[GH-ISSUE #333] 500 Server error after update "The MAC is invalid." #838

New issue

Closed

opened 2026-03-14 10:49:41 +03:00 by kerem · 10 comments

kerem commented 2026-03-14 10:49:41 +03:00

Owner

Copy link

Originally created by @returntoreality on GitHub (Sep 8, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/333

I'm running a self-hosted anonaddy instance and tried updating from 0.11.1 to 0.13.7. I looked through the release notes and followed the instructions there and the general update instrutions in the self hosting guide. I now get a 500 Server Error after logging in (login screen is shown) and I get the following backtrace in the laravel log:

[2022-09-08 13:18:24] production.ERROR: The MAC is invalid. {"userId":"ac0b936a-a7c5-4a16-a442-ed18baed98d6","exception":"[object] (Illuminate\\Contracts\\Encryption\\DecryptException(code: 0): The MAC is invalid. at /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:218)
[stacktrace]
#0 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(151): Illuminate\\Encryption\\Encrypter->getJsonPayload()
#1 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(338): Illuminate\\Encryption\\Encrypter->decrypt()
#2 /var/www/anonaddy/app/Traits/HasEncryptedAttributes.php(14): Illuminate\\Support\\Facades\\Facade::__callStatic()
#3 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(2092): App\\Models\\User->getAttribute()
#4 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Google2FA.php(109): Illuminate\\Database\\Eloquent\\Model->__get()
#5 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Google2FA.php(119): PragmaRX\\Google2FALaravel\\Google2FA->getGoogle2FASecretKey()
#6 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Support/Authenticator.php(123): PragmaRX\\Google2FALaravel\\Google2FA->isActivated()
#7 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Support/Authenticator.php(110): PragmaRX\\Google2FALaravel\\Support\\Authenticator->canPassWithoutCheckingOTP()
#8 /var/www/anonaddy/app/Http/Middleware/VerifyTwoFactorAuth.php(23): PragmaRX\\Google2FALaravel\\Support\\Authenticator->isAuthenticated()
#9 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): App\\Http\\Middleware\\VerifyTwoFactorAuth->handle()
#10 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Auth/Middleware/EnsureEmailIsVerified.php(30): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#11 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Auth\\Middleware\\EnsureEmailIsVerified->handle()
#12 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#13 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#14 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#15 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#16 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php(59): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#17 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Session\\Middleware\\AuthenticateSession->handle()
#18 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(44): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#19 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Auth\\Middleware\\Authenticate->handle()
#20 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#21 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#22 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#23 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#24 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Session\\Middleware\\StartSession->handle()
#25 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#26 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#27 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#28 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#29 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(726): Illuminate\\Pipeline\\Pipeline->then()
#31 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(703): Illuminate\\Routing\\Router->runRouteWithinStack()
#32 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(667): Illuminate\\Routing\\Router->runRoute()
#33 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(656): Illuminate\\Routing\\Router->dispatchToRoute()
#34 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
#35 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(141): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#36 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#37 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#38 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#39 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#40 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#41 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#42 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#44 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#46 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#47 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\HandleCors->handle()
#48 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#49 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#50 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#51 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
#52 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#53 /var/www/anonaddy/public/index.php(52): Illuminate\\Foundation\\Http\\Kernel->handle()

When googling for this error, I found this could be caused by changing the APP_KEY, but I definitely did not do that.

