Create New User, But User cannot log in

Hi All, I’m looking to create a user on IN that can view records. I’m running v5.0.55-C40 on Docker.

I go to Settings → User Management > Create User and add an email and password.

Going back to IN, I attempt to login and I get the error: “401: These credentials do not match our records” - I have tested the password numerous ways and also copy-pasted it to ensure it was correct. A secret is in use and works for the main login fine. Here’s the error.
image

Further, when I attempt to “Recover Password” through whatever that process is, I provide the working secret, I get the following error: 403: Invalid secret
image

Watching my laravel.log file, I see no errors there.

I’ve deleted or removed the user, created a different one as admin from the start, still cannot login. There seems to be no possible way another user can be added.

Update: ALRIGHT - I’m starting to see more, IN sends an email confirmation to activate the account - SERIOUSLY, this needs to be explained in the immediate interface somewhere what you’re doing or about to do. If you don’t explain that a confirmation is happening (or will happen), the admin user won’t know how to get the feature working. Even worse, because of this poor design, I sent a useless email to a person that shouldn’t have gotten it.

Beyond that also, once a user is added, then deleted (for whatever reason), trying to again re-add that user with the same email yields an error - “The email has already been taken” - but this email is no longer in use anywhere in the system:
image

Naturally, this shouldn’t happen since the user was deleted. I guess the question is how to delete the details that cause this error?

Going directly into the database and looking at the “Users” table - it appears as though no users are actually deleted:
image
Can I safely delete the records of users that are no longer needed (so I can add them again)? Also, why aren’t the records deleted in the first place?

MORE: To get around this (and hopefully not mess up IN), I just changed the email address of that record I didn’t need. I did an SQL statement like this:

UPDATE users SET email = 'user+old@gmail.com' WHERE id = 4;

This gave me records that looked like this:
image

I then went back to IN and added that user again without an error and the tool created the new user and emailed an activation:
image

Also, the account confirmation - the bottom text of “Click here to confirm your account” is set as white text (on a typically white background) making it unreadable!

It will be really cool if this stuff worked better.

It would be really cool if you were more polite…

Polite? What’s not polite? What exactly makes you feel bad here? It’s not polite to want something to work better?

I was replying to “It will be really cool if this stuff worked better.”

That feels like a dig to me…

FYI… in the next version the password field has been removed from that form which should reduce confusion.

I can’t speak to your imagination, but I simply was saying that I wanted it to work better. I was not thinking of you in any way, shape or form. I probably would have tagged you if I wanted to direct at you. Wait, who are you again and why are you calling me impolite? More than anything I’m confused.

This is feedback. These are hard-fought insights into things that, frankly I didn’t make. I’m spending these hours helping you (or whomever the developers are - still not sure who you are) understand what doesn’t work. I’m doing the best I can documenting that and going deep. It’s because I want it to work. I want to rely on it. I have never gotten a simple thank you for that - nor would I ask for it. Yet, I’m called impolite. It just makes me think the work I do testing and documenting is not wanted - well, clearly not appreciated. Maybe it’s just a signal for me to stop. :frowning:

1 Like

Thank you for all of your help, constructive feedback is truly very much appreciated!

Although I’m sure you’ve spent many hours/days working on the app I’ve spent close to 8 years now working on it. I have a short fuse for complaints.

Hey, I get it, Hillel, I write software too. I see you’re the developer (or one of them). I thank you for the work you do on this software. It’s the work of everyone invested in something that makes it better, and after 8 years, I can see how some of this can be draining or how you might have a short fuse.

Also, like all things that we people do, not everything is created equal. 1000% of everything I spend time talking about here is with respect to constructively making IN better. Yes, I do get frustrated when things don’t work, I’m human. A number of times, if you’ve seen the posts - you see me working through things trying to understand. One thing you’ll never see from me is an insult directed at any particular person. Up until now, I didn’t know who was who (beyond folks that reply to posts often - I reply to others posts too if I think I can help).

The thing is, you’re invested in this because perhaps you want it to work. Or because you make money from it. Maybe because you love it. These are all great reasons and I’m sure there are more. You probably wouldn’t just walk away from it tomorrow. You’re in for the long haul and that’s great. The dynamics of what’s rewarding to you probably don’t have limits.

