Ghost: Unable to login after Ghost upgrade 0.6.4 -> 0.7.5
Issue Summary
After performing an upgrade of Ghost via git on the stable branch, I was unable to login via /ghost/signin I get the following error message on the server during an attempt at login.
ERROR: Client Authentication Failed
Client credentials were not provided
For information on how to fix this, please read http://api.ghost.org/docs/client-authentication
ERROR: Access denied.
This is the request headers and information of the failed login
Request URL:http://www.mydomain.com/ghost/api/v0.1/authentication/token
Request Method:POST
Status Code:401 Unauthorized
Cache-Control:no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
Connection:keep-alive
Content-Length:73
Content-Type:application/json; charset=utf-8
Date:Sun, 31 Jan 2016 17:04:05 GMT
ETag:W/"49-6DP22JQ8bA10Qm37R/5VFQ"
Server:nginx
Vary:Accept-Encoding
X-Powered-By:Express
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Content-Length:120
Content-Type:application/x-www-form-urlencoded
Host:www.mydomain.com
Origin:http://www.mydomain.com
Pragma:no-cache
Referer:http://www.mydomain.com/ghost/signin/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
X-Requested-With:XMLHttpRequest
grant_type:password
username:***redacted***
password:***redacted***
client_id:ghost-admin
Steps to Reproduce
- Upgrade Ghost through git
npm install --production; npm start --production- Login to Ghost blog, and receive a Access Denied error.
Technical details:
- Ghost Version: stable (latest commit: 3dd772768b9d91bbb8126b5859396b85d8410f18)
- Client OS: Mac OS X 10.11.2
- Server OS: Ubuntu 12.04
- Node Version: 0.10.40
- Browser: Firefox Version 44.0, Safari Version 9.0.2 (11601.3.9) and Chrome Version 48.0.2564.97 (64-bit)
- Database: SQLite
jieyanhuang
All 8 comments
@jieyanhuang If the request headers you've supplied are complete then the issue is that the client_secret header is not being added to the request. I think this leaves 3 scenarios:
- The
client_secretwas not generated when the database migrations were made. - The
client_secretis not being output in the HTML for some other reason. - The client has the
client_secretdata but is for some reason not adding it to the request headers.
Can you confirm that your ghost-admin row in the clients table has a secret value? It should look something like this:
Can you also check that the <meta> tags with the clientId/Secret are being output in the HTML? Those should appear in web inspector when viewing the login screen and match what you see in the database (ignore the different secrets in these screenshots, they are from separate installs :smile:):
kevinansfield
on 31 Jan 2016
@kevinansfield I think its probably the 3rd scenario that you mentioned.
I have checked both the database and the output in the HTML and they reflect the client_secret correctly. It seems like the POST request includes the grant_type, username, password and client_id but the `client_secret does not seem to be part of the request data.
jieyanhuang
on 1 Feb 2016
@jieyanhuang would you mind forcing a restart of the ghost instance and then refreshing in the browser and trying to log in again? Apparently that has worked in other cases, if it works for you it should provide another data point to help track this bug down!
kevinansfield
on 1 Feb 2016
@kevinansfield, thanks for the assistance on this issue. For anyone that tries to upgrade through git, do remember to run grunt init and grunt prod before you restart your ghost instance. The problem I was facing was due to an old copy of the JS file being served after the upgrade.
jieyanhuang
on 1 Feb 2016
Thank for the tips. Worked for me as well but I had to clear core/client/bower_components before running grunt init because of the following error:
bower ECONFLICT Unable to find suitable version for mocha
Use --force to continue.
Aborted due to warnings.
jankuca
on 13 Feb 2016
I just made the jump from 0.6.x to the latest stable of 0.8 and came across the same issue. I was using the ghost how-to-upgrade guide found here: http://support.ghost.org/how-to-upgrade/. It seems the article is missing the grunt steps which will be why I forgot them, would it be worth updating these on the article?
I'm aware the article is quite old and form September 2015, so there may be a more recent one but I didn't find when googling for the upgrade guide.
BlueHatbRit
on 13 Jul 2016
@BlueHatbRit the grunt tasks are only necessary if you are using git which is not what that upgrade guide covers, the release files (which the upgrade instructs you to download) contain the pre-built files ready for production use
kevinansfield
on 14 Jul 2016
@kevinansfield ah that makes sense, my bad!
BlueHatbRit
on 14 Jul 2016
Related issues
ArthurianX
路
4Comments
jgreenemi
路
4Comments
pateskinasy
路
3Comments
albizures
路
3Comments
hjzheng
路
4Comments
Most helpful comment
@kevinansfield, thanks for the assistance on this issue. For anyone that tries to upgrade through git, do remember to run
grunt initandgrunt prodbefore you restart your ghost instance. The problem I was facing was due to an old copy of the JS file being served after the upgrade.