prowler-cloud
On clean OS install, user can sign up, but not log in.
Issue search
- [x] I have searched the existing issues and this bug has not been reported yet
Which component is affected?
Prowler UI
Cloud Provider (if applicable)
No response
Steps to Reproduce
Clean installation of Ubuntu 24.04 on a VM on my server.
Installed Docker via this process https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
Ran: curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env docker compose up -d
UI comes up, use test user to sign up. Attempt to sign in fails "invalid email or password"
Expected behavior
On a clean setup, signing up with a user and then signing in with a user should work.
Actual Result with Screenshots or Logs
I noticed these logs being generated as I signed up and attempted to login.
docker compose logs -f -t
api-1 | 2025-11-05T20:25:03.718267279Z 2025-11-05 20:25:03 [api] INFO: (middleware) [module=middleware path=/home/prowler/backend/api/middleware.py line=36 function=call process=35 thread=124193387621248 transaction-id=e6130b001c864829aa303d4e791304ca] (N/A) [N/A] "POST /api/v1/users" with parameters {} done in 0.6533780097961426s: 201
api-1 | 2025-11-05T20:25:26.878295688Z 2025-11-05 20:25:26 [api] INFO: (middleware) [module=middleware path=/home/prowler/backend/api/middleware.py line=36 function=call process=36 thread=124193387621248 transaction-id=9c5bfeee3a3f41d19898836a9e6b0bb9] (N/A) [N/A] "POST /api/v1/tokens" with parameters {} done in 0.6071650981903076s: 400 api-1 | 2025-11-05T20:25:26.879379920Z 2025-11-05 20:25:26 [django.request] WARNING: (log) [module=log path=/home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/django/utils/log.py line=253 function=log_response process=36 thread=124193387621248 transaction-id=9c5bfeee3a3f41d19898836a9e6b0bb9] Bad Request: /api/v1/tokens 400 api-1 | 2025-11-05T20:25:26.879457318Z 2025-11-05 20:25:26 [django.request] WARNING: (log) [module=log path=/home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/django/utils/log.py line=253 function=log_response process=36 thread=124193387621248 transaction-id=9c5bfeee3a3f41d19898836a9e6b0bb9] Bad Request: /api/v1/tokens 400 ui-1 | 2025-11-05T20:25:26.884498334Z [auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin ui-1 | 2025-11-05T20:25:26.884934964Z at aU (/app/.next/server/chunks/9085.js:405:43144) ui-1 | 2025-11-05T20:25:26.884970370Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5) ui-1 | 2025-11-05T20:25:26.884983649Z at async az (/app/.next/server/chunks/9085.js:405:52548) ui-1 | 2025-11-05T20:25:26.884994605Z at async aB (/app/.next/server/chunks/9085.js:405:56812) ui-1 | 2025-11-05T20:25:26.885005191Z at async a6 (/app/.next/server/chunks/9085.js:405:62108) ui-1 | 2025-11-05T20:25:26.885015743Z at async f (/app/.next/server/chunks/5625.js:1:1984) ui-1 | 2025-11-05T20:25:26.885026704Z at async /app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:16:418 ui-1 | 2025-11-05T20:25:26.885037615Z at async rE (/app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:15:8146) ui-1 | 2025-11-05T20:25:26.885048424Z at async r7 (/app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:18:1144) ui-1 | 2025-11-05T20:25:26.885059330Z at async doRender (/app/node_modules/next/dist/server/base-server.js:1427:30)
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
Clean installation of Ubuntu 24.04 on a VM on my server via Docker Containers.
OS used
Ubuntu 24.04
Prowler version
--lastest stable
Python version
Not sure - opted for the containerized install.
Pip version
Not sure - opted for the containerized install.
Context
No response
Hi @dsbrodbeck,
This issue seems to be very similar to the one reported in this discussion: https://github.com/prowler-cloud/prowler/discussions/9108.
To fix this:
- Delete your
_datadirectory , so the next step recreates the database with the correct keys. - Follow the updated installation documentation: https://docs.prowler.com/getting-started/installation/prowler-app.
Please let me know if this worked for you.
I had thought that other issue might be mine as well, but unfortunately not. I removed the directory, followed the updated steps as you asked and these are the logs from creating a test user and then trying to log into it.
