Login fails after upgrading from 2.2.0 to 2.2.1

[brainsik]

After upgrading from 2.2.0 to 2.2.1 I can no longer login via passkey or user/pass. Downgrading back to 2.2.0 allows me to login again.

I'm using the container image ghcr.io/miniflux/miniflux:2.2.1-distroless.

passkey:

{
  "level": "WARN",
  "msg": "Unauthorized",
  "client_ip": "2a09::XX",
  "request": {
    "method": "POST",
    "uri": "/webauthn/login/finish",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15"
  },
  "response": {
    "status_code": 401
  }
}

user/pass:

{
  "level": "WARN",
  "msg": "Incorrect username or password",
  "authentication_failed": true,
  "client_ip": "2a09::XX",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15",
  "username": "flux",
  "error": "store: invalid password for \"flux\" (crypto/bcrypt: hashedPassword is not the hash of the given password)"
}

[IngmarStein]

I'm experiencing the same with 2.2.1-distroless, but only with passkeys:

level=WARN msg=Unauthorized client_ip=192.168.1.171 request.method=POST request.uri="/webauthn/login/finish?username=admin" request.user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15" response.status_code=401

Login as the same user using a password is successful. Downgrading to 2.2.0-distroless also solves the issue.

[IngmarStein]

95201fc bumped github.com/go-webauthn/webauthn from 0.10.2 to 0.11.2. The release notes for v0.11.0 mention several breaking changes, but none seem to affect Miniflux at first glance.

[jacekpoz]

also present on nixos unstable on a fresh install of 2.2.1, downgrading to 2.2.0 after that doesn't fix it