I have a new installation of Rocket.chat with Digital Ocean. I am finding that users who don’t typically have userid or password issues with other systems (some even using password managers, which should ensure proper entry) are reporting that they are getting rejected at login with an error that says that their username does not exist. I’ve confirmed that the username does exist and that they are using the correct email address as an alternative. If they go through the password reset process, everything works.
Server Setup Information
Version of Rocket.Chat Server: 5.0.3
Operating System: Ubuntu 20.04
Deployment Method: Digital Ocean One-Click install
Number of Running Instances: 1
DB Replicaset Oplog: Enabled
NodeJS Version: 14.19.3 - x64
MongoDB Version: wiredTiger
Proxy: traefik, I think
Firewalls involved: none
Any additional Information
The following information is shown in the logs:
{“level”:50,“time”:“2022-09-06T15:31:52.492Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:02.264Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:06.834Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:32:12.769Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:40:41.389Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
{“level”:50,“time”:“2022-09-06T15:40:56.612Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method login ‘User not found [403]’”}
Additional information from the logs that may be relevent:
I20220906-16:09:09.707(0) Exception in onLogin callback TypeError: Cannot use ‘in’ operator to search for ‘resume’ in v9JJ2ZvUYTqFAr724maibvMI29UwH8ZoIerUCmlKvvI at server/hooks/sauMonitorHooks.ts:21:51 at Array.find () at server/hooks/sauMonitorHooks.ts:21:37 at packages/callback-hook/hook.js:141:18 at packages/accounts-base/accounts_server.js:249:7 at Hook.forEach (packages/callback-hook/hook.js:110:15) at Hook.each (packages/callback-hook/hook.js:122:17) at AccountsServer._successfulLogin (packages/accounts-base/accounts_server.js:248:23) at AccountsServer._attemptLogin (packages/accounts-base/accounts_server.js:484:12) at AccountsServer._loginMethod (packages/accounts-base/accounts_server.js:504:17) at MethodInvocation.verifyEmail (packages/accounts-password/password_server.js:717:19) at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1885:12) at packages/ddp-server/livedata_server.js:1803:15 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1257:12) at packages/ddp-server/livedata_server.js:1801:36 at new Promise () at Server.applyAsync (packages/ddp-server/livedata_server.js:1800:12) at Server.apply (packages/ddp-server/livedata_server.js:1739:26) at Server.call (packages/ddp-server/livedata_server.js:1721:17) at Object.post (app/api/server/v1/misc.ts:572:27) at app/api/server/api.js:466:96 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1257:12)
{“level”:50,“time”:“2022-09-06T16:09:22.458Z”,“pid”:1031,“hostname”:“rocketchat”,“name”:“System”,“msg”:“Exception while invoking method verifyEmail ‘Verify email link expired [403]’”}
The user added themself through the registration process, and created their own password. SMTP is configured and working. I’m not able to recreate it 100% of the time, but I do know that if I edit the user profile, it causes the password to be out of sync, even if I don’t touch the password field.
Maybe changing the user profile is triggering something. I know that when changing the user password, it will revoke all Personal Access Token, so maybe this is somehow linked.