Too Frequent Login errors


I have a new installation of with Digital Ocean. I am finding that users who don’t typically have userid or password issues with other systems (some even using password managers, which should ensure proper entry) are reporting that they are getting rejected at login with an error that says that their username does not exist. I’ve confirmed that the username does exist and that they are using the correct email address as an alternative. If they go through the password reset process, everything works.

Server Setup Information

  • Version of Rocket.Chat Server: 5.0.3
  • Operating System: Ubuntu 20.04
  • Deployment Method: Digital Ocean One-Click install
  • Number of Running Instances: 1
  • DB Replicaset Oplog: Enabled
  • NodeJS Version: 14.19.3 - x64
  • MongoDB Version: wiredTiger
  • Proxy: traefik, I think
  • Firewalls involved: none

Any additional Information

The following information is shown in the logs:

{“level”:50,“time”:“2022-09-06T15:31:52.492Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:02.264Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:06.834Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:12.769Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:40:41.389Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:40:56.612Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}

Additional information from the logs that may be relevent:
I20220906-16:09:09.707(0) Exception in onLogin callback TypeError: Cannot use ‘in’ operator to search for ‘resume’ in v9JJ2ZvUYTqFAr724maibvMI29UwH8ZoIerUCmlKvvI at server/hooks/sauMonitorHooks.ts:21:51 at Array.find () at server/hooks/sauMonitorHooks.ts:21:37 at packages/callback-hook/hook.js:141:18 at packages/accounts-base/accounts_server.js:249:7 at Hook.forEach (packages/callback-hook/hook.js:110:15) at Hook.each (packages/callback-hook/hook.js:122:17) at AccountsServer._successfulLogin (packages/accounts-base/accounts_server.js:248:23) at AccountsServer._attemptLogin (packages/accounts-base/accounts_server.js:484:12) at AccountsServer._loginMethod (packages/accounts-base/accounts_server.js:504:17) at MethodInvocation.verifyEmail (packages/accounts-password/password_server.js:717:19) at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1885:12) at packages/ddp-server/livedata_server.js:1803:15 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1257:12) at packages/ddp-server/livedata_server.js:1801:36 at new Promise () at Server.applyAsync (packages/ddp-server/livedata_server.js:1800:12) at Server.apply (packages/ddp-server/livedata_server.js:1739:26) at (packages/ddp-server/livedata_server.js:1721:17) at (app/api/server/v1/misc.ts:572:27) at app/api/server/api.js:466:96 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1257:12)
{“level”:50,“time”:“2022-09-06T16:09:22.458Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method verifyEmail ‘Verify email link expired [403]’”}


When you added the user, did you marked that the email is verified?

Also, have you configured any SMTP in order to Rocket.Chat be able to send emails? Looks like it’s email link is expiring

Also, can you reproduce this behavior on a clean, fresh, docker install on latest version 5.1.0?

The user added themself through the registration process, and created their own password. SMTP is configured and working. I’m not able to recreate it 100% of the time, but I do know that if I edit the user profile, it causes the password to be out of sync, even if I don’t touch the password field.


Maybe changing the user profile is triggering something. I know that when changing the user password, it will revoke all Personal Access Token, so maybe this is somehow linked.

That covers the subset where the user profile has been changed. I’m not sure why it is occurring in other cases though.