Self hosting issue logging in on two separate instances, same server


I have installed two separate instances of invoice ninja V, setup the crons, and proceeded to add the clients yesterday everything was working fine. This morning I cannot login to both instances. All I get is a 500:Server Error at the login screen.

Nginx is not throwing any errors in the error logs, but the access logs confirm the 500 error :

“POST /api/v1/login?first_load=true&include_static=true HTTP/1.1” 500 44 “https://redacted/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.56”

The crons seem to be working :

Running scheduled command: ‘/usr/bin/php7.4’ ‘artisan’ queue:work > ‘/dev/null’ 2>&1
Running scheduled command: ‘/usr/bin/php7.4’ ‘artisan’ queue:work > ‘/dev/null’ 2>&1
No scheduled commands are ready to run.
No scheduled commands are ready to run.

storage/logs/laravel.log is showing this :

[2021-05-12 08:33:37] production.ERROR: The payload is invalid. {“userId”:1,“exception”:"[object] (Illuminate\Contracts\Encryption\DecryptException(code: 0): The payload is invalid. at /redacted/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:196) followed by a long stack trace

on both instances.

The installation is running on an Ubuntu 20.04 machine on a VPS, using PHP 7.4 and nginx 1.18.0

I have tried edge, brave, safari and chrome browsers in incognito with the same result. Can anyone please point me in any direction what to try next ?

Thank you

Another further update, I managed to recover one of my instances, I was still logged in on another machine from yesterday, disabled 2FA and am able to login normally now. So seems the issue is related to 2FA.

I am still unable to login to my other instance though. Is there a way to disable 2FA maybe from the database ?


Thanks for reporting this!

@david can you please advise on manually disabling 2FA using SQL?

UPDATE users SET `google_2fa_secret`=NULL, WHERE id=1;

where 1 is the id of the user. to unset every user just

UPDATE users SET `google_2fa_secret`=NULL;

Thank you very much, that worked !! If you guys need me to test anything else just let me know. Am honeslty gobsmacked at the level of support here. THANK YOU @hillel @david