starred/Prowlarr

Fork 0

mirror of https://github.com/Prowlarr/Prowlarr.git synced 2026-03-02 22:57:22 -05:00

Unable to update password through settings menu #1061

New issue

Closed

opened 2026-02-20 10:06:52 -05:00 by deekerman · 4 comments

deekerman commented

2026-02-20 10:06:52 -05:00

Owner

Originally created by @rmullin7286 on GitHub (Jul 1, 2024).

Is there an existing issue for this?

I have searched the existing open and closed issues

Current Behavior

I setup prowlarr before authentication was required. Recently, after an update, I was required to set my password. Something went wrong in the process and after doing so, it appears that the password somehow got hashed twice, so prowlarr believes that my password is the result of hashing the password (a long string ending in =).

After temporarily bypassing authentication, I navigated to the settings menu where I re-input my password for authentication. Upon saving, it appears that the password resets back to the invalid setting and I'm unable to update my password.

Expected Behavior

When I update my password in the general settings menu, it should be updated on the server.

Steps To Reproduce

I was able to reproduce this pretty trivially by copying my database and configuration from my server to a local machine I'm using for debugging and poking around in the code.

Environment

- OS:Arch Linux
- Prowlarr: 1.19.0.4568
- Docker Install: 1.19.0.4568-ls75 by linuxserver.io
- Using Reverse Proxy: No
- Browser: Brave

What branch are you running?

Master

Trace Logs?

prowlarr.trace.txt

Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided.

I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain trace - that are relevant and show this issue.

Originally created by @rmullin7286 on GitHub (Jul 1, 2024). ### Is there an existing issue for this? - [X] I have searched the existing open and closed issues ### Current Behavior I setup prowlarr before authentication was required. Recently, after an update, I was required to set my password. Something went wrong in the process and after doing so, it appears that the password somehow got hashed twice, so prowlarr believes that my password is the result of hashing the password (a long string ending in =). After temporarily bypassing authentication, I navigated to the settings menu where I re-input my password for authentication. Upon saving, it appears that the password resets back to the invalid setting and I'm unable to update my password. ### Expected Behavior When I update my password in the general settings menu, it should be updated on the server. ### Steps To Reproduce I was able to reproduce this pretty trivially by copying my database and configuration from my server to a local machine I'm using for debugging and poking around in the code. ### Environment ```markdown - OS:Arch Linux - Prowlarr: 1.19.0.4568 - Docker Install: 1.19.0.4568-ls75 by linuxserver.io - Using Reverse Proxy: No - Browser: Brave ``` ### What branch are you running? Master ### Trace Logs? [prowlarr.trace.txt](https://github.com/user-attachments/files/16049505/prowlarr.trace.txt) ### Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided. - [X] I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain `trace` - that are relevant and show this issue.

deekerman

2026-02-20 10:06:52 -05:00

closed this issue
added the
Type: Bug

Status: Cannot Reproduce
labels

deekerman commented

2026-02-20 10:06:54 -05:00

Author

Owner

@mynameisbogdan commented on GitHub (Jul 1, 2024):

How are you in fact using Prowlarr? Because you're saying docker but actually it's a development build.

Also add some normal steps to reproduce because poking around in the code isn't something eligible.

@mynameisbogdan commented on GitHub (Jul 1, 2024): How are you in fact using Prowlarr? Because you're saying docker but actually it's a development build. Also add some normal steps to reproduce because poking around in the code isn't something eligible.

deekerman commented

2026-02-20 10:06:54 -05:00

Author

Owner

@rmullin7286 commented on GitHub (Jul 1, 2024):

Apologies, I seemed to have gotten my two instances of prowlarr mixed up when creating the ticket. I've revised the version numbers in the description. The actual version I'm using is 1.19.0.4568.

As for reproduction, here are the steps I take for reproducing locally:

Ensure that I have the configuration and .db files from my server instance installed to prowlarr's configuration directory
Navigate to Settings -> General -> Security in the UI
The value that seems to appear in the password field when navigating to Settings -> General -> Security is bpk59dunwhZdZIi+GEkVOOgizkf3v3pjR8dtEfsDHRA=.
Update this value to a new password
Click Save Changes
Password reverts back to the string in step 3. No updates made.

As for getting a repro case for you, I'm not sure short of zipping and uploading my full configuration directory, although I'm unsure what kind of information that could leak (plain text passwords, etc.).

@rmullin7286 commented on GitHub (Jul 1, 2024): Apologies, I seemed to have gotten my two instances of prowlarr mixed up when creating the ticket. I've revised the version numbers in the description. The actual version I'm using is 1.19.0.4568. As for reproduction, here are the steps I take for reproducing locally: 1. Ensure that I have the configuration and .db files from my server instance installed to prowlarr's configuration directory 2. Navigate to Settings -> General -> Security in the UI 3. The value that seems to appear in the password field when navigating to Settings -> General -> Security is `bpk59dunwhZdZIi+GEkVOOgizkf3v3pjR8dtEfsDHRA=`. 4. Update this value to a new password 5. Click Save Changes 6. Password reverts back to the string in step 3. No updates made. As for getting a repro case for you, I'm not sure short of zipping and uploading my full configuration directory, although I'm unsure what kind of information that could leak (plain text passwords, etc.).

deekerman commented

2026-02-20 10:06:54 -05:00

Author

Owner

@mynameisbogdan commented on GitHub (Jul 1, 2024):

It's expected for the filled password to be hashed to allow you updating the host settings since it's a PUT request.

As long you enter a new non-hashed value and make sure it's the same in the password confirmation, there should not be any issues.

When you used a development build did you use a new db or the old one?

I'm going to close since I can't reproduce according to your steps to reproduce. You can use https://wiki.servarr.com/radarr/faq#help-i-have-locked-myself-out to reset your password.

@mynameisbogdan commented on GitHub (Jul 1, 2024): It's expected for the filled password to be hashed to allow you updating the host settings since it's a PUT request. As long you enter a new non-hashed value and make sure it's the same in the password confirmation, there should not be any issues. When you used a development build did you use a new db or the old one? I'm going to close since I can't reproduce according to your steps to reproduce. You can use https://wiki.servarr.com/radarr/faq#help-i-have-locked-myself-out to reset your password.

deekerman commented

2026-02-20 10:06:54 -05:00

Author

Owner

@mynameisbogdan commented on GitHub (Jul 4, 2024):

It's expected for the filled password to be hashed to allow you updating the host settings since it's a PUT

Had my mind on this, and thanks to this the password manager think it's a new password. There's room for improvement for UX and DX, but I still how it doesn't allow you to update your password to be honest.

@mynameisbogdan commented on GitHub (Jul 4, 2024): > It's expected for the filled password to be hashed to allow you updating the host settings since it's a PUT Had my mind on this, and thanks to this the password manager think it's a new password. There's room for improvement for UX and DX, but I still how it doesn't allow you to update your password to be honest.