I was on 2023.12.3 of HA Container on a Linux x86_64 host, took a backup of the config folder, did docker-compose down to stop it and the mosquitto server, then updated the container to the latest stable one (ie 2024.1).
But after that, with a forced-browser refresh, I had an empty Overview page. Logged out, tried logging in again but it wouldn’t accept my password (I use a password manager). Phone attempts to use the app (Android) also showed logs that it was failing to login/fetch any pages, even after I force-closed it. But another (non-admin) user can login just fine.
‘hass’ sits there at 0% cpu
So maybe I can reset the password to make it work again? So I follow the instructions to get a bash shell in the container (no other users I can use to do it) and run ‘hass’, according to this page, which then (first time I’ve done this) says no user and that it will create one in .homeassistant.
How long should this take? cos it just sits there for minutes without doing anything. I’ve tried it with the docker running and stopped. That docker run bash for it still has the config directory mapped.
Are there any better paths to take for a working login?
I tried running hass inside the ha docker (run of bash) on the server, from a tmux on a Pi that’s always running, and left overnight it still was sat there and never finished. What could make that hang? Was it waiting for something? Should the actual HA docker be running or not when I do that?
Finally attacked this again last night (our automations were working fine) and all the command-line options to recover/reset owner password were failing.
The path to recovery (after a few hours in total probably, and learnt a fair bit in the process):
Manually restored one of the HA-created tar backups it had (went a couple versions back til it worked).
Started the homeassistant docker up, waited a while. Turns out one of my browsers actually had a session still valid, logged in as the owner, on that version (I don’t think it had worked on the newer one after it got broke). This was my path to fixing the users.
I could not get the hass auth command to work inside the container via a bash shell (whether another ha container was running or not) - kept saying “No such user” even for other regular users I knew were there ok. Without specifying --config option it just tried to create new config under /root. The documentation being out of date (hass auth doesn’t - anymore at least - have a “reset” command in this version in a container, just change_password).
3. Follow the create-another-admin user path on I’m locked-out help wiki page - use that web session to create another admin user. I could then have that admin set their password, and I had the option of (once I explored this, though it wasn’t this straight a path):
a) making new admin the owner by editing the .storage/auth files json data is_owner (read another thread about it) - set is_owner: false on the old one and true on the new one, then can reset the original owner’s password via the new admin->owner you made, and (optionally, ideally once tested that) switch the owner’s back again so you have your old owner with a new (known) password.
OR:
b) manually setting the password hash on the original owner’s account (in .storage/auth_provider.homeassistant) to the new (known) password’s password-hash from the new admin user. I guess I probably could have created another regular user and taken their hash instead as I doubt the hash function input varies by user-type - it doesn’t include the username anyway, cos this works and was the way I ended up going.
If you use another auth provider than the default built-in one, that’s not going to be the same, you’d need to lookin to that (and if you lost a 2FA key, thats a whole other kettle of fish other than maybe you can turn it off).