administrator@prowler:~$ docker compose logs --tail=0 --follow api-1 | 2025-11-06 15:59:49 [api] INFO: (middleware) [module=middleware path=/home/prowler/backend/api/middleware.py line=36 function=call process=35 thread=129788727004032 transaction-id=f683ec66074c4ac49685f91a12ec8f34] (N/A) [N/A] "POST /api/v1/users" with parameters {} done in 0.6923604011535645s: 201 api-1 | 2025-11-06 16:00:00 [api] INFO: (middleware) [module=middleware path=/home/prowler/backend/api/middleware.py line=36 function=call process=34 thread=129788727004032 transaction-id=fa254aed37304b4bb6467931d15597b6] (N/A) [N/A] "POST /api/v1/tokens" with parameters {} done in 0.5817506313323975s: 400 api-1 | 2025-11-06 16:00:00 [django.request] WARNING: (log) [module=log path=/home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/django/utils/log.py line=253 function=log_response process=34 thread=129788727004032 transaction-id=fa254aed37304b4bb6467931d15597b6] Bad Request: /api/v1/tokens 400 api-1 | 2025-11-06 16:00:00 [django.request] WARNING: (log) [module=log path=/home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/django/utils/log.py line=253 function=log_response process=34 thread=129788727004032 transaction-id=fa254aed37304b4bb6467931d15597b6] Bad Request: /api/v1/tokens 400 ui-1 | [auth][error] CredentialsSignin: Read more at https://errors.authjs.dev#credentialssignin ui-1 | at aU (/app/.next/server/chunks/9085.js:405:43144) ui-1 | at process.processTicksAndRejections (node:internal/process/task_queues:95:5) ui-1 | at async az (/app/.next/server/chunks/9085.js:405:52548) ui-1 | at async aB (/app/.next/server/chunks/9085.js:405:56812) ui-1 | at async a6 (/app/.next/server/chunks/9085.js:405:62108) ui-1 | at async f (/app/.next/server/chunks/5625.js:1:1984) ui-1 | at async /app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:16:418 ui-1 | at async rE (/app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:15:8146) ui-1 | at async r7 (/app/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js:18:1144) ui-1 | at async doRender (/app/node_modules/next/dist/server/base-server.js:1427:30)
I know the system is creating the user, as I cannot create another with the same username.
Thanks for your help. I appreciate it.
I started again with a clean slate, fresh OS install, and now I am running into the same issue as https://github.com/prowler-cloud/prowler/discussions/9108 I can go back to that checkpoint if needed. But figured a clean slate would be more clear.
A live tail of the logs while trying to reproduce the issue shows no new logs. Logs from the start of the containers shows as follows.
docker compose logs -t | grep Error api-1 | 2025-11-06T19:04:30.890490292Z 2025-11-06 19:04:30 [api] ERROR: (apps) [module=apps path=/home/prowler/backend/api/apps.py line=96 function=_write_key_file process=75 thread=129113753258880 transaction-id=None] Error writing key file 'jwt_private.pem': [Errno 13] Permission denied: '/home/prowler/.config/prowler-api/jwt_private.pem'. Please set 'DJANGO_TOKEN_SIGNING_KEY' and 'DJANGO_TOKEN_VERIFYING_KEY' manually. api-1 | 2025-11-06T19:04:30.904181123Z PermissionError: [Errno 13] Permission denied: '/home/prowler/.config/prowler-api/jwt_private.pem'
Hi @dsbrodbeck,
We're taking a deeper look. We'll try to come back to you with a solution soon.
Just to make sure, did you try to fix it following https://github.com/prowler-cloud/prowler/discussions/9108 steps?
Documentation is updated with fixed commands: https://docs.prowler.com/getting-started/installation/prowler-app
Hello, I've started testing Prowler/Docker on my Debian 13 machine and I believe I've run into this same issue. I used the base docker instructions for the build, but seemed to run into permission issues with access to the underlying api directory that gets created.
Basedir = /opt/docker/prowler
at the initialization of the container grouping, I noticed that I had a newly created /opt/docker/prowler/_data directory, with a number of subdir's underneath
api postgres valkey
The api dir is owned by root:root, with 755 octal permissions applied. I noticed in the logs that the system was getting hung up on the inability to "write" to the api dir. As this is an isolated test system, I shutdown the container grouping, then adjusted the perms of /opt/docker/prowler/_data/api to 777 to make it world readable/writable (something I probably can't do in a production env). I restarted the container grouping and now the system seems to be working on the creation of the initial account.
One followup - the keys that were created in the api dir were owned by my account in the system, not the root account
Hi @dsbrodbeck,
We're taking a deeper look. We'll try to come back to you with a solution soon.
Thanks, boss asked me to stop working on this and pursue another option. If you are able to reproduce and correct it, I'll give it a go on my own time.
I experienced the same issue with the new instructions provided on the installation page. I signed up correctly and even checked the database and my user is there. However, I can't log in.
Thanks @Mughal1!
We’ll work on getting this fixed. A PR will be linked to this issue once we have a solution, but I can’t guarantee when that will be.
CC: @dsbrodbeck @boasfppjf
I encountered the same issue.
But I got it working with 5.12.3
Just make sure you checkout the right tag and configure those two values in the .env
PROWLER_UI_VERSION="5.12.3"
PROWLER_API_VERSION="5.12.3"
I encountered the same issue.
But I got it working with 5.12.3
Just make sure you checkout the right tag and configure those two values in the
.envPROWLER_UI_VERSION="5.12.3" PROWLER_API_VERSION="5.12.3"
@dsbrodbeck, @Mughal1, please try this suggestion and let me know if this works for you.
Thanks @ViaFlorian.
The latest version issue is with the prowler-api is not accessible, currently I also got it working for
PROWLER_UI_VERSION="5.12.3" PROWLER_API_VERSION="5.12.3"
The issue you might also face is still unable to login or create the user account.
Edit the .env file for location
#openssl genrsa -out private.pem 2048 DJANGO_TOKEN_SIGNING_KEY="" #openssl rsa -in private.pem -pubout -out public.pem DJANGO_TOKEN_VERIFYING_KEY=""
Generate the above lines in the .env file will fix the issue but only working with v5.12.3.
