Error 401: "Invalid one time password" after migration from v4

Version 5.1.32

Hi,

I have set up a new InvoiceNinja on v5 and create my login credentials during setup. I then did a migration of my v4 system and now I can’t login anymore.

  1. On v5 I have not (yet) enabled 2FA.
  2. On v4 I have enabled 2FA
  3. The password on v4 and v5 are not the same.
  • When I login with my v5 credentials: 401: Invalid one time password
  • When I login with my v5 credentials and the 6 digit 2FA code from my v4 instance: 500: Server Error*
  • When I login with my v4 credentials including the 6 digit code from the v4 server: 401: These credentials do not match our records

Error 500 in Laravel.log:

[2021-04-02 14:09:55] production.ERROR: The MAC is invalid. {"userId":1,"exception":"[object] (Illuminate\\Contracts\\Encryption\\DecryptException(code: 0): The MAC is invalid. at /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:200)
[stacktrace]
#0 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(137): Illuminate\\Encryption\\Encrypter->getJsonPayload()
#1 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php(374): Illuminate\\Encryption\\Encrypter->decrypt()
#2 /var/www/invoiceninja/app/Http/Controllers/Auth/LoginController.php(178): decrypt()
#3 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\\Http\\Controllers\\Auth\\LoginController->apiLogin()
#4 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#5 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Route.php(254): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#6 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Route.php(197): Illuminate\\Routing\\Route->runController()
#7 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(695): Illuminate\\Routing\\Route->run()
#8 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#9 /var/www/invoiceninja/app/Http/Middleware/SetEmailDb.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#10 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetEmailDb->handle()
#11 /var/www/invoiceninja/app/Http/Middleware/ApiSecretCheck.php(30): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#12 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\ApiSecretCheck->handle()
#13 /var/www/invoiceninja/app/Http/Middleware/Cors.php(34): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#14 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\Cors->handle()
#15 /var/www/invoiceninja/app/Http/Middleware/QueryLogging.php(38): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#16 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\QueryLogging->handle()
#17 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#18 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#19 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(127): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#20 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(63): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequest()
#21 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle()
#22 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#23 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(697): Illuminate\\Pipeline\\Pipeline->then()
#24 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(672): Illuminate\\Routing\\Router->runRouteWithinStack()
#25 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(636): Illuminate\\Routing\\Router->runRoute()
#26 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): Illuminate\\Routing\\Router->dispatchToRoute()
#27 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(166): Illuminate\\Routing\\Router->dispatch()
#28 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#29 /var/www/invoiceninja/vendor/sentry/sentry-laravel/src/Sentry/Laravel/Http/SetRequestIpMiddleware.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Sentry\\Laravel\\Http\\SetRequestIpMiddleware->handle()
#31 /var/www/invoiceninja/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#32 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\\Debugbar\\Middleware\\InjectDebugbar->handle()
#33 /var/www/invoiceninja/app/Http/Middleware/Cors.php(34): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#34 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\Cors->handle()
#35 /var/www/invoiceninja/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle()
#37 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#38 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#39 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#40 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#41 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#42 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#43 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#44 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#45 /var/www/invoiceninja/vendor/sentry/sentry-laravel/src/Sentry/Laravel/Tracing/Middleware.php(46): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#46 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Sentry\\Laravel\\Tracing\\Middleware->handle()
#47 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#48 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(141): Illuminate\\Pipeline\\Pipeline->then()
#49 /var/www/invoiceninja/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#50 /var/www/invoiceninja/public/index.php(57): Illuminate\\Foundation\\Http\\Kernel->handle()
#51 {main}
"}

What do you recommend? Can I fix this somehow? Can I deactivate 2FA somewhere in de DB?

Many thanks,
Gijs

Hi,

Which versions are you using? We very recently released new versions which I believe have related fixes: v4.5.37 and v5.1.34

Hi Hillel,

i just saw 5.1.34 and updated it but still get the same error. V4 is on 4.5.36. I can update to 4.5.37 but the migration was done already. Or does it fix it when I redo the migration?

Thanks,
Gijs

You can re-run the migration, it will purge the company

Ok, I will give it a try.

I have updated v4 to 4.5.37 and started the migration again. On step 2 where I need to add the login details and when I click “next” it says: Invalid one time password

On v5 could I try php artisan migrations:import ?

@david any thoughts?

This is something I corrected in the latest v4 release, we can’t migrate V4 2FA, so i clear that value so the user can log in directly to V5.

@ecomsilio you’ll want to remove the value in the users table under the column google_2fa_secret then you’ll be able to log in.

1 Like

Thanks, that worked.