miniflux
Login fails after upgrading from 2.2.0 to 2.2.1
After upgrading from 2.2.0 to 2.2.1 I can no longer login via passkey or user/pass. Downgrading back to 2.2.0 allows me to login again.
I'm using the container image ghcr.io/miniflux/miniflux:2.2.1-distroless.
passkey:
{
"level": "WARN",
"msg": "Unauthorized",
"client_ip": "2a09::XX",
"request": {
"method": "POST",
"uri": "/webauthn/login/finish",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15"
},
"response": {
"status_code": 401
}
}
user/pass:
{
"level": "WARN",
"msg": "Incorrect username or password",
"authentication_failed": true,
"client_ip": "2a09::XX",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15",
"username": "flux",
"error": "store: invalid password for \"flux\" (crypto/bcrypt: hashedPassword is not the hash of the given password)"
}
I'm experiencing the same with 2.2.1-distroless, but only with passkeys:
level=WARN msg=Unauthorized client_ip=192.168.1.171 request.method=POST request.uri="/webauthn/login/finish?username=admin" request.user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15" response.status_code=401
Login as the same user using a password is successful. Downgrading to 2.2.0-distroless also solves the issue.
https://github.com/miniflux/v2/commit/95201fc5cff83938efe32f0bc17f4f333195cf9c bumped github.com/go-webauthn/webauthn from 0.10.2 to 0.11.2. The release notes for v0.11.0 mention several breaking changes, but none seem to affect Miniflux at first glance.
also present on nixos unstable on a fresh install of 2.2.1, downgrading to 2.2.0 after that doesn't fix it
