Ghost: Unable to log in after upgrading
Hi,
After upgrading to the latest version today I’m no longer able to authenticate with the admin panel, I simply get the below error which makes me think a breaking change was made to the API layer.
Below is the error in question.
[2018-10-18 16:05:39] ERROR "GET /ghost/api/v2/admin/users/me/?include=roles" 401 1ms
NAME: UnauthorizedError
MESSAGE: Access denied.
level: normal
empty
empty
ERROR DETAILS:
empty
UnauthorizedError: Access denied.
at new UnauthorizedError (/var/www/blog/versions/2.2.3/node_modules/ghost-ignition/lib/errors/index.js:101:23)
at ensureUser (/var/www/blog/versions/2.2.3/core/server/services/auth/session/middleware.js:95:10)
at Layer.handle [as handle_request] (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/route.js:137:13)
at getUser (/var/www/blog/versions/2.2.3/core/server/services/auth/session/middleware.js:79:16)
at Layer.handle [as handle_request] (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/route.js:137:13)
at cookieCsrfProtection (/var/www/blog/versions/2.2.3/core/server/services/auth/session/middleware.js:104:16)
at Layer.handle [as handle_request] (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/route.js:137:13)
at session (/var/www/blog/versions/2.2.3/node_modules/express-session/index.js:454:7)
at getSession (/var/www/blog/versions/2.2.3/core/server/services/auth/session/middleware.js:48:12)
at Layer.handle [as handle_request] (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/var/www/blog/versions/2.2.3/node_modules/express/lib/router/layer.js:95:5)
Rolling back to my previous 2.1.3 install fixes the issue.
System Details
- Ubuntu 16.04.5 LTS
- nginx 1.14.0
- Ghost-CLI version: 1.9.6
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 1
- Comments: 16 (9 by maintainers)
This is the problem, maybe your nginx is not configured to forward
Set-Cookieheaders? Can you think of anything else between the node process and your browser that might remove that header?Maybe you could share your nginx config here?
Your sign in page is behaving as expected but we’re not able to test the login because we don’t have the username/password (please don’t share that!)
Can you share the exact reproduction steps you are trying? This is what is expected after upgrading even if you were logged in on 2.1:
/ghost/api/v2/admin/users/me/?include=rolesthis is expectedPOSTrequest will be made to https://cshaw.tech/ghost/api/v2/admin/sessionset-cookie: ghost-admin-api-session=....headerIf you don’t see the
set-cookieheader please let us know what you see in the request’soriginandrefererheaders.