Myself, I’m invested because I believe it can be better, but my reward for this investment doesn’t go beyond a useful and reliable program. This sort of (user level) investment is rare however because there are many programs, many distractions - like it would be easy to just keep using Freshbooks (which is my main tool) and give up at the first sign of something I don’t like. This is why people as users make little effort to explain problems. Maybe they just want to stress over the pandemic and not worry about why a confirmation email isn’t branded (With a white label license active). The methodical effort to document that takes time, and people won’t give that time and feedback to developers (usually). They “just want it to work,” no doubt a phrase you’ve heard a few times. As someone who writes software, I consider honest, thought-out, detailed feedback a gift. Anyway, I’m probably not telling you something you don’t know - just that I am very aware of these dynamics. My time spent here and on Github is purposeful.

So, yes, I’m just trying to help. I’ve never directed anything at you - nor do I plan to start. You’re doing great with InvoiceNinja - sure everything can be better - but it’s a wonderful tool. I appreciate your work. Thank you.

Thank you, agreed. After many years of dealing with truly rude people (which you definitely aren’t) I’ve become overly sensitive. Anyways, let’s get back to it…

I’ve actually made the same mistake not being able to login, as mentioned the password field is hidden in the next build which should prevent this mistake. I’ll also look into changing the message to say “An email was sent”.

@david can we have the API re-enable a user if you try to add a deleted user to a company, I think it matches the user’s intent.

The problem with re-enabling a deleted user this was is that it interferes at the Request layer.

In the request I can confirming two thing: 1 the user isn’t associated with another company and 2 the user is unique.

Disabling the unique rule is not a good idea. I think the current validation response is correct. It says that the user already exists. which should inform the user they can restore the user.

1 Like

Yes, that may work… make the wording to “Disable” and perhaps “Enable” a user so it lines up with the actions involved. I notice that there is a “Remove” and a “Delete” too:
image
These mean generally the same thing to the layman in English, and if they’re doing exactly the same thing maybe merge them or name them better?

Also, with respect to users… when “MultiSelect” is enabled, all sorts of things happen.
image
Users are selected in the interface but aren’t reflected with a checkmark:
image
Also, when I perform an operation such as “Remove” or “Delete,” InvoiceNinja just does it and doesn’t ask for a system password (like see out of MultiSelect).

I might have a similar issue, let me see if you guys can possibly help.

FRESH install of invoiceninja/invoiceninja:5 according to the instructions found here: GitHub - invoiceninja/dockerfiles: Docker files for Invoice Ninja EXCEPT that I have used the exact same values for env variables I was using on my invoiceninja v4 instance. I have adapted the names of env variables which have changed as seen here: invoiceninja/.env.example at v5-stable · invoiceninja/invoiceninja · GitHub

my env file contains the variable:
# password for mobile app usage
API_SECRET=60****************Mw

after a docker-compose up -d I access the setup of IN - slighty confused because it asked me all the details which were already beeing supplied via the env file - anyway, I set it up and created a user during the setup.

When trying to login I get asked for email, password and secret. Login doesn’t work without secret, when using the value provided via env file: 60****************Mw I get 403: Invalid secret when trying to recover the password I get the same error about the invalid secret.

Stuck here.

Was I supposed to get an email when I created the user during setup?

Any hints?

Should I delete this post and open my own thread?
###edit###
Found this thread: 403: Invalid secret - #9 by david
advising to do a php artisan optimize - tried removing the API_SECRET variable, followed by docker-compose down, then docker-compose up -d then entered the docker container and executed php artisan optimize but nothing changed.

@ovizii

I’d suggest trying a clean install of V5 docker using the supplied env file as a template.

OK, I will do that and open my own thread if I hit problems. Could you give me a pointer on what data needs to be deleted if one wants to start fresh with an altered docker-compose.yml and altered env file?

My best guess is emptying this folders should work: docker/mysql or are there more configs stored somewhere after the initial setup?

you’ll probably want to empty the public and storage folders also (but keep the directory structure)