Originally created by @returntoreality on GitHub (Sep 8, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/333 I'm running a self-hosted anonaddy instance and tried updating from 0.11.1 to 0.13.7. I looked through the release notes and followed the instructions there and the general update instrutions in the self hosting guide. I now get a 500 Server Error after logging in (login screen is shown) and I get the following backtrace in the laravel log: ``` [2022-09-08 13:18:24] production.ERROR: The MAC is invalid. {"userId":"ac0b936a-a7c5-4a16-a442-ed18baed98d6","exception":"[object] (Illuminate\\Contracts\\Encryption\\DecryptException(code: 0): The MAC is invalid. at /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:218) [stacktrace] #0 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(151): Illuminate\\Encryption\\Encrypter->getJsonPayload() #1 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(338): Illuminate\\Encryption\\Encrypter->decrypt() #2 /var/www/anonaddy/app/Traits/HasEncryptedAttributes.php(14): Illuminate\\Support\\Facades\\Facade::__callStatic() #3 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(2092): App\\Models\\User->getAttribute() #4 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Google2FA.php(109): Illuminate\\Database\\Eloquent\\Model->__get() #5 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Google2FA.php(119): PragmaRX\\Google2FALaravel\\Google2FA->getGoogle2FASecretKey() #6 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Support/Authenticator.php(123): PragmaRX\\Google2FALaravel\\Google2FA->isActivated() #7 /var/www/anonaddy/vendor/pragmarx/google2fa-laravel/src/Support/Authenticator.php(110): PragmaRX\\Google2FALaravel\\Support\\Authenticator->canPassWithoutCheckingOTP() #8 /var/www/anonaddy/app/Http/Middleware/VerifyTwoFactorAuth.php(23): PragmaRX\\Google2FALaravel\\Support\\Authenticator->isAuthenticated() #9 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): App\\Http\\Middleware\\VerifyTwoFactorAuth->handle() #10 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Auth/Middleware/EnsureEmailIsVerified.php(30): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #11 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Auth\\Middleware\\EnsureEmailIsVerified->handle() #12 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #13 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle() #14 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #15 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle() #16 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php(59): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #17 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Session\\Middleware\\AuthenticateSession->handle() #18 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(44): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #19 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Auth\\Middleware\\Authenticate->handle() #20 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #21 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle() #22 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #23 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest() #24 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Session\\Middleware\\StartSession->handle() #25 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle() #27 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle() #29 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(726): Illuminate\\Pipeline\\Pipeline->then() #31 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(703): Illuminate\\Routing\\Router->runRouteWithinStack() #32 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(667): Illuminate\\Routing\\Router->runRoute() #33 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Routing/Router.php(656): Illuminate\\Routing\\Router->dispatchToRoute() #34 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch() #35 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(141): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #36 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #37 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #38 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle() #39 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #40 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #41 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle() #42 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #43 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #44 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #45 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle() #46 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #47 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\HandleCors->handle() #48 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #49 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\TrustProxies->handle() #50 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #51 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then() #52 /var/www/anonaddy/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #53 /var/www/anonaddy/public/index.php(52): Illuminate\\Foundation\\Http\\Kernel->handle() ``` When googling for this error, I found this could be caused by changing the APP_KEY, but I definitely did not do that.

kerem closed this issue 2026-03-14 10:49:46 +03:00

kerem commented 2026-03-14 10:49:52 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Sep 8, 2022):

That looks like it is the two_factor_secret column on the users table that has the invalid MAC. Do you have TOTP 2FA enabled?

Are you sure you didn't accidentally run php artisan key:generate when upgrading?

<!-- gh-comment-id:1240848726 --> @willbrowningme commented on GitHub (Sep 8, 2022): That looks like it is the `two_factor_secret` column on the users table that has the invalid MAC. Do you have TOTP 2FA enabled? Are you sure you didn't accidentally run `php artisan key:generate` when upgrading?

kerem commented 2026-03-14 10:49:57 +03:00

Author

Owner

Copy link

@returntoreality commented on GitHub (Sep 8, 2022):

That looks like it is the two_factor_secret column on the users table that has the invalid MAC. Do you have TOTP 2FA enabled?

Yes, this account uses TOTP

Are you sure you didn't accidentally run php artisan key:generate when upgrading?

Yes, I am sure I did not run that command.

<!-- gh-comment-id:1240919523 --> @returntoreality commented on GitHub (Sep 8, 2022): > That looks like it is the two_factor_secret column on the users table that has the invalid MAC. Do you have TOTP 2FA enabled? Yes, this account uses TOTP > Are you sure you didn't accidentally run php artisan key:generate when upgrading? Yes, I am sure I did not run that command.

kerem commented 2026-03-14 10:50:02 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Sep 8, 2022):

If you run php artisan tinker and then run Recipient::first()?->email does it give the same error?

No changes have been made to the code that could have resulted in the app key being changed as can be seen when comparing https://github.com/anonaddy/anonaddy/compare/v0.11.1...v0.13.7.

<!-- gh-comment-id:1240979203 --> @willbrowningme commented on GitHub (Sep 8, 2022): If you run `php artisan tinker` and then run `Recipient::first()?->email` does it give the same error? No changes have been made to the code that could have resulted in the app key being changed as can be seen when comparing [https://github.com/anonaddy/anonaddy/compare/v0.11.1...v0.13.7](https://github.com/anonaddy/anonaddy/compare/v0.11.1...v0.13.7).

kerem commented 2026-03-14 10:50:07 +03:00

Author

Owner

Copy link

@returntoreality commented on GitHub (Sep 8, 2022):

Yes, gives the same error. Could this possibly be caused by some update to a dependency?

<!-- gh-comment-id:1241150974 --> @returntoreality commented on GitHub (Sep 8, 2022): Yes, gives the same error. Could this possibly be caused by some update to a dependency?

kerem commented 2026-03-14 10:50:12 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Sep 9, 2022):

I don't see any way that it could have been. Do you have a backup of your old .env and APP_KEY so that you can use the old one again?

<!-- gh-comment-id:1241514372 --> @willbrowningme commented on GitHub (Sep 9, 2022): I don't see any way that it could have been. Do you have a backup of your old `.env` and `APP_KEY` so that you can use the old one again?

kerem commented 2026-03-14 10:50:17 +03:00

Author

Owner

Copy link

@returntoreality commented on GitHub (Sep 10, 2022):

Unfortunately not, I backed up other paths on the server and the database but not the anonaddy installation directory. What do you think is the best approach to get the instance running again (I'd like to keep the aliases)? Is the encryption used on other database fields? Can I reset the user accounts (e.g. setting new credentials)?

