starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-27 08:00:56 +03:00
Code Issues 61 Packages Projects Releases 11 Wiki Activity

🐛 Bug Report: Cannot create admin user - redirect to /login from /setup #423

New Issue
Closed
opened 2026-02-04 19:39:00 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-04 19:39:00 +03:00
Owner
Copy Link

Originally created by @importantblimp on GitHub (Aug 17, 2025).

Reproduction steps

My setup is a little unusual, so it's entirely possible I'm doing something wrong, but I'd appreciate any guidance you might have:

I'm running Pocket-id frontend and backend on a server through the systemd services defined in NixOS.
I've forwarded the frontend port (3005) through SSH to my localhost where I connect to it in the browser.
I'll replace this with a reverse proxy after setting up the admin user.

Unfortunately I can't reach /setup to create the first admin user - I get redirected to /login.
As a result I can't use a passkey or one time login token because I haven't been able to setup any users yet.

Expected behavior

Not redirect from /setup, and allow the user to create an admin user.

Actual Behavior

The images also result in HTTP 303 responses.
From local machine:

Image Image

Version and Environment

Version: 0.53.0

Environment variables:

ANALYTICS_DISABLED=true
APP_NAME=name
DB_CONNECTION_STRING=host=/run/postgresql user=pocketid database=pocketid
DB_PROVIDER=postgres
ENCRYPTION_KEY_FILE=/run/secrets/pocket-id-encryption-key-file
HOST=localhost
KEYS_STORAGE=database
PORT=3005
PUBLIC_APP_URL=http://localhost
TRUST_PROXY=true
UI_CONFIG_DISABLED=true

Although TRUST_PROXY is set, it's not currently behind a reverse proxy.

Log Output

Backend service logs when hitting /login:

2025/08/17 09:57:46 MAXMIND_LICENSE_KEY environment variable is empty. The GeoLite2 City database won't be updated.
2025/08/17 09:57:46 Server listening on localhost:8080
2025/08/17 09:57:46 Starting job scheduler
[GIN] 2025/08/17 - 09:59:40 | 200 |    1.162598ms |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:40 | 200 |     1.27254ms |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:40 | 401 |    1.498019ms |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 401 |    1.567185ms |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 401 |      74.184µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 401 |     181.535µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 200 |     177.109µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:40 | 200 |     310.386µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:40 | 401 |      150.72µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 401 |     236.961µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:40 | 200 |     237.756µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:40 | 200 |     312.496µs |       127.0.0.1 | GET      "/api/application-configuration"

Navigate to /setup:

[GIN] 2025/08/17 - 09:59:53 | 401 |     150.498µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 401 |     246.497µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 200 |     193.775µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:53 | 200 |     264.108µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:53 | 401 |      91.184µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 401 |      203.22µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 200 |      156.72µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:53 | 200 |     245.219µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:53 | 401 |     119.073µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 401 |     248.016µs |       127.0.0.1 | GET      "/api/users/me"
Error #01: You are not signed in
[GIN] 2025/08/17 - 09:59:53 | 200 |     102.425µs |       127.0.0.1 | GET      "/api/application-configuration"
[GIN] 2025/08/17 - 09:59:53 | 200 |     160.516µs |       127.0.0.1 | GET      "/api/application-configuration"
2025/08/17 10:00:00 Job "SyncLdap" run successfully

The same thing happens using curl on the server itself:

$ curl -Lv localhost:3005/setup

* Host localhost:3005 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying 127.0.0.1:3005...
* Connected to localhost (127.0.0.1) port 3005
* using HTTP/1.x
> GET /setup HTTP/1.1
> Host: localhost:3005
> User-Agent: curl/8.14.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 303 See Other
< location: /login
< Date: Sat, 16 Aug 2025 22:26:01 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
< Transfer-Encoding: chunked
* Ignoring the response-body
< 
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:3005/login'
* Re-using existing http: connection with host localhost
> GET /login HTTP/1.1
> Host: localhost:3005
> User-Agent: curl/8.14.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< content-length: 7436
< content-type: text/html
[... more headers and the HTML for the login page]

There's only one row in the database, in the schema_migrations table. The other tables are empty:

pocketid=# select * from schema_migrations;
    version     | dirty 
----------------+-------
 20250421221059 | f
(1 row)
Originally created by @importantblimp on GitHub (Aug 17, 2025). ### Reproduction steps My setup is a little unusual, so it's entirely possible I'm doing something wrong, but I'd appreciate any guidance you might have: I'm running Pocket-id frontend and backend on a server through the systemd services defined in NixOS. I've forwarded the frontend port (3005) through SSH to my localhost where I connect to it in the browser. I'll replace this with a reverse proxy after setting up the admin user. Unfortunately I can't reach `/setup` to create the first admin user - I get redirected to `/login`. As a result I can't use a passkey or one time login token because I haven't been able to setup any users yet. ### Expected behavior Not redirect from `/setup`, and allow the user to create an admin user. ### Actual Behavior The images also result in HTTP 303 responses. From local machine: <img width="1279" height="1394" alt="Image" src="https://github.com/user-attachments/assets/492cc092-bd91-4569-bc86-815fd60531a3" /> <img width="1279" height="682" alt="Image" src="https://github.com/user-attachments/assets/412ef68a-abc5-4248-8bc3-19621cd82273" /> ### Version and Environment Version: 0.53.0 Environment variables: ``` ANALYTICS_DISABLED=true APP_NAME=name DB_CONNECTION_STRING=host=/run/postgresql user=pocketid database=pocketid DB_PROVIDER=postgres ENCRYPTION_KEY_FILE=/run/secrets/pocket-id-encryption-key-file HOST=localhost KEYS_STORAGE=database PORT=3005 PUBLIC_APP_URL=http://localhost TRUST_PROXY=true UI_CONFIG_DISABLED=true ``` Although TRUST_PROXY is set, it's not currently behind a reverse proxy. ### Log Output Backend service logs when hitting `/login`: ``` 2025/08/17 09:57:46 MAXMIND_LICENSE_KEY environment variable is empty. The GeoLite2 City database won't be updated. 2025/08/17 09:57:46 Server listening on localhost:8080 2025/08/17 09:57:46 Starting job scheduler [GIN] 2025/08/17 - 09:59:40 | 200 | 1.162598ms | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:40 | 200 | 1.27254ms | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:40 | 401 | 1.498019ms | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 401 | 1.567185ms | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 401 | 74.184µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 401 | 181.535µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 200 | 177.109µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:40 | 200 | 310.386µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:40 | 401 | 150.72µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 401 | 236.961µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:40 | 200 | 237.756µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:40 | 200 | 312.496µs | 127.0.0.1 | GET "/api/application-configuration" ``` Navigate to `/setup`: ``` [GIN] 2025/08/17 - 09:59:53 | 401 | 150.498µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 401 | 246.497µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 200 | 193.775µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:53 | 200 | 264.108µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:53 | 401 | 91.184µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 401 | 203.22µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 200 | 156.72µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:53 | 200 | 245.219µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:53 | 401 | 119.073µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 401 | 248.016µs | 127.0.0.1 | GET "/api/users/me" Error #01: You are not signed in [GIN] 2025/08/17 - 09:59:53 | 200 | 102.425µs | 127.0.0.1 | GET "/api/application-configuration" [GIN] 2025/08/17 - 09:59:53 | 200 | 160.516µs | 127.0.0.1 | GET "/api/application-configuration" 2025/08/17 10:00:00 Job "SyncLdap" run successfully ``` The same thing happens using `curl` on the server itself: `$ curl -Lv localhost:3005/setup` ``` * Host localhost:3005 was resolved. * IPv6: ::1 * IPv4: 127.0.0.1 * Trying 127.0.0.1:3005... * Connected to localhost (127.0.0.1) port 3005 * using HTTP/1.x > GET /setup HTTP/1.1 > Host: localhost:3005 > User-Agent: curl/8.14.1 > Accept: */* > * Request completely sent off < HTTP/1.1 303 See Other < location: /login < Date: Sat, 16 Aug 2025 22:26:01 GMT < Connection: keep-alive < Keep-Alive: timeout=5 < Transfer-Encoding: chunked * Ignoring the response-body < * Connection #0 to host localhost left intact * Issue another request to this URL: 'http://localhost:3005/login' * Re-using existing http: connection with host localhost > GET /login HTTP/1.1 > Host: localhost:3005 > User-Agent: curl/8.14.1 > Accept: */* > * Request completely sent off < HTTP/1.1 200 OK < content-length: 7436 < content-type: text/html [... more headers and the HTML for the login page] ``` There's only one row in the database, in the `schema_migrations` table. The other tables are empty: ``` pocketid=# select * from schema_migrations; version | dirty ----------------+------- 20250421221059 | f (1 row) ```
OVERLORD commented 2026-02-04 19:39:24 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub (Aug 17, 2025):

Version: 0.53.0

Please update to v1.7.0 as that version is not supported anymore

@ItalyPaleAle commented on GitHub (Aug 17, 2025): Version: 0.53.0 Please update to v1.7.0 as that version is not supported anymore
OVERLORD commented 2026-02-04 19:39:31 +03:00
Author
Owner
Copy Link

@importantblimp commented on GitHub (Aug 17, 2025):

I've been attempting to for the last hour or so (NixOS stable doesn't make this easy).
I did just get it working though - and it's fixed both the redirect and image issue.

I did notice that the environment variables changed between versions, and I wasn't using the right ones for 0.53.0.
That doesn't explain why the database connection worked though.
Anyway, it works now.

Thanks for the response and sorry for the spurious bug report.

@importantblimp commented on GitHub (Aug 17, 2025): I've been attempting to for the last hour or so (NixOS stable doesn't make this easy). I did just get it working though - and it's fixed both the redirect and image issue. I did notice that the environment variables changed between versions, and I wasn't using the right ones for 0.53.0. That doesn't explain why the database connection worked though. Anyway, it works now. Thanks for the response and sorry for the spurious bug report.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
bug
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#423
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?