Updating to 12.4 Prevents devices from Logging in

I just upgraded to the latest version from 12.1 and the computer I use as a display cannot log into HA anymore. I get the following error:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:129
Integration: HTTP (documentation, issues)
First occurred: 8:33:45 PM (4 occurrences)
Last logged: 8:38:15 PM

Login attempt or request with invalid authentication from 192.168.0.125 (192.168.0.125). Requested URL: ‘/auth/login_flow/29ce8982a5aeecaf6c93979dae9e8636’. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0)

I am logging in locally and I am sure that the username and password is correct. Any help would be much appreciated.

Check the ip ban yaml file, the fact the logger is showing the component is http.ban then it’s possible that the IP address is now in the IP ban file.

@mobile.andrew.jones that ip address is the same one my server is on. i am 100% that i am logging in locally. I also don’t have an ip ban yaml file

Maybe try a CTRL + SHIFT + R in the browser when you are on the login page to force the web app to refresh and re-cache all the javascript etc files that it needs to run.

@mobile.andrew.jones thank you for the quick response but that didn’t work. i have it running on kiosk mode, i do not think that it has a cache anyway.

I don’t know if this helps but this happened when i tried to update to 12.2 and when i reloaded my backup of 12.1 everything worked again

You are going to have to provide more information, it’s not clear at all what computer this is. At first I assumed it was a separate device to the server, but your next post said it was the same IP address as the server, and now you are talking about kiosk mode, so I am assuming this is a tablet type device, and it’s not the server.

yeah this is a windows computer that i am using as a display and is separate from the raspberry pi i am using as a server. the error message said that the login came from the same ip address as the one my server is on. what other information can i provide?

Right so the login error you posted - is not just from an IP address on the same network as the server, it is ACTUALLY the IP address that the server has been assigned?

as far as i can tell, yes. I connect to my server via 192.168.0.252:8123.
edit: ohhh. the error message ends in . 125 not . 252!

OK so you are connecting to http://192.168.0.252:8123 from 192.168.0.125 - and you see the login page, asking for your username and password. The username and/or password is not being accepted. That’s where we are right?

yes! that’s correct

Right, so the next question - have you tried logging with that username and password from ANY other computer / tablet / phone on the network?

i was unable to log in via a different browser with that username and password. i reset the password to be sure i was using the correct one. i was able to log in with a different username and password

So you are saying that 12.4 has randomly changed the password for a specific user? (but not all users)

no, i don’t think that is a possibility. i changed the password for the user when i first realized that i couldn’t login and i still can’t log in. if the update changed the password then it should have been fixed when i reset the password after the update

OK have you checked the users tab:

settings > people > users

And verified that the user is set to “allowed to login” ?

yup, i can confirm that user is allowed to log in

Next step I guess is to simply delete the user. Then re-create it?

Yeah I thinking the same thing. this worked for the time being but i am curious if this will reoccur. Thank you for the help!

1 Like

I got hit with this too. Configuration and actual login are completely out of sync. Changes made with --script auth do nothing. User/password changes made in the web page do nothing. My only option for logging in is declaring a trusted network.

If I try to change my password from the web console from a trusted network, I get “Provider not found” logged.