<!-- gh-comment-id:1242701007 --> @returntoreality commented on GitHub (Sep 10, 2022): Unfortunately not, I backed up other paths on the server and the database but not the anonaddy installation directory. What do you think is the best approach to get the instance running again (I'd like to keep the aliases)? Is the encryption used on other database fields? Can I reset the user accounts (e.g. setting new credentials)?

kerem commented 2026-03-14 10:50:22 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Sep 12, 2022):

Well the bad news is that if you do not have any backup of the old APP_KEY then all the encrypted values will be lost.

You can see which fields are encrypted in the database by viewing each file in the Models directory and seeing what fields they have in the encrypted array e.g. for the Recipient model:

protected $encrypted = [
    'email',
    'fingerprint'
];

You may have to temporarily comment out this line in the HasEncryptedAttributes.php trait so that you can at least use php artisan tinker without errors.

Then you will have to go through all the encrypted fields and either set them as NULL (if nullable) or re-save them using the new APP_KEY.

I'd recommend backing up the new APP_KEY in a password manager just to make sure this cannot happen again.

<!-- gh-comment-id:1243446778 --> @willbrowningme commented on GitHub (Sep 12, 2022): Well the bad news is that if you do not have any backup of the old `APP_KEY` then all the encrypted values will be lost. You can see which fields are encrypted in the database by viewing each file in the [Models](https://github.com/anonaddy/anonaddy/tree/master/app/Models) directory and seeing what fields they have in the `encrypted` array e.g. for the Recipient model: ```php protected $encrypted = [ 'email', 'fingerprint' ]; ``` You may have to temporarily comment out [this line](https://github.com/anonaddy/anonaddy/blob/master/app/Traits/HasEncryptedAttributes.php#L14) in the `HasEncryptedAttributes.php` trait so that you can at least use `php artisan tinker` without errors. Then you will have to go through all the encrypted fields and either set them as NULL (if nullable) or re-save them using the new `APP_KEY`. I'd recommend backing up the new `APP_KEY` in a password manager just to make sure this cannot happen again.

kerem commented 2026-03-14 10:50:27 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Sep 13, 2022):

Did you manage to get it back up and running with the new APP_KEY?

Closing this issue as I cannot see a way that the APP_KEY could have been changed during the update process.

<!-- gh-comment-id:1245714345 --> @willbrowningme commented on GitHub (Sep 13, 2022): Did you manage to get it back up and running with the new `APP_KEY`? Closing this issue as I cannot see a way that the `APP_KEY` could have been changed during the update process.

kerem commented 2026-03-14 10:50:33 +03:00

Author

Owner

Copy link

@returntoreality commented on GitHub (Sep 13, 2022):

Somewhat, the frontend does not work yet, but no Invalid MAC or other php errors and the forwarding works. Thanks for your help!

<!-- gh-comment-id:1245999085 --> @returntoreality commented on GitHub (Sep 13, 2022): Somewhat, the frontend does not work yet, but no Invalid MAC or other php errors and the forwarding works. Thanks for your help!

kerem commented 2026-03-14 10:50:38 +03:00

Author

Owner

Copy link

@AdrianColaianni commented on GitHub (Mar 13, 2024):

I am having the same issue updating from v0.13.4 to v1.0.9. However, my .env file hasn't changed since Feb 2023 so it is not possible that the APP_KEY changed. I followed the instructions as they were outlined in SELF_HOSTING.md and did not accidentally run php artisan key:generate.

$ stat .env
  File: .env
  Size: 2738            Blocks: 8          IO Block: 4096   regular file
Device: fe01h/65025d    Inode: 2065397     Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1001/johndoe)   Gid: ( 1003/johndoe)
Access: 2024-03-13 13:41:04.138259665 -0400
Modify: 2023-02-10 14:56:22.524674551 -0500
Change: 2023-02-10 14:56:22.524674551 -0500
 Birth: 2022-01-25 17:27:14.454660932 -0500

<!-- gh-comment-id:1995363493 --> @AdrianColaianni commented on GitHub (Mar 13, 2024): I am having the same issue updating from v0.13.4 to v1.0.9. However, my `.env` file hasn't changed since Feb 2023 so it is not possible that the `APP_KEY` changed. I followed the instructions as they were outlined in `SELF_HOSTING.md` and did not accidentally run `php artisan key:generate`. ``` $ stat .env File: .env Size: 2738 Blocks: 8 IO Block: 4096 regular file Device: fe01h/65025d Inode: 2065397 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1001/johndoe) Gid: ( 1003/johndoe) Access: 2024-03-13 13:41:04.138259665 -0400 Modify: 2023-02-10 14:56:22.524674551 -0500 Change: 2023-02-10 14:56:22.524674551 -0500 Birth: 2022-01-25 17:27:14.454660932 -0500 ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#838

No description provided.