No login Yunohost

alfredo · December 23, 2021, 10:15am

Version: 4.5.45~ynh1
Error log after password reset link replies with “Access denied”

2021/12/22 11:25:18 [error] 29286#29286: *4612 FastCGI sent in stderr: "Access to the script '/var/www/invoiceninja/public/index.php/password/reset/REDACTED' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 172.225.10.74, server: REDACTED.ynh.fr, request: "GET /invoiceninja/index.php/password/reset/REDACTED HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm-invoiceninja.sock:", host: "REDACTED.ynh.fr"

Checked that /etc/php/7.3/fpm/pool.d/invoiceninja.conf , particularly line 385
is commented out with ; like this

     ;security.limit_extensions = .php .php3 .php4 .php7.3 .php7

Any help on how to recover data from database or reinstall login to recover is more than welcome! Thank you!

hillel · December 23, 2021, 11:37am

Hi,

You can set a new password from the command line:

Run php artisan tinker in the root folder of the project
Run bcrypt('new_password');
Update the password field in the users table

alfredo · December 23, 2021, 11:45am

Thanks for fast reply!
How to I update password in the users table?
Is that the ninja Mariadb ? Sorry for my lack of knowledge of db management and invoiceninja usage …

hillel · December 23, 2021, 12:02pm

I believe you can use this SQL command:

update users set password = 'new password' where id = ...

alfredo · December 23, 2021, 12:08pm

I may not have explained this: the user I am trying to reset the password is the admin of invoiceninja not just any account user.
The admin reset email was sent but the link just returns ‘Access Denied’

hillel · December 23, 2021, 12:21pm

The steps I’ve provided will enable you to reset the admin user’s password.

From the error above it looks like ‘index.php’ is in the URL, that usually means mod_rewrite needs to be enabled.

alfredo · December 23, 2021, 12:26pm

Thank you and sorry for my slow understanding algorithm!
The admin user is called invoiceninja in mysql.user table?
Your password change command returned a long string: is that what I enter as password? When I tried it it said too long!
Where do I set mod_rewrite to enable?
Apologies for all the questions, but I am not a invoiceninja user but just the admin of the server!

hillel · December 23, 2021, 12:36pm

Correct, the output of bcrypt is the new password. Sorry, I’m not sure why it would be too long.

I suggest asking your webhost for advice on how to enable mod_rewrite.

alfredo · December 23, 2021, 12:47pm

Thank you @hillel
This is how far I can follow your lead
It has been solved by entering the string to the admin user password table
thank you