfile": "\n\n\n\n\n\n\nhttp://0.0.0.0:8080 {\n\t\n\n\t\n\n\tproxy /a  172.25.0.2:46507 172.25.0.2:38267 {\n\t\twithout /a\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tproxy /oidc 172.25.0.2:44097 {\n\t\tinsecure_skip_verify\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tproxy /io   172.25.0.2:41389 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\tproxy /data 172.25.0.2:41389 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\tproxy /ws   172.25.0.2:37871 {\n\t\twebsocket\n\t\twithout /ws\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tproxy /dav 172.25.0.2:41049 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\t\n\n\tproxy /plug/ 172.25.0.2:38845 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Cache-Control \"public, max-age=31536000\"\n\t}\n\tproxy /public/ 172.25.0.2:38845 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tproxy /public/plug/ 172.25.0.2:38845 {\n\t\twithout /public\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Cache-Control \"public, max-age=31536000\"\n\t}\n\tproxy /user/reset-password/ 172.25.0.2:38845 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\t\n\tproxy /robots.txt 172.25.0.2:38845 {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\t\n\tproxy /login 172.25.0.2:38845/gui {\n\t\twithout /login\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\n\n\n\tredir 302 {\n\t\t\n\t\tif {path} is /\n\t\t/ /login\n\t}\n\t\n\t\n\t\n        proxy /wopi/ 172.25.0.2:40723 {\n            transparent\n\t\t\theader_upstream Host {host}\n\t\t\theader_upstream X-Real-IP {remote}\n\t\t\theader_upstream X-Forwarded-Proto {scheme}\n        }\n\n        proxy /loleaflet/ https://localhost:9980/loleaflet {\n            transparent\n            insecure_skip_verify\n            without /loleaflet/\n        }\n\n        proxy /hosting/discovery https://localhost:9980/hosting/discovery {\n            transparent\n            insecure_skip_verify\n            without /hosting/discovery\n        }\n\n        proxy /lool/ https://localhost:9980/lool/ {\n            transparent\n            insecure_skip_verify\n            websocket\n            without /lool/\n        }\n    \n\t\n\t\n\trewrite {\n\t\tif {path} not_starts_with \"/a/\"\n\t\tif {path} not_starts_with \"/oidc/\"\n\t\tif {path} not_starts_with \"/io\"\n\t\tif {path} not_starts_with \"/data\"\n\t\tif {path} not_starts_with \"/ws/\"\n\t\tif {path} not_starts_with \"/plug/\"\n\t\tif {path} not_starts_with \"/dav\"\n\t\t\n\t\tif {path} not_starts_with \"/wopi/\"\n\t\t\n\t\tif {path} not_starts_with \"/loleaflet/\"\n\t\t\n\t\tif {path} not_starts_with \"/hosting/discovery\"\n\t\t\n\t\tif {path} not_starts_with \"/lool/\"\n\t\t\n\t\tif {path} not_starts_with \"/public/\"\n\t\tif {path} not_starts_with \"/user/reset-password\"\n\t\tif {path} not_starts_with \"/robots.txt\"\n\t\tto {path} {path}/ /login\n\t}\n\n\troot \"/3bb1bcef-fbcd-4349-9519-b93c1dfe9dfd\"\n\n\t\n\t\n\terrors \"/var/cells/logs/caddy_errors.log\"\n}\n\n\n\n\n\t"},
2021-03-06T13:45:24.461Z	INFO	pydio.gateway.proxy	Restart done,
2021-03-06T13:45:55.982Z	ERROR	pydio.grpc.oauth	Could not create authorize request	{"error": "invalid_request"},
2021-03-06T13:45:55.982Z	ERROR	pydio.rest.frontend	Failed to create auth code 	{"error": "error"},
2021-03-06T13:45:56.025Z	ERROR	pydio.grpc.oauth	Could not create authorize request	{"error": "invalid_request"},
2021-03-06T13:45:56.025Z	ERROR	pydio.grpc.oauth	Failed to create auth code 	{"error": "error"},
Login failed with  {"id":"","code":0,"detail":"invalid_request","status":""},
2021-03-06T13:45:56.037Z	ERROR	pydio.rest.frontend	Rest Error 401	{"error": "{\"id\":\"login.failed\",\"code\":401,\"detail\":\"Login failed\",\"status\":\"Unauthorized\"}"},

It tells me that there could not be created an authorize request.

Is this a Bug or have I done anything wrong?

EDIT:
If I enter an invalid username, it logs a “404 User not found”. So, does the internal Oauth / OIDC have some problems?

There is something mysterious going on. I had the exact issue yesterday: clean install, empty database, started with just the admin user (in my case, it wasn’t called ‘admin’). But I did not use Docker.

I had a few differences, though: because I had lots of problems binding to 0.0.0.0 when using nginx as a front-end reverse proxy, I’m using a private IP address set up on an ‘alias interface’, as mentioned in the KB instructions for reverse proxy setup.

At the end of this setup, what happened was exactly what you describe:

  1. Logging in with the admin user would always give a Login failed banner and an invalid_request in the logs;
  2. Logging in with a non-existing user would give a 404 User not found.

The first thing I did was to change the admin’s password with:

./cells user set-pwd -u 'USER_LOGIN' -p 'NEW_PASSWORD'

Alas, the password may have been correctly changed (how can I tell?) but I still got the same error.

Then I created another user:

./cells user create -u 'user' -p 'a password'

and tried to log in with this. I got precisely the same error as before.

Finally, I tried to ‘upgrade’ this new user to admin status:

./cells admin user set-profile -u 'USER_LOGIN' --profile 'admin'

While I could confirm that both users were set as admins using:

./cells admin user search

… I still couldn’t log in with either of them!!

To be honest, because I’m always tinkering with Cells, in the hope of getting it to work one day, I’m not quite sure how I eventually managed to get this to work again. I think that it happened automagically after partially restoring the database from an old backup as described in one of my previous posts.

Had the exact same issue. When you have done a clean install and all your parameters is set, do a docker-compose down and then up again. Then you can login with the username and password you have chosen in the install guide…

1 Like

Somehow this solved the issue.

Thank you!

2 Likes

This did not work for me sadly. I have the same issue. I really wonder what’s going on here

Hello @mrsylerpowers ,

Just for the record, the “Login Failed with invalid_request” is usually triggered when Cells cannot reach the DB. But this might have many causes.

So you might or might not have the same problem has the others and some details would be useful to be able to help.

Regards

This topic was automatically closed 11 days after the last reply. New replies are no longer allowed.